[Live-devel] Denial of Service in media server
Luigi Auriemma
aluigi at autistici.org
Thu Nov 15 01:08:50 PST 2007
Ross Finlayson <finlayson at live555.com> wrote:
> Probably the easiest fix for this problem (until I get around to
> rewriting/cleaning up the whole RTSP request parsing code) is to
> change
> j < reqStrSize-8
> to
> (int)j < (int)(reqStrSize-8)
Hey Ross,
I'm happy that you liked my bug report 8-)
Another solution could be also:
if(reqStrSize < 8) return False;
placed at the beginning of the function (for avoiding the first
instructions since we already know that the data is invalid) or
naturally before that for().
BYEZ
---
Luigi Auriemma
http://aluigi.org
http://forum.aluigi.org
http://mirror.aluigi.org
More information about the live-devel
mailing list