From 22414bb38c445312f28390d779e1ba7576d6167d Mon Sep 17 00:00:00 2001 From: Alessandro Ros Date: Thu, 14 Dec 2023 11:38:47 +0100 Subject: [PATCH] rtmp: return error in case of extended chunk stream IDs (#2806) --- internal/protocols/rtmp/rawmessage/reader.go | 4 ++++ .../rawmessage/testdata/fuzz/FuzzDecoder/2470f01dca6d27ef | 2 -- .../rawmessage/testdata/fuzz/FuzzDecoder/2c0aa0d43cf2378b | 2 -- .../rawmessage/testdata/fuzz/FuzzDecoder/3225fb43d226570f | 2 -- .../rawmessage/testdata/fuzz/FuzzDecoder/582528ddfad69eb5 | 2 -- .../rawmessage/testdata/fuzz/FuzzDecoder/649388b35b8d7d24 | 2 -- .../rawmessage/testdata/fuzz/FuzzDecoder/899c4ec5c6184841 | 2 -- .../rawmessage/testdata/fuzz/FuzzDecoder/a2d2a54b9b1b0098 | 2 -- .../rawmessage/testdata/fuzz/FuzzDecoder/ab461fd3f1e0b76d | 2 -- .../rawmessage/testdata/fuzz/FuzzDecoder/cf0f70a31328c9ba | 2 -- .../rawmessage/testdata/fuzz/FuzzDecoder/f5aad145f6286289 | 2 -- .../fuzz/{FuzzDecoder => FuzzReader}/19981bffc2abbaf1 | 0 12 files changed, 4 insertions(+), 20 deletions(-) delete mode 100644 internal/protocols/rtmp/rawmessage/testdata/fuzz/FuzzDecoder/2470f01dca6d27ef delete mode 100644 internal/protocols/rtmp/rawmessage/testdata/fuzz/FuzzDecoder/2c0aa0d43cf2378b delete mode 100644 internal/protocols/rtmp/rawmessage/testdata/fuzz/FuzzDecoder/3225fb43d226570f delete mode 100644 internal/protocols/rtmp/rawmessage/testdata/fuzz/FuzzDecoder/582528ddfad69eb5 delete mode 100644 internal/protocols/rtmp/rawmessage/testdata/fuzz/FuzzDecoder/649388b35b8d7d24 delete mode 100644 internal/protocols/rtmp/rawmessage/testdata/fuzz/FuzzDecoder/899c4ec5c6184841 delete mode 100644 internal/protocols/rtmp/rawmessage/testdata/fuzz/FuzzDecoder/a2d2a54b9b1b0098 delete mode 100644 internal/protocols/rtmp/rawmessage/testdata/fuzz/FuzzDecoder/ab461fd3f1e0b76d delete mode 100644 internal/protocols/rtmp/rawmessage/testdata/fuzz/FuzzDecoder/cf0f70a31328c9ba delete mode 100644 internal/protocols/rtmp/rawmessage/testdata/fuzz/FuzzDecoder/f5aad145f6286289 rename internal/protocols/rtmp/rawmessage/testdata/fuzz/{FuzzDecoder => FuzzReader}/19981bffc2abbaf1 (100%) diff --git a/internal/protocols/rtmp/rawmessage/reader.go b/internal/protocols/rtmp/rawmessage/reader.go index 63513687a44..4d97e584e36 100644 --- a/internal/protocols/rtmp/rawmessage/reader.go +++ b/internal/protocols/rtmp/rawmessage/reader.go @@ -293,6 +293,10 @@ func (r *Reader) Read() (*Message, error) { typ := byt >> 6 chunkStreamID := byt & 0x3F + if chunkStreamID < 2 { + return nil, fmt.Errorf("extended chunk stream IDs are not supported (yet)") + } + rc, ok := r.chunkStreams[chunkStreamID] if !ok { rc = &readerChunkStream{mr: r} diff --git a/internal/protocols/rtmp/rawmessage/testdata/fuzz/FuzzDecoder/2470f01dca6d27ef b/internal/protocols/rtmp/rawmessage/testdata/fuzz/FuzzDecoder/2470f01dca6d27ef deleted file mode 100644 index 8a0b67e7812..00000000000 --- a/internal/protocols/rtmp/rawmessage/testdata/fuzz/FuzzDecoder/2470f01dca6d27ef +++ /dev/null @@ -1,2 +0,0 @@ -go test fuzz v1 -[]byte("\xe6") diff --git a/internal/protocols/rtmp/rawmessage/testdata/fuzz/FuzzDecoder/2c0aa0d43cf2378b b/internal/protocols/rtmp/rawmessage/testdata/fuzz/FuzzDecoder/2c0aa0d43cf2378b deleted file mode 100644 index fffa343cf17..00000000000 --- a/internal/protocols/rtmp/rawmessage/testdata/fuzz/FuzzDecoder/2c0aa0d43cf2378b +++ /dev/null @@ -1,2 +0,0 @@ -go test fuzz v1 -[]byte("0000\xf4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000") diff --git a/internal/protocols/rtmp/rawmessage/testdata/fuzz/FuzzDecoder/3225fb43d226570f