[Live-devel] Denial of Service in media server
Ross Finlayson
finlayson at live555.com
Wed Nov 14 17:46:55 PST 2007
Luigi,
Many thanks for the bug report. (This is exactly the kind of bug
report I love to see.)
> for (j = i+1; j < reqStrSize-8; ++j) {
Probably the easiest fix for this problem (until I get around to
rewriting/cleaning up the whole RTSP request parsing code) is to
change
j < reqStrSize-8
to
(int)j < (int)(reqStrSize-8)
and ditto for the other two similar tests elsewhere in the
"parseRTSPRequestString()" function.
This will be fixed in the next release of the software.
Ross.
More information about the live-devel
mailing list