From patchwork Thu Apr 19 19:55:00 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: rshaffer@tunein.com X-Patchwork-Id: 8510 Delivered-To: ffmpegpatchwork@gmail.com Received: by 2002:a02:155:0:0:0:0:0 with SMTP id c82-v6csp1068726jad; Thu, 19 Apr 2018 13:01:41 -0700 (PDT) X-Google-Smtp-Source: AIpwx49/1GqVYl0tjDXjTuual0X3twzz11PrDKgec/LOrEIKMKKo38nUpDtznyPAcE4huipp8UW/ X-Received: by 10.28.149.131 with SMTP id x125mr109685wmd.56.1524168101344; Thu, 19 Apr 2018 13:01:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1524168101; cv=none; d=google.com; s=arc-20160816; b=abJHdbgWdxY/yTNjJonEm1IYxTsKodSkCA4QS+7fYCs/rers8b2wQ/5//EG0yGZ1Mw x0el4c5sObCvGpQpNbZy9otDAKxCm4U8oXbcmsPMoBwiCxxA+LzWYTo9aImT47NtcXZW 3C5i5GAbLdqvE6qKs6Mubkb/bL20qgzQ3CHYwCYESYtIig+aqrMPVudOINf+Of9Z8yBR Vkb9WVJHLWbUDu1EwKMVMS0c7Thg4732XT5dLRCK9wCg7Wcs/VyKdT1VXDCkD2qMvMGT RKLv15BxRmp/Q+xMkfBVfFhGFAfurlEvOJy6wuQ0CcKek1olROp7/xmGuzyPgbi6luSK Wenw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version:cc:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:message-id:date :to:from:dkim-signature:delivered-to:arc-authentication-results; bh=mUDhOli6AcT+JoAhdpLE6dQR3l8AsXEVw5k1PHoncgw=; b=W1L70oG6irKZhuh2eS2iSva7niARCAURp3MQwf2KK0njqn6YBkXy3MhQ7mk73MgPh1 +PBoJeXLtVMLmxcPVN6tyxCbCdvmGWPXjyPB5B4HWPb1Qg1KN3c8N7eldAKNCLyh9nBH yxg6d1zW/lIXRaifJyqXBJN95jUEJw5mzZFcMBQvjadY3VORjscX2N7StIuQ4KqPrRVs yUKkfV1PAjp7PQJqdHEiHxqdhTINoxA9sozczHeDKUiuw6uUzxZa4uHAVGPYGVLU9t88 t2j2T3KakddYXIC6PjwNu1A9r9Ej4TgWVxBc+pW8nL7XosJm80iTH7RRnI42ztDrXh61 ihyw== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@tunein-com.20150623.gappssmtp.com header.s=20150623 header.b=nxGUdYB4; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id r31-v6si3468065wrb.381.2018.04.19.13.01.40; Thu, 19 Apr 2018 13:01:41 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@tunein-com.20150623.gappssmtp.com header.s=20150623 header.b=nxGUdYB4; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id A6B67689EC7; Thu, 19 Apr 2018 23:01:11 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-yb0-f196.google.com (mail-yb0-f196.google.com [209.85.213.196]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 4EB86689BF3 for ; Thu, 19 Apr 2018 23:01:05 +0300 (EEST) Received: by mail-yb0-f196.google.com with SMTP id c10-v6so2243732ybn.7 for ; Thu, 19 Apr 2018 13:01:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tunein-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=tBP5dZoPW8xG1BytHib5m6sQo0P0/enTM6gVIePOCLM=; b=nxGUdYB4g0W+RddprARc9UWJPIWpEKarKGyYhaxg5WQcZhfc5mU20GQJOrmLyRLnUZ k7A6sJbyUtFHLdjN0BctBaZPtCOc9Nwl+DGWcF9b/VtRun76p4S0Y7JE+WMRKcGbsN4l qGjCKdM2QjvapmNs/Fx6oQheopl7O5gCVdlc+cp9z4fTYKFr+oycIaVsWgzj3mnxqh+Y M7gQ/gFROB3UyORSqv4Swz8vB/P/zUGy5JKt9lH8zuFkj1HmqvgLRRq9lvQyzK1rYJx5 1u1Hkih0HsjycbMPetCuUMiFTyg1dco+sPxz8MTQ1m+6EePTQtAMWebMCYoc7m5CghgD h+Kg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=tBP5dZoPW8xG1BytHib5m6sQo0P0/enTM6gVIePOCLM=; b=WHcs7Bnjvs3MB4dKq5lyzksFWSbp38e+CxO58W9iIfQY/w5ZgL9ywcUpUbMrXUQAtW