Mercurial > libavformat.hg
annotate tcp.c @ 1700:77bd711c0aed libavformat
adding a few checks to the audio packet descrambling, this should hopefully catch all related out of array accesses
note, the original code might have been exploitable
author | michael |
---|---|
date | Mon, 22 Jan 2007 03:19:00 +0000 |
parents | 3fa40cd9fdae |
children | 1f7a6dc01100 |
rev | line source |
---|---|
0 | 1 /* |
2 * TCP protocol | |
3 * Copyright (c) 2002 Fabrice Bellard. | |
4 * | |
1358
0899bfe4105c
Change license headers to say 'FFmpeg' instead of 'this program/this library'
diego
parents:
923
diff
changeset
|
5 * This file is part of FFmpeg. |
0899bfe4105c
Change license headers to say 'FFmpeg' instead of 'this program/this library'
diego
parents:
923
diff
changeset
|
6 * |
0899bfe4105c
Change license headers to say 'FFmpeg' instead of 'this program/this library'
diego
parents:
923
diff
changeset
|
7 * FFmpeg is free software; you can redistribute it and/or |
0 | 8 * modify it under the terms of the GNU Lesser General Public |
9 * License as published by the Free Software Foundation; either | |
1358
0899bfe4105c
Change license headers to say 'FFmpeg' instead of 'this program/this library'
diego
parents:
923
diff
changeset
|
10 * version 2.1 of the License, or (at your option) any later version. |
0 | 11 * |
1358
0899bfe4105c
Change license headers to say 'FFmpeg' instead of 'this program/this library'
diego
parents:
923
diff
changeset
|
12 * FFmpeg is distributed in the hope that it will be useful, |
0 | 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of |
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
15 * Lesser General Public License for more details. | |
16 * | |
17 * You should have received a copy of the GNU Lesser General Public | |
1358
0899bfe4105c
Change license headers to say 'FFmpeg' instead of 'this program/this library'
diego
parents:
923
diff
changeset
|
18 * License along with FFmpeg; if not, write to the Free Software |
896
edbe5c3717f9
Update licensing information: The FSF changed postal address.
diego
parents:
885
diff
changeset
|
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA |
0 | 20 */ |
21 #include "avformat.h" | |
22 #include <unistd.h> | |
23 #include <sys/types.h> | |
24 #include <sys/socket.h> | |
25 #include <netinet/in.h> | |
1672 | 26 #include <arpa/inet.h> |
0 | 27 #include <netdb.h> |
180 | 28 #include <sys/time.h> |
29 #include <fcntl.h> | |
0 | 30 |
31 typedef struct TCPContext { | |
32 int fd; | |
33 } TCPContext; | |
34 | |
35 /* resolve host with also IP address parsing */ | |
36 int resolve_host(struct in_addr *sin_addr, const char *hostname) | |
37 { | |
38 struct hostent *hp; | |
39 | |
40 if ((inet_aton(hostname, sin_addr)) == 0) { | |
41 hp = gethostbyname(hostname); | |
42 if (!hp) | |
43 return -1; | |
44 memcpy (sin_addr, hp->h_addr, sizeof(struct in_addr)); | |
45 } | |
46 return 0; | |
47 } | |
48 | |
49 /* return non zero if error */ | |
50 static int tcp_open(URLContext *h, const char *uri, int flags) | |
51 { | |
52 struct sockaddr_in dest_addr; | |
53 char hostname[1024], *q; | |
54 int port, fd = -1; | |
683
095009fc2f35
kill warnings patch by (Mns Rullgrd <mru inprovide com>)
michael
parents:
511
diff
changeset
|
55 TCPContext *s = NULL; |
180 | 56 fd_set wfds; |
57 int fd_max, ret; | |
58 struct timeval tv; | |
59 socklen_t optlen; | |
511
056991ab9f10
HTTP Authentication Patch by (Petr Doubek <doubek at vision dot ee dot ethz dot ch>)
michael
parents:
482
diff
changeset
|
60 char proto[1024],path[1024],tmp[1024]; // PETR: protocol and path strings |
056991ab9f10
HTTP Authentication Patch by (Petr Doubek <doubek at vision dot ee dot ethz dot ch>)
michael
parents:
482
diff
changeset
|
61 |
056991ab9f10
HTTP Authentication Patch by (Petr Doubek <doubek at vision dot ee dot ethz dot ch>)
michael
parents:
482
diff
changeset
|
62 url_split(proto, sizeof(proto), NULL, 0, hostname, sizeof(hostname), |
056991ab9f10
