Re: [Live-devel] Denial of Service in media server

2007-11-15 Thread Luigi Auriemma
Ross Finlayson <[EMAIL PROTECTED]> wrote: > Probably the easiest fix for this problem (until I get around to > rewriting/cleaning up the whole RTSP request parsing code) is to > change > j < reqStrSize-8 > to > (int)j < (int)(reqStrSize-8) Hey Ross, I'm happy that you liked my bug r

Re: [Live-devel] Denial of Service in media server

2007-11-14 Thread Ross Finlayson
Luigi, Many thanks for the bug report. (This is exactly the kind of bug report I love to see.) > for (j = i+1; j < reqStrSize-8; ++j) { Probably the easiest fix for this problem (until I get around to rewriting/cleaning up the whole RTSP request parsing code) is to change j < reqS

[Live-devel] Denial of Service in media server

2007-11-14 Thread Luigi Auriemma
Hey, I want to report a DoS vulnerability I have found in the live555 media server 2007.11.01. The following are the details: The function which handles the incoming queries from the clients is affected by a vulnerability which can allow an attacker to crash the server remotely using the smalles