mFoG2O10ejJlZEJ4iaa1XurKZy1UQgMA8v9LL28t+CmLXLCRG3jlui4bjqIMNkVB5DtI df9Uy9cBrV87S1Ggay698Fxu3N6UwkgWaM5G5000pFFWfkLtElnQ/Z7x33Nst5Rl1E7h eV4KpKBirj718oO+XQ/xOHjhhuTSPoJJKHz7D1Elf0Yzliwg2nTaeG7VuV3wl6btz/wR q36H8p2+fvK/fho34q8dWS2qpKekSwKwryfF5ohGEXtmfE7rjJkq7LnsNfuRp4DU8dd3 Zh+g== X-Gm-Message-State: ALQs6tA/7r3nD7fX14qY0vnuY5YpguSqPQee1Mp7yfjs5Jvz3lD5OLs/ rxw5qII6ZvlSKG5EB6MA30Iha7mY X-Received: by 2002:a25:2144:: with SMTP id h65-v6mr4877974ybh.407.1524167708077; Thu, 19 Apr 2018 12:55:08 -0700 (PDT) Received: from 000984.tunein.corp ([38.140.202.59]) by smtp.gmail.com with ESMTPSA id t18-v6sm1794689ywh.50.2018.04.19.12.55.07 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 19 Apr 2018 12:55:07 -0700 (PDT) From: rshaffer@tunein.com To: ffmpeg-devel@ffmpeg.org Date: Thu, 19 Apr 2018 12:55:00 -0700 Message-Id: <20180419195500.79089-1-rshaffer@tunein.com> X-Mailer: git-send-email 2.15.1 (Apple Git-101) In-Reply-To: <20180419214508.70d276ce@debian> References: <20180419214508.70d276ce@debian> Subject: [FFmpeg-devel] [PATCH v2] libavformat/http: Refactor and fix additional leaks in get_cookies. X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: wm4 , Richard Shaffer MIME-Version: 1.0 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" From: Richard Shaffer This refactors get_cookies to simplify some code paths, specifically for skipping logic in the while loop or exiting it. It also simplifies the logic for appending additional values to *cookies by replacing strlen/malloc/snprintf with one call av_asnprintf. This refactor fixes a bug where the cookie_params AVDictionary would get leaked if we failed to allocate a new buffer for writing to *cookies. --- Updated so that next = set_cookies = av_strdup(s->cookies) assignment is done on a separate line instead of inside the if conditional. libavformat/http.c | 65 +++++++++++++++++++++++------------------------------- 1 file changed, 28 insertions(+), 37 deletions(-) diff --git a/libavformat/http.c b/libavformat/http.c index b4a1919f24..d59ffbbbe8 100644 --- a/libavformat/http.c +++ b/libavformat/http.c @@ -1015,7 +1015,8 @@ static int process_line(URLContext *h, char *line, int line_count, /** * Create a string containing cookie values for use as a HTTP cookie header * field value for a particular path and domain from the cookie values stored in - * the HTTP protocol context. The cookie string is stored in *cookies. + * the HTTP protocol context. The cookie string is stored in *cookies, and may + * be NULL if there are no valid cookies. * * @return a negative value if an error condition occurred, 0 otherwise */ @@ -1025,15 +1026,20 @@ static int get_cookies(HTTPContext *s, char **cookies, const char *path, // cookie strings will look like Set-Cookie header field values. Multiple // Set-Cookie fields will result in multiple values delimited by a newline int ret = 0; - char *cookie, *set_cookies = av_strdup(s->cookies), *next = set_cookies; - - if (!set_cookies) return