[Live-devel] CVE-2019-773{3, 2}: unrestricted memmove and memory leak leading to DoS
Hugo Lefeuvre
hle at owl.eu.com
Sat May 11 22:55:10 PDT 2019
> > In RTSPClientConnection::handleRequestBytes, if a pointer wraparound
> > as checked at line 793 happens, parseSucceeded is set to false but
> > contentLength is still used to perform memmove at line 890.
> >
> > This might lead to invalid memory access.
>
> Yes, this is a problem. I have just installed a new version (2019.05.12) of the code that should prevent this from happening.
Thanks!
> > This is a memory leak. Memory allocated in parseAuthorizationHeader for
> > username, realm, etc. by strDup is never freed.
>
> Actually, this is not a memory leak. The parameters to “parseAuthorizationHeader()” are reference parameters (to pointers). The allocated memory is passed back to the calling function, which ends up deleting them all. So, there’s no bug here.
OK. I will ask for CVE rejection then. Too bad people keep asking for CVE
numbers without getting in touch with upstream before.
regards,
Hugo
--
Hugo Lefeuvre (hle) | www.owl.eu.com
RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD
ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://lists.live555.com/pipermail/live-devel/attachments/20190512/9319aed9/attachment.bin>
More information about the live-devel
mailing list