moonlight-stream/moonlight-common-c
1
0
Fork 0
mirror of https://github.com/moonlight-stream/moonlight-common-c.git synced 2026-04-23 00:19:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix buffer overflow in parseUrlAddrFromRtspUrlString (CVE-2023-42799)

Browse Source
This commit is contained in:
Keane O'Kelley
2023-10-06 20:51:21 -04:00
committed by Cameron Gutman
parent 116267a245
commit 02b7742f4d
1 changed files with 6 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/RtspConnection.c
View File

@@ -657,7 +657,7 @@ static int parseOpusConfigurations(PRTSP_MESSAGE response) {
return 0; return 0;
} }
static bool parseUrlAddrFromRtspUrlString(const char* rtspUrlString, char* destination) { static bool parseUrlAddrFromRtspUrlString(const char* rtspUrlString, char* destination, size_t destinationLength) {
char* rtspUrlScratchBuffer; char* rtspUrlScratchBuffer;
char* portSeparator; char* portSeparator;
char* v6EscapeEndChar; char* v6EscapeEndChar;
@@ -701,7 +701,8 @@ static bool parseUrlAddrFromRtspUrlString(const char* rtspUrlString, char* desti
*urlPathSeparator = 0; *urlPathSeparator = 0;
} }
strcpy(destination, rtspUrlScratchBuffer + prefixLen); PltSafeStrcpy(destination, destinationLength, rtspUrlScratchBuffer + prefixLen);
destination[destinationLength - 1] = '\0';
free(rtspUrlScratchBuffer); free(rtspUrlScratchBuffer);
return true; return true;
@@ -774,7 +775,7 @@ int performRtspHandshake(PSERVER_INFORMATION serverInfo) {
(AudioCallbacks.capabilities & CAPABILITY_SLOW_OPUS_DECODER) == 0 && (AudioCallbacks.capabilities & CAPABILITY_SLOW_OPUS_DECODER) == 0 &&
(StreamConfig.streamingRemotely != STREAM_CFG_REMOTE || CHANNEL_COUNT_FROM_AUDIO_CONFIGURATION(StreamConfig.audioConfiguration) <= 2)) { (StreamConfig.streamingRemotely != STREAM_CFG_REMOTE || CHANNEL_COUNT_FROM_AUDIO_CONFIGURATION(StreamConfig.audioConfiguration) <= 2)) {
// If we have an RTSP URL string and it was successfully parsed, use that string // If we have an RTSP URL string and it was successfully parsed, use that string
if (serverInfo->rtspSessionUrl != NULL && parseUrlAddrFromRtspUrlString(serverInfo->rtspSessionUrl, urlAddr)) { if (serverInfo->rtspSessionUrl != NULL && parseUrlAddrFromRtspUrlString(serverInfo->rtspSessionUrl, urlAddr, sizeof(urlAddr))) {
strcpy(rtspTargetUrl, serverInfo->rtspSessionUrl); strcpy(rtspTargetUrl, serverInfo->rtspSessionUrl);
} }
else { else {
@@ -784,12 +785,12 @@ int performRtspHandshake(PSERVER_INFORMATION serverInfo) {
// audio since it only does that for local streaming normally. We can avoid this limitation, // audio since it only does that for local streaming normally. We can avoid this limitation,
// but only if the caller gave us the RTSP session URL that it received from the host during launch. // but only if the caller gave us the RTSP session URL that it received from the host during launch.
addrToUrlSafeString(&RemoteAddr, urlAddr, sizeof(urlAddr)); addrToUrlSafeString(&RemoteAddr, urlAddr, sizeof(urlAddr));
sprintf(rtspTargetUrl, "rtsp%s://%s:%u", useEnet ? "ru" : "", urlAddr, RtspPortNumber); snprintf(rtspTargetUrl, sizeof(rtspTargetUrl), "rtsp%s://%s:%u", useEnet ? "ru" : "", urlAddr, RtspPortNumber);
} }
} }
else { else {
PltSafeStrcpy(urlAddr, sizeof(urlAddr), "0.0.0.0"); PltSafeStrcpy(urlAddr, sizeof(urlAddr), "0.0.0.0");
sprintf(rtspTargetUrl, "rtsp%s://%s:%u", useEnet ? "ru" : "", urlAddr, RtspPortNumber); snprintf(rtspTargetUrl, sizeof(rtspTargetUrl), "rtsp%s://%s:%u", useEnet ? "ru" : "", urlAddr, RtspPortNumber);
} }
switch (AppVersionQuad[0]) { switch (AppVersionQuad[0]) {