From patchwork Tue Apr 17 23:37:13 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: rshaffer@tunein.com X-Patchwork-Id: 8482 Delivered-To: ffmpegpatchwork@gmail.com Received: by 10.2.1.85 with SMTP id c82csp2501400jad; Tue, 17 Apr 2018 16:44:46 -0700 (PDT) X-Google-Smtp-Source: AIpwx4/30QbFY3OJvCIqqFz1MGaXaTnSCJy65FJ87g6KZHuj5t377ELhefGG1YcBSPjfQnE2RGvL X-Received: by 10.28.7.133 with SMTP id 127mr118010wmh.74.1524008686365; Tue, 17 Apr 2018 16:44:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1524008686; cv=none; d=google.com; s=arc-20160816; b=JFUt9vdtR+9oEfEgPGqh2+CaKOSCTKu+xfWY1bJPxAoanjQxAq3IOkSZGGmY1f0eW+ SXRGwk6YKHkr1eRJmZNSLEXgWrEMCkTqCxdi+sTJSh/CbmMlTpbO/q8hmXptg13+2ycr N6jLRPm8UZ8X6iwpqRVszC969RqArCQasrFgHZ3JFCkRk8Dbf6rvs9G45SKrp+TAo6DS aw07dX9BI4omqBNV3EmOcLMK1wN2WcJc4Z9vZTn7iqpgAhkID13Ks0NquKhOvL/yQYs6 1srrXZKxkUu1S8oCYypoZOQqkFHrel52gClG4ijugKauyNNrp2H3Z3PbXmWXWzG9HabU 373A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version:cc:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:message-id:date:to:from:dkim-signature :delivered-to:arc-authentication-results; bh=0L53OJ24PUcx5WUuYpMWiulaE/YD3XbDiX+7dVPvznc=; b=UpkWUlxZmsT01M/rL2yHDRpcqZObUQ3JYJqEaTuAkHRDZJziwQg6CTqgX13/Oh+DHv 4GfuIWIfn7G/HzMc3tviiF3PJo4s56e8+QL1hNLeNMa4A0r9LI0E5qXUIwpD2MS0pMhC pYFzfkTVBYwU1kiKc/oGAvHE4Y7AvysjQw6GDie0Thfq4hzojuph0F+IebIsHM8CG1ap koGmPvfrXX+A5hLzqmxNY2z4Frz8RzjvCPFSqOU4GJmb1cpFBUQgMUD+viCLIm9lSOLy zhJModkYswu237WDjHg6XlkAJ/Sbo8VKHDI0PPq4s6LEw0ipkeybgPBIPVJz3OAKik6t b6sg== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@tunein-com.20150623.gappssmtp.com header.s=20150623 header.b=yhSrmiQ+; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id w60si11803900wrb.345.2018.04.17.16.44.45; Tue, 17 Apr 2018 16:44:46 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@tunein-com.20150623.gappssmtp.com header.s=20150623 header.b=yhSrmiQ+; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 901BE689F7D; Wed, 18 Apr 2018 02:44:16 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-yb0-f194.google.com (mail-yb0-f194.google.com [209.85.213.194]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id C7C3E689F3D for ; Wed, 18 Apr 2018 02:44:10 +0300 (EEST) Received: by mail-yb0-f194.google.com with SMTP id v14-v6so2313949ybk.8 for ; Tue, 17 Apr 2018 16:44:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tunein-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id; bh=snOcjUc0RcOOMJPeyzjejFbQq9SpDq6z2MF0qSc91YY=; b=yhSrmiQ+Yi9Woq0L3qzqZgmQfa3wiP+jXjYijYZkLcGqe9C97sFpkSIatOAV0c1CyQ iM5jZQ3WWJe6NvO8PZcaMk5beXA3fcOEZi9SLYv/pw3ciQPVQDgzUzRzSc3zwLw/jCgx dpXxz3bYRtio7T9qjcssQQ5cFeF6QHFjiAW6vKl76EScOyS/QZVshKNFENeaOJv+f91s 8Bf9QHnFlxBBGVqRW2PMdEBVjex6GHVvw/oH+rCuLUVRBarGs3QGHjae0RR5PWPCtpzh 42NvugyrFOMI1SWiWXKw/7PbDsecCXLKgDmErnR43C3PVtyYgGL54UO6GXS0SMpBcQgP qOFQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=snOcjUc0RcOOMJPeyzjejFbQq9SpDq6z2MF0qSc91YY=; b=hLYa4Btl8mSHAuhSAzkfT/rapdSA4IXvtaxoQP9GDZhL+3UN62HVTyPQD4RdLDSwhS LLTF7SdSTtgRhfPOgJPDPt8RQxFj61g2SOsLRrVfRGuKcI2lg/RT2rq56C8GXmtFDCZD apc2ahUFi3codOv67wqcRQNrjgZg6UgnM6u36DQ4u1GFskKMewtrRCiZjPuFhE1mFJVI 2kGfM++JtC/7PxdLPhyRVqQWFAUoLBsyqXk6JCoLdfHFOn5g3fgowFq2Vdzgxm+wmHh6 HHqUdSMVODvWsh2jRcGrgEzGsGU+Bq3IshLpJwpgwsEmObt119dZ3mic+aMTCzF1fK6y /Z5A== X-Gm-Message-State: ALQs6tDi7SyWkArk7UQ6xg5VF57ep1wa/dG3AQO/92pbbJj1njPYycv+ LWtfMe3IIYD1JQGe75eBwpnn2Fh0D3U= X-Received: by 2002:a25:9247:: with SMTP id e7-v6mr2961536ybo.400.1524008239091; Tue, 17 Apr 2018 16:37:19 -0700 (PDT) Received: from 000984.tunein.corp ([38.140.202.59]) by smtp.gmail.com with ESMTPSA id x5sm4926165ywf.107.2018.04.17.16.37.16 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 17 Apr 2018 16:37:17 -0700 (PDT) From: rshaffer@tunein.com To: ffmpeg-devel@ffmpeg.org Date: Tue, 17 Apr 2018 16:37:13 -0700 Message-Id: <20180417233713.50302-1-rshaffer@tunein.com> X-Mailer: git-send-email 2.15.1 (Apple Git-101) Subject: [FFmpeg-devel] [PATCH] libavformat/http: Refactor and fix additional leaks in get_cookies. X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Richard Shaffer MIME-Version: 1.0 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" From: Richard Shaffer This refactors get_cookies to simplify some code paths, specifically for skipping logic in the while loop or exiting it. It also simplifies the logic for appending additional values to *cookies