> > In RTSPClientConnection::handleRequestBytes, if a pointer wraparound > > as checked at line 793 happens, parseSucceeded is set to false but > > contentLength is still used to perform memmove at line 890. > > > > This might lead to invalid memory access. > > Yes, this is a problem. I have just installed a new version (2019.05.12) of > the code that should prevent this from happening.
Thanks!
> > This is a memory leak. Memory allocated in parseAuthorizationHeader for
> > username, realm, etc. by strDup is never freed.
>
> Actually, this is not a memory leak. The parameters to
> “parseAuthorizationHeader()” are reference parameters (to pointers). The
> allocated memory is passed back to the calling function, which ends up
> deleting them all. So, there’s no bug here.
OK. I will ask for CVE rejection then. Too bad people keep asking for CVE
numbers without getting in touch with upstream before.
regards,
Hugo
--
Hugo Lefeuvre (hle) | www.owl.eu.com
RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD
ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C
signature.asc
Description: PGP signature
_______________________________________________ live-devel mailing list live-devel@lists.live555.com http://lists.live555.com/mailman/listinfo/live-devel