b/internal/protocols/rtmp/rawmessage/testdata/fuzz/FuzzDecoder/3225fb43d226570f deleted file mode 100644 index 6bd85a31fa2..00000000000 --- a/internal/protocols/rtmp/rawmessage/testdata/fuzz/FuzzDecoder/3225fb43d226570f +++ /dev/null @@ -1,2 +0,0 @@ -go test fuzz v1 -[]byte("0000\x00\x00000000000000000000000000000000000000000000000000000000\xb0") diff --git a/internal/protocols/rtmp/rawmessage/testdata/fuzz/FuzzDecoder/582528ddfad69eb5 b/internal/protocols/rtmp/rawmessage/testdata/fuzz/FuzzDecoder/582528ddfad69eb5 deleted file mode 100644 index a96f5599e6b..00000000000 --- a/internal/protocols/rtmp/rawmessage/testdata/fuzz/FuzzDecoder/582528ddfad69eb5 +++ /dev/null @@ -1,2 +0,0 @@ -go test fuzz v1 -[]byte("0") diff --git a/internal/protocols/rtmp/rawmessage/testdata/fuzz/FuzzDecoder/649388b35b8d7d24 b/internal/protocols/rtmp/rawmessage/testdata/fuzz/FuzzDecoder/649388b35b8d7d24 deleted file mode 100644 index 8e2e990bea9..00000000000 --- a/internal/protocols/rtmp/rawmessage/testdata/fuzz/FuzzDecoder/649388b35b8d7d24 +++ /dev/null @@ -1,2 +0,0 @@ -go test fuzz v1 -[]byte("\x00000\x00\x00\x04000000000\x800000000\xc0") diff --git a/internal/protocols/rtmp/rawmessage/testdata/fuzz/FuzzDecoder/899c4ec5c6184841 b/internal/protocols/rtmp/rawmessage/testdata/fuzz/FuzzDecoder/899c4ec5c6184841 deleted file mode 100644 index 1edf25d0e62..00000000000 --- a/internal/protocols/rtmp/rawmessage/testdata/fuzz/FuzzDecoder/899c4ec5c6184841 +++ /dev/null @@ -1,2 +0,0 @@ -go test fuzz v1 -[]byte("00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\xf0") diff --git a/internal/protocols/rtmp/rawmessage/testdata/fuzz/FuzzDecoder/a2d2a54b9b1b0098 b/internal/protocols/rtmp/rawmessage/testdata/fuzz/FuzzDecoder/a2d2a54b9b1b0098 deleted file mode 100644 index 250cd245730..00000000000 --- a/internal/protocols/rtmp/rawmessage/testdata/fuzz/FuzzDecoder/a2d2a54b9b1b0098 +++ /dev/null @@ -1,2 +0,0 @@ -go test fuzz v1 -[]byte("000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000") diff --git a/internal/protocols/rtmp/rawmessage/testdata/fuzz/FuzzDecoder/ab461fd3f1e0b76d b/internal/protocols/rtmp/rawmessage/testdata/fuzz/FuzzDecoder/ab461fd3f1e0b76d deleted file mode 100644 index 78cd7065080..00000000000 --- a/internal/protocols/rtmp/rawmessage/testdata/fuzz/FuzzDecoder/ab461fd3f1e0b76d +++ /dev/null @@ -1,2 +0,0 @@ -go test fuzz v1 -[]byte("00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000p") diff --git a/internal/protocols/rtmp/rawmessage/testdata/fuzz/FuzzDecoder/cf0f70a31328c9ba b/internal/protocols/rtmp/rawmessage/testdata/fuzz/FuzzDecoder/cf0f70a31328c9ba deleted file mode 100644 index 25808deee89..00000000000 --- a/internal/protocols/rtmp/rawmessage/testdata/fuzz/FuzzDecoder/cf0f70a31328c9ba +++ /dev/null @@ -1,2 +0,0 @@ -go test fuzz v1 -[]byte("00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\xb0") diff --git a/internal/protocols/rtmp/rawmessage/testdata/fuzz/FuzzDecoder/f5aad145f6286289 b/internal/protocols/rtmp/rawmessage/testdata/fuzz/FuzzDecoder/f5aad145f6286289 deleted file mode 100644 index feb39524911..00000000000 --- a/internal/protocols/rtmp/rawmessage/testdata/fuzz/FuzzDecoder/f5aad145f6286289 +++ /dev/null @@ -1,2 +0,0 @@ -go test fuzz v1 -[]byte("\x80") diff --git a/internal/protocols/rtmp/rawmessage/testdata/fuzz/FuzzDecoder/19981bffc2abbaf1 b/internal/protocols/rtmp/rawmessage/testdata/fuzz/FuzzReader/19981bffc2abbaf1 similarity index 100% rename from internal/protocols/rtmp/rawmessage/testdata/fuzz/FuzzDecoder/19981bffc2abbaf1 rename to internal/protocols/rtmp/rawmessage/testdata/fuzz/FuzzReader/19981bffc2abbaf1