[Live-devel] client port validation

Ross Finlayson finlayson at live555.com
Tue Feb 24 12:13:22 PST 2015


Eric,

Thanks for the note.  The *real* bug here, of course, is in your client application, for trying to use a pre-defined client port number, without checking whether it is already in use.  You should report this to the developer of your client application, in hopes of getting it fixed.  (If your client application were instead implemented using our software, then it wouldn’t do this :-)

Nonetheless, the issue you noted is also a bug in the LIVE555 server code, because it allows for a ‘denial of service’ attack on a running RTSP client by another user *on the same computer*.  This isn’t serious (far more serious would be a denial of service attack from a different computer), but it is still a bug, and will get fixed in some future release.


Ross Finlayson
Live Networks, Inc.
http://www.live555.com/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.live555.com/pipermail/live-devel/attachments/20150225/346aae2b/attachment.html>


More information about the live-devel mailing list