1. 17 Dec, 2014 5 commits
  2. 16 Dec, 2014 3 commits
  3. 15 Dec, 2014 14 commits
  4. 14 Dec, 2014 3 commits
  5. 13 Dec, 2014 2 commits
  6. 12 Dec, 2014 10 commits
  7. 10 Dec, 2014 3 commits
    • Jean-Baptiste Kempf's avatar
    • Fabian Yamaguchi's avatar
      stream_out: rtp: don't use VLA for user controlled data · 20429146
      Fabian Yamaguchi authored
      It should fix a possible invalid memory access
      When streaming ogg-files via rtp, an ogg-file can trigger an invalid
      write access using an overly long 'configuration' string.
      The original code attemps to allocate space to hold the string on the stack
      and hence, cannot verify if allocation succeeds. Instead, we now allocate the
      buffer on the heap and return if allocation fails.
      In detail, rtp_packetize_xiph_config allocates a buffer on the stack at (1) where
      the size depends on the local variable 'len'. The variable 'len' is
      calculated at (0) to be the length of a string contained in a specially
      crafted Ogg Vorbis file, and therefore, it is attacker-controlled.
      Signed-off-by: Jean-Baptiste Kempf's avatarJean-Baptiste Kempf <jb@videolan.org>
    • Fabian Yamaguchi's avatar
      misc: update: fix buffer overflow in updater · fbe2837b
      Fabian Yamaguchi authored
      On 32 bit builds, parsing of update status files with a size of
      4294967295 or more lead to an integer truncation in a call to malloc
      and a subsequent buffer overflow. This happened prior to checking the
      files' signature. The commit fixes this by disallowing overly large
      status files (above 65k in practice)
      Signed-off-by: Jean-Baptiste Kempf's avatarJean-Baptiste Kempf <jb@videolan.org>