Skip to content
RTSP server based on GStreamer
C Other
  1. C 96.9%
  2. Other 3.1%
Branch: master
Clone or download

Latest commit

sdroege rtsp-auth: Fix NULL pointer dereference when handling an invalid basi…
…c Authorization header

When using the basic authentication scheme, we wouldn't validate that
the authorization field of the credentials is not NULL and pass it on
to g_hash_table_lookup(). g_str_hash() however is not NULL-safe and will
dereference the NULL pointer and crash.
A specially crafted (read: invalid) RTSP header can cause this to
happen.

As a solution, check for the authorization to be not NULL before
continuing processing it and if it is simply fail authentication.

This fixes CVE-2020-6095 and TALOS-2020-1018.

Discovered by Peter Wang of Cisco ASIG.
Latest commit 44ccca3 Mar 23, 2020

Files

Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
docs Remove autotools build Oct 13, 2019
examples Add initialization for context and params (gchar *) Feb 7, 2020
gst rtsp-auth: Fix NULL pointer dereference when handling an invalid basi… Mar 23, 2020
pkgconfig Remove autotools build Oct 13, 2019
tests rtsp-client: add property post-session-timeout Jan 15, 2020
.gitignore Remove autotools build Oct 13, 2019
.gitlab-ci.yml Add Gitlab CI configuration Nov 12, 2018
AUTHORS Initial import Oct 9, 2008
COPYING Fix FSF address Nov 4, 2012
COPYING.LIB Fix FSF address Nov 4, 2012
ChangeLog Release 1.16.0 Apr 18, 2019
NEWS Release 1.16.0 Apr 18, 2019
README Fix typo in README Mar 15, 2015
RELEASE Back to development Apr 19, 2019
REQUIREMENTS Initial import Oct 9, 2008
TODO rtsp: cleanups Nov 15, 2012
gst-rtsp-server.doap Release 1.16.0 Apr 18, 2019
meson.build meson: build gir even when cross-compiling if introspection was enabl… Oct 18, 2019
meson_options.txt docs: Port to hotdoc May 13, 2019

README

gst-rtsp-server is a library on top of GStreamer for building an RTSP server

There are some examples in the examples/ directory and more comprehensive
documentation in docs/README.
You can’t perform that action at this time.