| Message ID | CA+dMvPy-UQ_YhGcc0gLB-hSG2xqb8vpmryq3U7d6B0ZwKix=ug@mail.gmail.com |
|---|---|
| State | New |
| Headers | show |
| Series | [FFmpeg-devel] RTSP Video Stream - Buffer Overflow! | expand |
| Context | Check | Description |
|---|---|---|
| andriy/default | pending | |
| andriy/configure | warning | Failed to apply patch |
On Mon, 17 Aug 2020 12:21:46 -0700 Yiğit Uyan <yigituyan-at-google.com@ffmpeg.org> wrote: > Can somebody help with extending the rtsp/s link limit to match the web > urls (eg. 2048 characters) AFAICS this would work as a band-aid, but since the RFC doesn't specify a length limit (that I can find), in the long run it might be better changing that field to be dynamically allocated. https://tools.ietf.org/html/rfc2326#page-80 > Thanks in advance, > > > I have created and submitted the following patch to ffmpeg-devel@ffmpeg.org, > though it does not show up in patchwork. I am not sure what the following > steps are.. It got there eventually, sometimes it takes awhile: https://patchwork.ffmpeg.org/project/ffmpeg/list/?series=2045 Zane
Hi Yeet, On Mon, 17. Aug 12:21, Yiğit (Yeet) Uyan wrote: > Hi everyone, > > RTSP/S links longer than 1024 characters are failing due to a buffer > overflow issue happening when parsing RTSP links (eg. ffplay <rtsp link>). > FFmpeg has a buffer definition in libavformat/Rtsp.h, where it defines the > control_uri as 1024 characters. > > RTSP/S links follow a similar pattern to common web URIs, i.e. > <rtsps://my.camera.server:port/...>, and in many cases these links are > generated, routed and modified by common underlying web infrastructure. The > common conception for the web when parsing a URI is to expect up to 2000 > characters. > > https://stackoverflow.com/questions/417142/what-is-the-maximum-length-of-a-url-in-different-browsers > > The link above is for browsers, but it is very similar in many other web > technologies as well. > > Can somebody help with extending the rtsp/s link limit to match the web > urls (eg. 2048 characters) > > Thanks in advance, > > > I have created and submitted the following patch to ffmpeg-devel@ffmpeg.org, > though it does not show up in patchwork. I am not sure what the following > steps are.. Patches sent as an attachment need to have a text/x-diff or text/x-patch MIME type for patchwork. Your original patch was octet/stream, which is why it was skipped. Saying that, not everyone uses patchwork and the ML is primary way to keep track. Some more developer notes are in: https://ffmpeg.org/developer.html -- Andriy
diff --git a/libavformat/rtsp.h b/libavformat/rtsp.h index 54a9a30c16..2b37f5b49f 100644 --- a/libavformat/rtsp.h +++ b/libavformat/rtsp.h @@ -315,7 +315,7 @@ typedef struct RTSPState { /** some MS RTSP streams contain a URL in the SDP that we need to use * for all subsequent RTSP requests, rather than the input URI; in * other cases, this is a copy of AVFormatContext->filename. */ - char control_uri[1024]; + char control_uri[2048]; _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org
Hi everyone, RTSP/S links longer than 1024 characters are failing due to a buffer overflow issue happening when parsing RTSP links (eg. ffplay <rtsp link>). FFmpeg has a buffer definition in libavformat/Rtsp.h, where it defines the control_uri as 1024 characters. RTSP/S links follow a similar pattern to common web URIs, i.e. <rtsps://my.camera.server:port/...>, and in many cases these links are generated, routed and modified by common underlying web infrastructure. The common conception for the web when parsing a URI is to expect up to 2000 characters. https://stackoverflow.com/questions/417142/what-is-the-maximum-length-of-a-url-in-different-browsers The link above is for browsers, but it is very similar in many other web technologies as well. Can somebody help with extending the rtsp/s link limit to match the web urls (eg. 2048 characters) Thanks in advance, I have created and submitted the following patch to ffmpeg-devel@ffmpeg.org, though it does not show up in patchwork. I am not sure what the following steps are.. Signed-off-by: Yiğit (Yeet) Uyan <yigituyan@google.com> --- libavformat/rtsp.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".