by replacing strlen/malloc/snprintf with one call av_asnprintf. This refactor fixes a bug where the cookie_params AVDictionary would get leaked if we failed to allocate a new buffer for writing to *cookies. --- libavformat/http.c | 64 +++++++++++++++++++++++------------------------------- 1 file changed, 27 insertions(+), 37 deletions(-) diff --git a/libavformat/http.c b/libavformat/http.c index b4a1919f24..183214c444 100644 --- a/libavformat/http.c +++ b/libavformat/http.c @@ -1015,7 +1015,8 @@ static int process_line(URLContext *h, char *line, int line_count, /** * Create a string containing cookie values for use as a HTTP cookie header * field value for a particular path and domain from the cookie values stored in - * the HTTP protocol context. The cookie string is stored in *cookies. + * the HTTP protocol context. The cookie string is stored in *cookies, and may + * be NULL if there are no valid cookies. * * @return a negative value if an error condition occurred, 0 otherwise */ @@ -1025,15 +1026,19 @@ static int get_cookies(HTTPContext *s, char **cookies, const char *path, // cookie strings will look like Set-Cookie header field values. Multiple // Set-Cookie fields will result in multiple values delimited by a newline int ret = 0; - char *cookie, *set_cookies = av_strdup(s->cookies), *next = set_cookies; - - if (!set_cookies) return AVERROR(EINVAL); + char *cookie, *set_cookies, *next; // destroy any cookies in the dictionary. av_dict_free(&s->cookie_dict); + if (!s->cookies) + return 0; + + if (!(next = set_cookies = av_strdup(s->cookies))) + return AVERROR(ENOMEM); + *cookies = NULL; - while ((cookie = av_strtok(next, "\n", &next))) { + while ((cookie = av_strtok(next, "\n", &next)) && !ret) { AVDictionary *cookie_params = NULL; AVDictionaryEntry *cookie_entry, *e; @@ -1043,23 +1048,19 @@ static int get_cookies(HTTPContext *s, char **cookies, const char *path, // continue on to the next cookie if this one cannot be parsed if (parse_set_cookie(cookie, &cookie_params)) - continue; + goto skip_cookie; // if the cookie has no value, skip it cookie_entry = av_dict_get(cookie_params, "", NULL, AV_DICT_IGNORE_SUFFIX); - if (!cookie_entry || !cookie_entry->value) { - av_dict_free(&cookie_params); - continue; - } + if (!cookie_entry || !cookie_entry->value) + goto skip_cookie; // if the cookie has expired, don't add it if ((e = av_dict_get(cookie_params, "expires", NULL, 0)) && e->value) { struct tm tm_buf = {0}; if (!parse_set_cookie_expiry_time(e->value, &tm_buf)) { - if (av_timegm(&tm_buf) < av_gettime() / 1000000) { - av_dict_free(&cookie_params); - continue; - } + if (av_timegm(&tm_buf) < av_gettime() / 1000000) + goto skip_cookie; } } @@ -1067,42 +1068,31 @@ static int get_cookies(HTTPContext *s, char **cookies, const char *path, if ((e = av_dict_get(cookie_params, "domain", NULL, 0)) && e->value) { // find the offset comparison is on the min domain (b.com, not a.b.com) int domain_offset = strlen(domain) - strlen(e->value); - if (domain_offset < 0) { - av_dict_free(&cookie_params); - continue; - } + if (domain_offset < 0) + goto skip_cookie; // match the cookie domain - if (av_strcasecmp(&domain[domain_offset], e->value)) { - av_dict_free(&cookie_params); - continue; - } + if (av_strcasecmp(&domain[domain_offset], e->value)) + goto skip_cookie; } // ensure this cookie matches the path e = av_dict_get(cookie_params, "path", NULL, 0); - if (!e || av_strncasecmp(path, e->value, strlen(e->value))) { - av_dict_free(&cookie_params); - continue; - } + if (!e || av_strncasecmp(path, e->value, strlen(e->value))) + goto skip_cookie; // cookie parameters match, so copy the value if (!*cookies) { - if (!(*cookies = av_asprintf("%s=%s", cookie_entry->key, cookie_entry->value))) { - ret = AVERROR(ENOMEM); - break; - } + *cookies = av_asprintf("%s=%s", cookie_entry->key, cookie_entry->value); } else { char *tmp = *cookies; - size_t str_size = strlen(cookie_entry->key) + strlen(cookie_entry->value) + strlen(*cookies) + 4; - if (!(*cookies = av_malloc(str_size))) { - ret = AVERROR(ENOMEM); - av_free(tmp); - break; - } - snprintf(*cookies, str_size, "%s; %s=%s", tmp, cookie_entry->key, cookie_entry->value); + *cookies = av_asprintf("%s; %s=%s", tmp, cookie_entry->key, cookie_entry->value); av_free(tmp); } + if (!*cookies) + ret = AVERROR(ENOMEM); + + skip_cookie: av_dict_free(&cookie_params); }