From patchwork Thu Mar  8 03:53:57 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: wm4 <nfxjfg@googlemail.com>
X-Patchwork-Id: 7858
Delivered-To: ffmpegpatchwork@gmail.com
Received: by 10.2.181.170 with SMTP id m39csp335230jaj;
	Wed, 7 Mar 2018 19:54:11 -0800 (PST)
X-Google-Smtp-Source: 
 AG47ELuaDooxR1AyjrBVNdlUFEMZcrOe/TTcT/aSsGHAfpL/qx/Nn/KWa73u+ebPC2hxjEGljahA
X-Received: by 10.28.87.211 with SMTP id l202mr14848349wmb.32.1520481251072;
	Wed, 07 Mar 2018 19:54:11 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1520481251; cv=none;
	d=google.com; s=arc-20160816;
	b=IAiRpmlCAeD+VLTO+/Ff1VRMHKgmkK7BD4sB+mGcPOsCWQmhTSC+3uOXnPAMMF2r7P
	N9AJguqjysGHvzGBZUTb6rI5gmbOz7NDns+NBXHNl7hewgZEJXLHOAmwehyIq7qR5Viv
	FYQGeXLMyaMhnUeATulHVU1ZUA/E/YOpF1T1yd4KljMnz95SqNkVgrl5rLi4bKPPl/SO
	6LV28WFAX+vXJ6vJmp/Zp9Ppb1yjUHspp79lWJC55NNOpN6++fWyOJ7CuILZGMistFRO
	fTL8ONMPOl7cCXWmOKoFfKxoZYteGn2LONVn75MnyygdDk92K6q834scJ5vb5aMzim79
	Um3w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
	s=arc-20160816;
	h=sender:errors-to:content-transfer-encoding:mime-version:cc:reply-to
	:list-subscribe:list-help:list-post:list-archive:list-unsubscribe
	:list-id:precedence:subject:references:in-reply-to:message-id:date
	:to:from:dkim-signature:delivered-to:arc-authentication-results;
	bh=rF9szvxEpx3j1F9gdTvswN/PHL+nTbZncKa7TnLsFjo=;
	b=dcyzjAeeAOMEcOlgjGi/fp3BjI/ktexYTN74MXsJ/Z2tlXLDvuagpuqJNxRHHwG2DR
	iX2Hj0NdI08U2TtSwSte0qFIsfnfoQHATPAJpnkG7ecwTfq/6Mb3feZptcZwyLUG9Kx1
	sdnacDCo88WgNi2b3MWI2t1QIQrZ71ApX0HI/+pxvN6aE2sV0keA8PuF8MhFWWSTSg8j
	sRwWNXEfLyZQ51Y5SwIOj085DOM7P1KuCmUWw8eAQG89jqlBw74bsFD/C6foozA0CH8T
	pf36lyp0O/t4FGYZ2TzzSE9x7TFKk3V0SMB1EKDtDBugqfeT9kths66SLGspuAPHfUPC
	8Fpw==
ARC-Authentication-Results: i=1; mx.google.com;
	dkim=neutral (body hash did not verify) header.i=@googlemail.com
	header.s=20161025 header.b=dGQVFcIL;
	spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
	designates 79.124.17.100 as permitted sender)
	smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org;
	dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE)
	header.from=googlemail.com
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
	by mx.google.com with ESMTP id d8si5544210wrg.107.2018.03.07.19.54.10;
	Wed, 07 Mar 2018 19:54:11 -0800 (PST)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
	designates 79.124.17.100 as permitted sender)
	client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
	dkim=neutral (body hash did not verify) header.i=@googlemail.com
	header.s=20161025 header.b=dGQVFcIL;
	spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
	designates 79.124.17.100 as permitted sender)
	smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org;
	dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE)
	header.from=googlemail.com
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id C227E68A591;
	Thu,  8 Mar 2018 05:53:46 +0200 (EET)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from mail-wr0-f194.google.com (mail-wr0-f194.google.com
	[209.85.128.194])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 3205E68A31A
	for <ffmpeg-devel@ffmpeg.org>; Thu,  8 Mar 2018 05:53:39 +0200 (EET)
Received: by mail-wr0-f194.google.com with SMTP id n7so4260518wrn.5
	for <ffmpeg-devel@ffmpeg.org>; Wed, 07 Mar 2018 19:53:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=googlemail.com; s=20161025;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=2L1IA9N6Ijy65GD8zKcjhA8Sy8TBfT6JT6QEi9xMhwU=;
