New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Report] server UAF when client send poc message #235
Comments
|
try with ffmpeg?
|
|
make sure you have same DEBUG or RELEASE version program/library. |
|
I know the program works well, I have tested it to play with vlc. I mean, if the problem indeed exist, anyone using the library to develop rtmp server will get a DoS if client send malicious packets. RELEASE version is only to avoid early exit because of assert. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment

Firstly, make the librtmp RELEASE to avoid it exit early because of assert.
And then, run the rtmp server using test with command
test -c rtmp_server_forward_aio_test 127.0.0.1 1935After server run, push flow to server with something like
ffmpeg -re -i source.flv -c copy -f flv -y rtmp://localhost/live/livestreamFinally, send poc message to server with command
python3 sender.py 127.0.0.1 1935 poc. The attachment is script and poc file.After send the poc message, the server execute an UAF and finally crash.
The text was updated successfully, but these errors were encountered: