Mercurial > mplayer.hg
comparison stream/stream_ftp.c @ 35394:7bad316da87a
stream ftp: Pass full buffer size to snprintf
Previously the buffer size was always passed as one less than
the underlying buffer's size. This is not using the underlying
buffer to its full potential according to the C99 standard. The
last byte of the buffers were never used.
No vulnerabilities should have been caused by this mistake because
the strings stored in the buffers were zero terminated at all
times. Neither were out-of-array writes nor reads possible.
| author | al |
|---|---|
| date | Mon, 26 Nov 2012 23:36:00 +0000 |
| parents | d5476d0811f8 |
| children | e740eaf25f32 |
comparison
equal
deleted
inserted
replaced
| 35393:67de02ade8af | 35394:7bad316da87a |
|---|---|
| 279 return 0; | 279 return 0; |
| 280 } | 280 } |
| 281 | 281 |
| 282 sscanf(par+1,"%u,%u,%u,%u,%u,%u",&num[0],&num[1],&num[2], | 282 sscanf(par+1,"%u,%u,%u,%u,%u,%u",&num[0],&num[1],&num[2], |
| 283 &num[3],&num[4],&num[5]); | 283 &num[3],&num[4],&num[5]); |
| 284 snprintf(str,127,"%d.%d.%d.%d",num[0],num[1],num[2],num[3]); | 284 snprintf(str,sizeof(str),"%d.%d.%d.%d",num[0],num[1],num[2],num[3]); |
| 285 fd = connect2Server(str,(num[4]<<8)+num[5],0); | 285 fd = connect2Server(str,(num[4]<<8)+num[5],0); |
| 286 | 286 |
| 287 if(fd < 0) | 287 if(fd < 0) |
| 288 mp_msg(MSGT_OPEN,MSGL_ERR, "[ftp] failed to create data connection\n"); | 288 mp_msg(MSGT_OPEN,MSGL_ERR, "[ftp] failed to create data connection\n"); |
| 289 | 289 |
| 299 s->fd = FtpOpenPort(p); | 299 s->fd = FtpOpenPort(p); |
| 300 | 300 |
| 301 if(s->fd < 0) return 0; | 301 if(s->fd < 0) return 0; |
| 302 | 302 |
| 303 if(newpos > 0) { | 303 if(newpos > 0) { |
| 304 snprintf(p->cmd_buf,CMD_BUFSIZE - 1,"REST %"PRId64, (int64_t)newpos); | 304 snprintf(p->cmd_buf,CMD_BUFSIZE,"REST %"PRId64, (int64_t)newpos); |
| 305 | 305 |
| 306 resp = FtpSendCmd(p->cmd_buf,p,rsp_txt); | 306 resp = FtpSendCmd(p->cmd_buf,p,rsp_txt); |
| 307 if(resp != 3) { | 307 if(resp != 3) { |
| 308 mp_msg(MSGT_OPEN,MSGL_WARN, "[ftp] command '%s' failed: %s\n",p->cmd_buf,rsp_txt); | 308 mp_msg(MSGT_OPEN,MSGL_WARN, "[ftp] command '%s' failed: %s\n",p->cmd_buf,rsp_txt); |
| 309 newpos = 0; | 309 newpos = 0; |
| 310 } | 310 } |
| 311 } | 311 } |
| 312 | 312 |
| 313 // Get the file | 313 // Get the file |
| 314 snprintf(p->cmd_buf,CMD_BUFSIZE - 1,"RETR %s",p->filename); | 314 snprintf(p->cmd_buf,CMD_BUFSIZE,"RETR %s",p->filename); |
| 315 resp = FtpSendCmd(p->cmd_buf,p,rsp_txt); | 315 resp = FtpSendCmd(p->cmd_buf,p,rsp_txt); |
| 316 | 316 |
| 317 if(resp != 1) { | 317 if(resp != 1) { |
| 318 mp_msg(MSGT_OPEN,MSGL_ERR, "[ftp] command '%s' failed: %s\n",p->cmd_buf,rsp_txt); | 318 mp_msg(MSGT_OPEN,MSGL_ERR, "[ftp] command '%s' failed: %s\n",p->cmd_buf,rsp_txt); |
| 319 return 0; | 319 return 0; |
| 462 m_struct_free(&stream_opts,opts); | 462 m_struct_free(&stream_opts,opts); |
| 463 return STREAM_ERROR; | 463 return STREAM_ERROR; |
| 464 } | 464 } |
| 465 | 465 |
| 466 // Login | 466 // Login |
| 467 snprintf(p->cmd_buf,CMD_BUFSIZE - 1,"USER %s",p->user); | 467 snprintf(p->cmd_buf,CMD_BUFSIZE,"USER %s",p->user); |
| 468 resp = FtpSendCmd(p->cmd_buf,p,rsp_txt); | 468 resp = FtpSendCmd(p->cmd_buf,p,rsp_txt); |
| 469 | 469 |
| 470 // password needed | 470 // password needed |
| 471 if(resp == 3) { | 471 if(resp == 3) { |
| 472 snprintf(p->cmd_buf,CMD_BUFSIZE - 1,"PASS %s",p->pass); | 472 snprintf(p->cmd_buf,CMD_BUFSIZE,"PASS %s",p->pass); |
| 473 resp = FtpSendCmd(p->cmd_buf,p,rsp_txt); | 473 resp = FtpSendCmd(p->cmd_buf,p,rsp_txt); |
| 474 if(resp != 2) { | 474 if(resp != 2) { |
| 475 mp_msg(MSGT_OPEN,MSGL_ERR, "[ftp] command '%s' failed: %s\n",p->cmd_buf,rsp_txt); | 475 mp_msg(MSGT_OPEN,MSGL_ERR, "[ftp] command '%s' failed: %s\n",p->cmd_buf,rsp_txt); |
| 476 close_f(stream); | 476 close_f(stream); |
| 477 return STREAM_ERROR; | 477 return STREAM_ERROR; |
| 489 close_f(stream); | 489 close_f(stream); |
| 490 return STREAM_ERROR; | 490 return STREAM_ERROR; |
| 491 } | 491 } |
| 492 | 492 |
| 493 // Get the filesize | 493 // Get the filesize |
| 494 snprintf(p->cmd_buf,CMD_BUFSIZE - 1,"SIZE %s",p->filename); | 494 snprintf(p->cmd_buf,CMD_BUFSIZE,"SIZE %s",p->filename); |
| 495 resp = FtpSendCmd(p->cmd_buf,p,rsp_txt); | 495 resp = FtpSendCmd(p->cmd_buf,p,rsp_txt); |
| 496 if(resp != 2) { | 496 if(resp != 2) { |
| 497 mp_msg(MSGT_OPEN,MSGL_WARN, "[ftp] command '%s' failed: %s\n",p->cmd_buf,rsp_txt); | 497 mp_msg(MSGT_OPEN,MSGL_WARN, "[ftp] command '%s' failed: %s\n",p->cmd_buf,rsp_txt); |
| 498 } else { | 498 } else { |
| 499 int dummy; | 499 int dummy; |