diff mbox series

[FFmpeg-devel] RTSP Video Stream - Buffer Overflow!

Message ID CA+dMvPy-UQ_YhGcc0gLB-hSG2xqb8vpmryq3U7d6B0ZwKix=ug@mail.gmail.com
State New
Headers show
Series [FFmpeg-devel] RTSP Video Stream - Buffer Overflow!
Related show

Checks

Context Check Description
andriy/default pending
andriy/configure warning Failed to apply patch

Commit Message

Yiğit (Yeet) Uyan Aug. 17, 2020, 7:21 p.m. UTC
Hi everyone,

RTSP/S links longer than 1024 characters are failing due to a buffer
overflow issue happening when parsing RTSP links (eg. ffplay <rtsp link>).
FFmpeg has a buffer definition in libavformat/Rtsp.h, where it defines the
control_uri as 1024 characters.

RTSP/S links follow a similar pattern to common web URIs, i.e.
<rtsps://my.camera.server:port/...>, and in many cases these links are
generated, routed and modified by common underlying web infrastructure. The
common conception for the web when parsing a URI is to expect up to 2000
characters.

https://stackoverflow.com/questions/417142/what-is-the-maximum-length-of-a-url-in-different-browsers

The link above is for browsers, but it is very similar in many other web
technologies as well.

Can somebody help with extending the rtsp/s link limit to match the web
urls (eg. 2048 characters)

Thanks in advance,


I have created and submitted the following patch to ffmpeg-devel@ffmpeg.org,
though it does not show up in patchwork. I am not sure what the following
steps are..

Signed-off-by: Yiğit (Yeet) Uyan <yigituyan@google.com>
---
 libavformat/rtsp.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Comments

Zane van Iperen Aug. 17, 2020, 11:59 p.m. UTC | #1
On Mon, 17 Aug 2020 12:21:46 -0700
Yiğit  Uyan <yigituyan-at-google.com@ffmpeg.org> wrote:

> Can somebody help with extending the rtsp/s link limit to match the web
> urls (eg. 2048 characters)

AFAICS this would work as a band-aid, but since the RFC doesn't
specify a length limit (that I can find), in the long run it might be
better changing that field to be dynamically allocated.

https://tools.ietf.org/html/rfc2326#page-80


> Thanks in advance,
> 
> 
> I have created and submitted the following patch to ffmpeg-devel@ffmpeg.org,
> though it does not show up in patchwork. I am not sure what the following
> steps are..

It got there eventually, sometimes it takes awhile:
https://patchwork.ffmpeg.org/project/ffmpeg/list/?series=2045

Zane
Andriy Gelman Aug. 18, 2020, 12:44 a.m. UTC | #2
Hi Yeet,

On Mon, 17. Aug 12:21, Yiğit (Yeet) Uyan wrote:
> Hi everyone,
> 
> RTSP/S links longer than 1024 characters are failing due to a buffer
> overflow issue happening when parsing RTSP links (eg. ffplay <rtsp link>).
> FFmpeg has a buffer definition in libavformat/Rtsp.h, where it defines the
> control_uri as 1024 characters.
> 
> RTSP/S links follow a similar pattern to common web URIs, i.e.
> <rtsps://my.camera.server:port/...>, and in many cases these links are
> generated, routed and modified by common underlying web infrastructure. The
> common conception for the web when parsing a URI is to expect up to 2000
> characters.
> 
> https://stackoverflow.com/questions/417142/what-is-the-maximum-length-of-a-url-in-different-browsers
> 
> The link above is for browsers, but it is very similar in many other web
> technologies as well.
> 
> Can somebody help with extending the rtsp/s link limit to match the web
> urls (eg. 2048 characters)
> 
> Thanks in advance,
> 
> 

> I have created and submitted the following patch to ffmpeg-devel@ffmpeg.org,
> though it does not show up in patchwork. I am not sure what the following
> steps are..

Patches sent as an attachment need to have a text/x-diff or
text/x-patch MIME type for patchwork. 

Your original patch was octet/stream, which is why it was skipped. 

Saying that, not everyone uses patchwork and the ML is primary way to keep
track.

Some more developer notes are in:
https://ffmpeg.org/developer.html

--
Andriy
diff mbox series

Patch

diff --git a/libavformat/rtsp.h b/libavformat/rtsp.h
index 54a9a30c16..2b37f5b49f 100644
--- a/libavformat/rtsp.h
+++ b/libavformat/rtsp.h
@@ -315,7 +315,7 @@  typedef struct RTSPState {
     /** some MS RTSP streams contain a URL in the SDP that we need to use
      * for all subsequent RTSP requests, rather than the input URI; in
      * other cases, this is a copy of AVFormatContext->filename. */
-    char control_uri[1024];
+    char control_uri[2048];
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org