From patchwork Tue Jun 11 14:16:20 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Rodger Combs X-Patchwork-Id: 13505 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 6DA094477B1 for ; Tue, 11 Jun 2019 17:24:49 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 55E9A680BAA; Tue, 11 Jun 2019 17:24:49 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-it1-f180.google.com (mail-it1-f180.google.com [209.85.166.180]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 96993680347 for ; Tue, 11 Jun 2019 17:24:42 +0300 (EEST) Received: by mail-it1-f180.google.com with SMTP id m187so5211772ite.3 for ; Tue, 11 Jun 2019 07:24:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=ItLAEBWwMH/Vg40z+XXl7f4F6LUXEo1gQwQEMYFDXq0=; b=OWXwUi5D+bJDEHYp+HiYw96QLHWlFtABjHNufGtwujStlMnzK17fZNCJkdxAiH8YBf 132Kl5THEl915DbpTVcTqYgAPIGwEU0FKFzjVYbnwsTR5I/gWzhBfX8ctX/v6ngwSXds 9als9W5ceT889e2AIAThaVbmd56Y6Muy8hHcQBMobSlVrznKpQpb6WWPOhv0WC/noyTW uysgOtVTT4mwtY0z3WGaDHF6JYdf8w/kmsZHxkYQPtNvJWA+Kq7uFrqUNSsrSHCjRmFP opfi4wa03UNQyhwPfUFP+pg77J5Uk+oz4uPongEzR6dws/9nq0OpuHx3Kz0rX+xCMwLq rhzw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=ItLAEBWwMH/Vg40z+XXl7f4F6LUXEo1gQwQEMYFDXq0=; b=txShp10lVgo8FzkLJ4MELpMoJY2/ER8tA7r2NAXCWfFNCQSKrS2L/38lJUb/ZzOlIf yqKKErDAPiQ5panHnrZRwdDPVV8ngrFHkvCcQpBj/D6w192+y9uJz80imykUSY2adiMo OPlfh43guetzlwXbb3AYR+beJlDJyrJgHxmmRKZ9cpAMPxIrskkPmd/ULlp6SyoUa+dO /rXb5ihfEF9xLbhY0AUa3QTF66WRX9q8quMBJh2HlOIdUthpjTkfC0PPLgQecuZvGfz0 Un5TGz1dMseXwcsN4NAM0DVK2SIaAXFgnIkVq9qf/hGGPlTrQI564y9yTRuck1kjI9No S38g== X-Gm-Message-State: APjAAAUB+m/SSFxzzFFDOjAqc10qNlYkx0BSoQ5en4NjFmArvHkT9v/s v+agLrb3CEDyJ9w9CP1tBEMmXKSK08w= X-Google-Smtp-Source: APXvYqw2CEw+2/wOrNkAbIbYHpMYjeaMUKS4D+C2ZkrUXAc0HB46hX64C0dZAaKwZcr8VUEBlv3wGw== X-Received: by 2002:a05:660c:b0f:: with SMTP id f15mr15095261itk.111.1560262594506; Tue, 11 Jun 2019 07:16:34 -0700 (PDT) Received: from Rodgers-MBP.localdomain ([71.201.155.37]) by smtp.gmail.com with ESMTPSA id w23sm5005046ioa.51.2019.06.11.07.16.33 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 11 Jun 2019 07:16:33 -0700 (PDT) From: Rodger Combs To: ffmpeg-devel@ffmpeg.org Date: Tue, 11 Jun 2019 09:16:20 -0500 Message-Id: <20190611141623.59440-3-rodger.combs@gmail.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190611141623.59440-1-rodger.combs@gmail.com> References: <20190611141623.59440-1-rodger.combs@gmail.com> MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 3/6] lavf/tls_apple: fix crash on unexpected PEM types X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" --- libavformat/tls_apple.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/libavformat/tls_apple.c b/libavformat/tls_apple.c index 2ff6622565..37d63f3b27 100644 --- a/libavformat/tls_apple.c +++ b/libavformat/tls_apple.c @@ -165,6 +165,12 @@ static int load_identity(URLContext *h, SecIdentityRef *identity, CFArrayRef *ce if ((ret = import_pem(h, c->tls_shared.key_file, &keyArray)) < 0) goto end; + if (CFGetTypeID(CFArrayGetValueAtIndex(*certArray, 0)) != SecCertificateGetTypeID() || + CFGetTypeID(CFArrayGetValueAtIndex(keyArray, 0)) != SecKeyGetTypeID()) { + ret = AVERROR_INVALIDDATA; + goto end; + } + if (!(*identity = SecIdentityCreate(kCFAllocatorDefault, (SecCertificateRef)CFArrayGetValueAtIndex(*certArray, 0), (SecKeyRef)CFArrayGetValueAtIndex(keyArray, 0)))) {