For #1229, fix the security risk in HDS. 3.0.69

README.md

@@ -145,6 +145,7 @@ For previous versions, please read:
 
 ## V3 changes
 
+* v3.0, 2019-12-11, For [#1229][bug #1229], fix the security risk in HDS. 3.0.69
 * v3.0, 2019-12-05, Fix [#1506][bug #1501], support directly turn FLV timestamp to TS DTS. 3.0.68
 * <strong>v3.0, 2019-11-30, [3.0 alpha3(3.0.67)][r3.0a3] released. 110864 lines.</strong>
 * v3.0, 2019-12-01, Fix [#1501][bug #1501], use request coworker for origin cluster. 3.0.67
@@ -1510,6 +1511,7 @@ Winlin
 [bug #1051]: https://github.com/ossrs/srs/issues/1051
 [bug #1093]: https://github.com/ossrs/srs/issues/1093
 [bug #1501]: https://github.com/ossrs/srs/issues/1501
+[bug #1229]: https://github.com/ossrs/srs/issues/1229
 [bug #xxxxxxxxxxxxx]: https://github.com/ossrs/srs/issues/xxxxxxxxxxxxx
 
 [exo #828]: https://github.com/google/ExoPlayer/pull/828

trunk/src/app/srs_app_hds.cpp

@@ -200,7 +200,7 @@ class SrsHdsFragment
     inline void set_index(int idx)
     {
         char file_path[1024] = {0};
-        sprintf(file_path, "%s/%s/%sSeg1-Frag%d", _srs_config->get_hds_path(req->vhost).c_str()
+        snprintf(file_path, 1024, "%s/%s/%sSeg1-Frag%d", _srs_config->get_hds_path(req->vhost).c_str()
                 , req->app.c_str(), req->stream.c_str(), idx);
 
         path = file_path;
@@ -428,7 +428,7 @@ srs_error_t SrsHds::flush_mainfest()
     srs_error_t err = srs_success;
 
     char buf[1024] = {0};
-    sprintf(buf, "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n"
+    snprintf(buf, 1024, "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n"
             "<manifest xmlns=\"http://ns.adobe.com/f4m/1.0\">\n\t"
             "<id>%s.f4m</id>\n\t"
             "<streamType>live</streamType>\n\t"

trunk/src/utest/srs_utest_core.cpp

@@ -64,3 +64,9 @@ VOID TEST(CoreMacroseTest, Check)
 #endif
 }
 
+VOID TEST(CoreLogger, CheckVsnprintf)
+{
+    char buf[1024];
+    EXPECT_EQ(6, sprintf(buf, "%s", "Hello!"));
+}
+