[Live-devel] CVE-2019-773{3, 2}: unrestricted memmove and memory leak leading to DoS
Ross Finlayson
finlayson at live555.com
Sat May 11 18:18:42 PDT 2019
> I have double checked, both issues still seem to affect 2019.05.03.
Thanks for the report.
> In RTSPClientConnection::handleRequestBytes, if a pointer wraparound
> as checked at line 793 happens, parseSucceeded is set to false but
> contentLength is still used to perform memmove at line 890.
>
> This might lead to invalid memory access.
Yes, this is a problem. I have just installed a new version (2019.05.12) of the code that should prevent this from happening.
> This is a memory leak. Memory allocated in parseAuthorizationHeader for
> username, realm, etc. by strDup is never freed.
Actually, this is not a memory leak. The parameters to “parseAuthorizationHeader()” are reference parameters (to pointers). The allocated memory is passed back to the calling function, which ends up deleting them all. So, there’s no bug here.
Ross Finlayson
Live Networks, Inc.
http://www.live555.com/
More information about the live-devel
mailing list