	b=dGQVFcILELur23vXm6zXTIj8gGLpmmpj9QAM4/f4Apa1XafeegJ2ltRgYgsTZIq6PN
	58VTZNUo6ATHtvnZlERGpwbfZHOjJlxVZUsuiTADSqMuh+dEN6CHpr/XeCNE0aV6Z1ST
	SM6kdg9KtMN1AykkZRT4RbTU8ACtQfs+mt2kdVjhSRUq0s2dcPiQBNlpPDHShJBAcxSN
	LAcENhfbetezsOamKmn1sF28KRUtp8oKlCX0vEo68WMp0xOV4whm7II1RkJlifyckzqU
	JInhTNPE5VTZR8A+wU7TXTUS0wd9EjVLzNi1r4ItZTgW2XgtHmmjP2t4AtYfiI9MUgWY
	XITw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=2L1IA9N6Ijy65GD8zKcjhA8Sy8TBfT6JT6QEi9xMhwU=;
	b=oNyNFN9tnCZEyoN/IBf1qaXjh/7wyXWGU7VNDMURl3dhvyQrRC/yQFxeVcMTf45PIk
	pINjIoz2gtJjzzVTbh7fVSSepI76Qt+bPP/whk1JywG6X32+Mfhq7JHRPNlf/7+3n5yt
	bM2zx+hY5NBFi9xwp6f0ovd6dehC9tmLdM9Sh7Prlus5ZW29P6hjjH8qCq4hTj0JSfr/
	ZPc1WtxcNM27wgm/0hWmNWbWJDgjtqJWIg+zgS5i64goLLk74glZzKuWJ375QDtosV8o
	dIHXSUpKuYk5+aHZpaHyi/GreJRCsR7B5tPGTk8+S/wSQeQmwpjwutmG7FMxIOL7BGro
	0KFA==
X-Gm-Message-State: APf1xPDNOXj5vo1sQkJI50LhBH96ZzhQOUi6mBFfqYAjHD1YZTmDxWRT
	sNrDqQGN7tdlqZiXwpxk1Ar00Q==
X-Received: by 10.223.179.211 with SMTP id
	x19mr20962852wrd.175.1520481227243;
	Wed, 07 Mar 2018 19:53:47 -0800 (PST)
Received: from debian.speedport.ip
	(p2003006CCD4EDC3291DC22650E2BAE5B.dip0.t-ipconnect.de.
	[2003:6c:cd4e:dc32:91dc:2265:e2b:ae5b])
	by smtp.googlemail.com with ESMTPSA id
	r126sm20027968wmd.29.2018.03.07.19.53.46
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Wed, 07 Mar 2018 19:53:46 -0800 (PST)
From: wm4 <nfxjfg@googlemail.com>
To: ffmpeg-devel@ffmpeg.org
Date: Thu,  8 Mar 2018 04:53:57 +0100
Message-Id: <20180308035357.18138-3-nfxjfg@googlemail.com>
X-Mailer: git-send-email 2.16.1
In-Reply-To: <20180308035357.18138-1-nfxjfg@googlemail.com>
References: <20180308035357.18138-1-nfxjfg@googlemail.com>
Subject: [FFmpeg-devel] [PATCH 3/3] http: fix potentially dangerous
	whitespace skipping code
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <http://ffmpeg.org/mailman/options/ffmpeg-devel>,
	<mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <http://ffmpeg.org/pipermail/ffmpeg-devel/>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <http://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
	<mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches
	<ffmpeg-devel@ffmpeg.org>
Cc: wm4 <nfxjfg@googlemail.com>
MIME-Version: 1.0
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>

If the string consists entirely of whitespace, this could in theory
continue to write '\0' before the start of the memory allocation. In
practice, it didn't really happen: the generic HTTP header parsing code
already skips leading whitespaces, so the string is either empty, or
consists a non-whitespace. (The generic code and the cookie code
actually have different ideas about what bytes are whitespace: the
former uses av_isspace(), the latter uses WHITESPACES. Fortunately,
av_isspace() is a super set of the http.c specific WHITESPACES, so
there's probably no case where the above assumption could have been
broken.)
---
 libavformat/http.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavformat/http.c b/libavformat/http.c
index 59f90ac603..983034f083 100644
--- a/libavformat/http.c
+++ b/libavformat/http.c
@@ -760,6 +760,8 @@ static int parse_set_cookie(const char *set_cookie, AVDictionary **dict)
     back = &cstr[strlen(cstr)-1];
     while (strchr(WHITESPACES, *back)) {
         *back='\0';
+        if (back == cstr)
+            break;
         back--;
     }