jeans/Tasmota
jeans/Tasmota
1
0
Fork 0
mirror of https://github.com/arendst/Tasmota.git synced 2025-07-23 18:56:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix stack overflow vulnerability

Browse Source
This commit is contained in:
swing 2022-10-13 00:40:17 +08:00
parent 5cfbbd4302
commit 066878da4d
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
lib/libesp32/rtsp/CRtspSession.cpp
View File

@ -1,6 +1,7 @@
#include "CRtspSession.h" #include "CRtspSession.h"
#include <stdio.h> #include <stdio.h>
#include <time.h> #include <time.h>
#include <string.h>
CRtspSession::CRtspSession(SOCKET aRtspClient, CStreamer * aStreamer) : m_RtspClient(aRtspClient),m_Streamer(aStreamer) CRtspSession::CRtspSession(SOCKET aRtspClient, CStreamer * aStreamer) : m_RtspClient(aRtspClient),m_Streamer(aStreamer)
{ {
@ -47,6 +48,8 @@ bool CRtspSession::ParseRtspRequest(char const * aRequest, unsigned aRequestSize
char * TmpPtr; char * TmpPtr;
char CP[128]; //static char CP[1024]; char CP[128]; //static char CP[1024];
char * pCP; char * pCP;
int Length;
ClientPortPtr = strstr(CurRequest,"client_port"); ClientPortPtr = strstr(CurRequest,"client_port");
if (ClientPortPtr != nullptr) if (ClientPortPtr != nullptr)
@ -55,7 +58,12 @@ bool CRtspSession::ParseRtspRequest(char const * aRequest, unsigned aRequestSize
if (TmpPtr != nullptr) if (TmpPtr != nullptr)
{ {
TmpPtr[0] = 0x00; TmpPtr[0] = 0x00;
strcpy(CP,ClientPortPtr); Length = strlen(ClientPortPtr);
if (Length > 128)
{
Length = 128;
}
strncpy(CP,ClientPortPtr, Length);
pCP = strstr(CP,"="); pCP = strstr(CP,"=");
if (pCP != nullptr) if (pCP != nullptr)
{ {