HTTP Authentication Patch by (Petr Doubek <doubek at vision dot ee dot ethz dot ch>)
michael
parents:
482
diff
changeset
|
63 &port, path, sizeof(path), uri); // PETR: use url_split |
056991ab9f10
HTTP Authentication Patch by (Petr Doubek <doubek at vision dot ee dot ethz dot ch>)
michael
parents:
482
diff
changeset
|
64 if (strcmp(proto,"tcp")) goto fail; // PETR: check protocol |
056991ab9f10
HTTP Authentication Patch by (Petr Doubek <doubek at vision dot ee dot ethz dot ch>)
michael
parents:
482
diff
changeset
|
65 if ((q = strchr(hostname,'@'))) { strcpy(tmp,q+1); strcpy(hostname,tmp); } // PETR: take only the part after '@' for tcp protocol |
885 | 66 |
0 | 67 s = av_malloc(sizeof(TCPContext)); |
68 if (!s) | |
69 return -ENOMEM; | |
70 h->priv_data = s; | |
885 | 71 |
0 | 72 if (port <= 0 || port >= 65536) |
73 goto fail; | |
885 | 74 |
0 | 75 dest_addr.sin_family = AF_INET; |
76 dest_addr.sin_port = htons(port); | |
77 if (resolve_host(&dest_addr.sin_addr, hostname) < 0) | |
78 goto fail; | |
79 | |
80 fd = socket(PF_INET, SOCK_STREAM, 0); | |
81 if (fd < 0) | |
82 goto fail; | |
180 | 83 fcntl(fd, F_SETFL, O_NONBLOCK); |
885 | 84 |
180 | 85 redo: |
885 | 86 ret = connect(fd, (struct sockaddr *)&dest_addr, |
180 | 87 sizeof(dest_addr)); |
88 if (ret < 0) { | |
89 if (errno == EINTR) | |
90 goto redo; | |
91 if (errno != EINPROGRESS) | |
92 goto fail; | |
0 | 93 |
180 | 94 /* wait until we are connected or until abort */ |
95 for(;;) { | |
96 if (url_interrupt_cb()) { | |
97 ret = -EINTR; | |
98 goto fail1; | |
99 } | |
100 fd_max = fd; | |
101 FD_ZERO(&wfds); | |
102 FD_SET(fd, &wfds); | |
103 tv.tv_sec = 0; | |
104 tv.tv_usec = 100 * 1000; | |
105 ret = select(fd_max + 1, NULL, &wfds, NULL, &tv); | |
106 if (ret > 0 && FD_ISSET(fd, &wfds)) | |
107 break; | |
108 } | |
885 | 109 |
180 | 110 /* test error */ |
111 optlen = sizeof(ret); | |
112 getsockopt (fd, SOL_SOCKET, SO_ERROR, &ret, &optlen); | |
113 if (ret != 0) | |
114 goto fail; | |
115 } | |
0 | 116 s->fd = fd; |
117 return 0; | |
118 | |
119 fail: | |
482 | 120 ret = AVERROR_IO; |
180 | 121 fail1: |
0 | 122 if (fd >= 0) |
1670 | 123 closesocket(fd); |
0 | 124 av_free(s); |
180 | 125 return ret; |
0 | 126 } |
127 | |
65 | 128 static int tcp_read(URLContext *h, uint8_t *buf, int size) |
0 | 129 { |
130 TCPContext *s = h->priv_data; | |
388
9af30d452a0a
tcp select() check and enables pressing 'q' when reading/(writing) from
michael
parents:
385
diff
changeset
|
131 int len, fd_max, ret; |
180 | 132 fd_set rfds; |
133 struct timeval tv; | |
0 | 134 |
385
2f56d366a787
no read loop tcp/http and http CRLF fix by (Leon van Stuivenberg <l dot vanstuivenberg at chello dot nl>)
michael
parents:
261
diff
changeset
|
135 for (;;) { |
180 | 136 if (url_interrupt_cb()) |
137 return -EINTR; | |
138 fd_max = s->fd; | |
139 FD_ZERO(&rfds); | |
140 FD_SET(s->fd, &rfds); | |
141 tv.tv_sec = 0; | |
142 tv.tv_usec = 100 * 1000; | |
388
9af30d452a0a
tcp select() check and enables pressing 'q' when reading/(writing) from
michael
parents:
385
diff
changeset
|
143 ret = select(fd_max + 1, &rfds, NULL, NULL, &tv); |
9af30d452a0a
tcp select() check and enables pressing 'q' when reading/(writing) from
michael
parents:
385
diff
changeset
|
144 if (ret > 0 && FD_ISSET(s->fd, &rfds)) { |
9af30d452a0a
tcp select() check and enables pressing 'q' when reading/(writing) from
michael
parents:
385
diff
changeset
|
145 len = recv(s->fd, buf, size, 0); |
9af30d452a0a
tcp select() check and enables pressing 'q' when reading/(writing) from
michael
parents:
385
diff
changeset
|
146 if (len < 0) { |
9af30d452a0a
tcp select() check and enables pressing 'q' when reading/(writing) from
michael
parents:
385
diff
changeset
|
147 if (errno != EINTR && errno != EAGAIN) |
0 | 148 #ifdef __BEOS__ |
388
9af30d452a0a
tcp select() check and enables pressing 'q' when reading/(writing) from
michael
parents:
385
diff
changeset
|
149 return errno; |
0 | 150 #else |
388
9af30d452a0a
tcp select() check and enables pressing 'q' when reading/(writing) from
