Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix stack overflow vulnerability #16802

Merged
merged 1 commit into from Oct 12, 2022
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
fix stack overflow vulnerability
  • Loading branch information
swing authored and swing committed Oct 12, 2022
commit 066878da4d4762a9b6cb169fdf353e804d735cfd
10 changes: 9 additions & 1 deletion lib/libesp32/rtsp/CRtspSession.cpp
@@ -1,6 +1,7 @@
#include "CRtspSession.h"
#include <stdio.h>
#include <time.h>
#include <string.h>

CRtspSession::CRtspSession(SOCKET aRtspClient, CStreamer * aStreamer) : m_RtspClient(aRtspClient),m_Streamer(aStreamer)
{
Expand Down Expand Up @@ -47,6 +48,8 @@ bool CRtspSession::ParseRtspRequest(char const * aRequest, unsigned aRequestSize
char * TmpPtr;
char CP[128]; //static char CP[1024];
char * pCP;
int Length;


ClientPortPtr = strstr(CurRequest,"client_port");
if (ClientPortPtr != nullptr)
Expand All @@ -55,7 +58,12 @@ bool CRtspSession::ParseRtspRequest(char const * aRequest, unsigned aRequestSize
if (TmpPtr != nullptr)
{
TmpPtr[0] = 0x00;
strcpy(CP,ClientPortPtr);
Length = strlen(ClientPortPtr);
if (Length > 128)
{
Length = 128;
}
strncpy(CP,ClientPortPtr, Length);
pCP = strstr(CP,"=");
if (pCP != nullptr)
{
Expand Down