AVERROR(EINVAL); + char *cookie, *set_cookies, *next; // destroy any cookies in the dictionary. av_dict_free(&s->cookie_dict); + if (!s->cookies) + return 0; + + next = set_cookies = av_strdup(s->cookies); + if (!next) + return AVERROR(ENOMEM); + *cookies = NULL; - while ((cookie = av_strtok(next, "\n", &next))) { + while ((cookie = av_strtok(next, "\n", &next)) && !ret) { AVDictionary *cookie_params = NULL; AVDictionaryEntry *cookie_entry, *e; @@ -1043,23 +1049,19 @@ static int get_cookies(HTTPContext *s, char **cookies, const char *path, // continue on to the next cookie if this one cannot be parsed if (parse_set_cookie(cookie, &cookie_params)) - continue; + goto skip_cookie; // if the cookie has no value, skip it cookie_entry = av_dict_get(cookie_params, "", NULL, AV_DICT_IGNORE_SUFFIX); - if (!cookie_entry || !cookie_entry->value) { - av_dict_free(&cookie_params); - continue; - } + if (!cookie_entry || !cookie_entry->value) + goto skip_cookie; // if the cookie has expired, don't add it if ((e = av_dict_get(cookie_params, "expires", NULL, 0)) && e->value) { struct tm tm_buf = {0}; if (!parse_set_cookie_expiry_time(e->value, &tm_buf)) { - if (av_timegm(&tm_buf) < av_gettime() / 1000000) { - av_dict_free(&cookie_params); - continue; - } + if (av_timegm(&tm_buf) < av_gettime() / 1000000) + goto skip_cookie; } } @@ -1067,42 +1069,31 @@ static int get_cookies(HTTPContext *s, char **cookies, const char *path, if ((e = av_dict_get(cookie_params, "domain", NULL, 0)) && e->value) { // find the offset comparison is on the min domain (b.com, not a.b.com) int domain_offset = strlen(domain) - strlen(e->value); - if (domain_offset < 0) { - av_dict_free(&cookie_params); - continue; - } + if (domain_offset < 0) + goto skip_cookie; // match the cookie domain - if (av_strcasecmp(&domain[domain_offset], e->value)) { - av_dict_free(&cookie_params); - continue; - } + if (av_strcasecmp(&domain[domain_offset], e->value)) + goto skip_cookie; } // ensure this cookie matches the path e = av_dict_get(cookie_params, "path", NULL, 0); - if (!e || av_strncasecmp(path, e->value, strlen(e->value))) { - av_dict_free(&cookie_params); - continue; - } + if (!e || av_strncasecmp(path, e->value, strlen(e->value))) + goto skip_cookie; // cookie parameters match, so copy the value if (!*cookies) { - if (!(*cookies = av_asprintf("%s=%s", cookie_entry->key, cookie_entry->value))) { - ret = AVERROR(ENOMEM); - break; - } + *cookies = av_asprintf("%s=%s", cookie_entry->key, cookie_entry->value); } else { char *tmp = *cookies; - size_t str_size = strlen(cookie_entry->key) + strlen(cookie_entry->value) + strlen(*cookies) + 4; - if (!(*cookies = av_malloc(str_size))) { - ret = AVERROR(ENOMEM); - av_free(tmp); - break; - } - snprintf(*cookies, str_size, "%s; %s=%s", tmp, cookie_entry->key, cookie_entry->value); + *cookies = av_asprintf("%s; %s=%s", tmp, cookie_entry->key, cookie_entry->value); av_free(tmp); } + if (!*cookies) + ret = AVERROR(ENOMEM); + + skip_cookie: av_dict_free(&cookie_params); }