diff options
| author | Luca Barbato <lu_zero@gentoo.org> | 2013-08-08 19:44:19 +0200 |
|---|---|---|
| committer | Luca Barbato <lu_zero@gentoo.org> | 2013-10-16 23:05:50 +0200 |
| commit | a9ebc17b2dd5518730213c672dce714a7a50d8ca (patch) | |
| tree | 31b0a17ad0bc3ad4f9a3edc7188e424cd9d6f00a | |
| parent | 067713f15989dd0b8c0888a3b43fd193819a1058 (diff) | |
| download | ffmpeg-a9ebc17b2dd5518730213c672dce714a7a50d8ca.tar.gz | |
rtmp: Do not misuse memcmp
CC: libav-stable@libav.org
(cherry picked from commit 5718e3487ba3b26aba341070be0b6b0b4de45ea3)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavformat/rtmppkt.h
libavformat/rtmpproto.c
| -rw-r--r-- | libavformat/rtmppkt.c | 33 | ||||
| -rw-r--r-- | libavformat/rtmppkt.h | 7 | ||||
| -rw-r--r-- | libavformat/rtmpproto.c | 9 |
3 files changed, 45 insertions, 4 deletions
diff --git a/libavformat/rtmppkt.c b/libavformat/rtmppkt.c index 750dd78e5f..9ca4bf307b 100644 --- a/libavformat/rtmppkt.c +++ b/libavformat/rtmppkt.c @@ -448,3 +448,36 @@ void ff_rtmp_packet_dump(void *ctx, RTMPPacket *p) av_log(ctx, AV_LOG_DEBUG, "\n"); } } + +int ff_amf_match_string(const uint8_t *data, int size, const char *str) +{ + int len = strlen(str); + int amf_len, type; + + if (size < 1) + return 0; + + type = *data++; + + if (type != AMF_DATA_TYPE_LONG_STRING && + type != AMF_DATA_TYPE_STRING) + return 0; + + if (type == AMF_DATA_TYPE_LONG_STRING) { + if ((size -= 4 + 1) < 0) + return 0; + amf_len = bytestream_get_be32(&data); + } else { + if ((size -= 2 + 1) < 0) + return 0; + amf_len = bytestream_get_be16(&data); + } + + if (amf_len > size) + return 0; + + if (amf_len != len) + return 0; + + return !memcmp(data, str, len); +} diff --git a/libavformat/rtmppkt.h b/libavformat/rtmppkt.h index 765ca2d9cf..04eacf8f78 100644 --- a/libavformat/rtmppkt.h +++ b/libavformat/rtmppkt.h @@ -218,6 +218,13 @@ void ff_amf_write_field_name(uint8_t **dst, const char *str); */ void ff_amf_write_object_end(uint8_t **dst); +/** + * Match AMF string with a NULL-terminated string. + * + * @return 0 if the strings do not match. + */ +int ff_amf_match_string(const uint8_t *data, int size, const char *str); + /** @} */ // AMF funcs #endif /* AVFORMAT_RTMPPKT_H */ diff --git a/libavformat/rtmpproto.c b/libavformat/rtmpproto.c index 9e2a7ab73b..8dc8f0aa44 100644 --- a/libavformat/rtmpproto.c +++ b/libavformat/rtmpproto.c @@ -588,14 +588,14 @@ static int rtmp_parse_result(URLContext *s, RTMPContext *rt, RTMPPacket *pkt) break; case RTMP_PT_INVOKE: //TODO: check for the messages sent for wrong state? - if (!memcmp(pkt->data, "\002\000\006_error", 9)) { + if (ff_amf_match_string(pkt->data, pkt->size, "_error")) { uint8_t tmpstr[256]; if (!ff_amf_get_field_value(pkt->data + 9, data_end, "description", tmpstr, sizeof(tmpstr))) av_log(s, AV_LOG_ERROR, "Server error: %s\n",tmpstr); return -1; - } else if (!memcmp(pkt->data, "\002\000\007_result", 10)) { + } else if (ff_amf_match_string(pkt->data, pkt->size, "_result")) { switch (rt->state) { case STATE_HANDSHAKED: if (!rt->is_input) { @@ -636,7 +636,7 @@ static int rtmp_parse_result(URLContext *s, RTMPContext *rt, RTMPPacket *pkt) rt->state = STATE_READY; break; } - } else if (!memcmp(pkt->data, "\002\000\010onStatus", 11)) { + } else if (ff_amf_match_string(pkt->data, pkt->size, "onStatus")) { const uint8_t* ptr = pkt->data + 11; uint8_t tmpstr[256]; @@ -724,7 +724,8 @@ static int get_packet(URLContext *s, int for_header) continue; } if (rpkt.type == RTMP_PT_VIDEO || rpkt.type == RTMP_PT_AUDIO || - (rpkt.type == RTMP_PT_NOTIFY && !memcmp("\002\000\012onMetaData", rpkt.data, 13))) { + (rpkt.type == RTMP_PT_NOTIFY && + ff_amf_match_string(rpkt.data, rpkt.size, "onMetaData"))) { ts = rpkt.timestamp; // generate packet header and put data into buffer for FLV demuxer |