michael
parents:
385
diff
changeset
|
151 return -errno; |
0 | 152 #endif |
388
9af30d452a0a
tcp select() check and enables pressing 'q' when reading/(writing) from
michael
parents:
385
diff
changeset
|
153 } else return len; |
9af30d452a0a
tcp select() check and enables pressing 'q' when reading/(writing) from
michael
parents:
385
diff
changeset
|
154 } else if (ret < 0) { |
9af30d452a0a
tcp select() check and enables pressing 'q' when reading/(writing) from
michael
parents:
385
diff
changeset
|
155 return -1; |
9af30d452a0a
tcp select() check and enables pressing 'q' when reading/(writing) from
michael
parents:
385
diff
changeset
|
156 } |
0 | 157 } |
158 } | |
159 | |
65 | 160 static int tcp_write(URLContext *h, uint8_t *buf, int size) |
0 | 161 { |
162 TCPContext *s = h->priv_data; | |
388
9af30d452a0a
tcp select() check and enables pressing 'q' when reading/(writing) from
michael
parents:
385
diff
changeset
|
163 int ret, size1, fd_max, len; |
180 | 164 fd_set wfds; |
165 struct timeval tv; | |
0 | 166 |
167 size1 = size; | |
168 while (size > 0) { | |
180 | 169 if (url_interrupt_cb()) |
170 return -EINTR; | |
171 fd_max = s->fd; | |
172 FD_ZERO(&wfds); | |
173 FD_SET(s->fd, &wfds); | |
174 tv.tv_sec = 0; | |
175 tv.tv_usec = 100 * 1000; | |
388
9af30d452a0a
tcp select() check and enables pressing 'q' when reading/(writing) from
michael
parents:
385
diff
changeset
|
176 ret = select(fd_max + 1, NULL, &wfds, NULL, &tv); |
9af30d452a0a
tcp select() check and enables pressing 'q' when reading/(writing) from
michael
parents:
385
diff
changeset
|
177 if (ret > 0 && FD_ISSET(s->fd, &wfds)) { |
9af30d452a0a
tcp select() check and enables pressing 'q' when reading/(writing) from
michael
parents:
385
diff
changeset
|
178 len = send(s->fd, buf, size, 0); |
9af30d452a0a
tcp select() check and enables pressing 'q' when reading/(writing) from
michael
parents:
385
diff
changeset
|
179 if (len < 0) { |
9af30d452a0a
tcp select() check and enables pressing 'q' when reading/(writing) from
michael
parents:
385
diff
changeset
|
180 if (errno != EINTR && errno != EAGAIN) { |
0 | 181 #ifdef __BEOS__ |
388
9af30d452a0a
tcp select() check and enables pressing 'q' when reading/(writing) from
michael
parents:
385
diff
changeset
|
182 return errno; |
0 | 183 #else |
388
9af30d452a0a
tcp select() check and enables pressing 'q' when reading/(writing) from
michael
parents:
385
diff
changeset
|
184 return -errno; |
0 | 185 #endif |
388
9af30d452a0a
tcp select() check and enables pressing 'q' when reading/(writing) from
michael
parents:
385
diff
changeset
|
186 } |
9af30d452a0a
tcp select() check and enables pressing 'q' when reading/(writing) from
michael
parents:
385
diff
changeset
|
187 continue; |
261
5f27f90ed496
Fix a very nasty problem with extra bytes appearing in TCP data streams.
philipjsg
parents:
229
diff
changeset
|
188 } |
388
9af30d452a0a
tcp select() check and enables pressing 'q' when reading/(writing) from
michael
parents:
385
diff
changeset
|
189 size -= len; |
9af30d452a0a
tcp select() check and enables pressing 'q' when reading/(writing) from
michael
parents:
385
diff
changeset
|
190 buf += len; |
9af30d452a0a
tcp select() check and enables pressing 'q' when reading/(writing) from
michael
parents:
385
diff
changeset
|
191 } else if (ret < 0) { |
9af30d452a0a
tcp select() check and enables pressing 'q' when reading/(writing) from
michael
parents:
385
diff
changeset
|
192 return -1; |
261
5f27f90ed496
Fix a very nasty problem with extra bytes appearing in TCP data streams.
philipjsg
parents:
229
diff
changeset
|
193 } |
0 | 194 } |
195 return size1 - size; | |
196 } | |
197 | |
198 static int tcp_close(URLContext *h) | |
199 { | |
200 TCPContext *s = h->priv_data; | |
201 closesocket(s->fd); | |
202 av_free(s); | |
203 return 0; | |
204 } | |
205 | |
206 URLProtocol tcp_protocol = { | |
207 "tcp", | |
208 tcp_open, | |
209 tcp_read, | |
210 tcp_write, | |
211 NULL, /* seek */ | |
212 tcp_close, | |
213 }; |