rtsp: Don't pass string pointer as format string to ff_url_join

Message ID 1308212056-75599-1-git-send-email-martin@martin.st
State Committed
Commit d840733937a3f00dcedbf20507077a4891173516
Headers show

Commit Message

Martin Storsjö June 16, 2011, 8:14 a.m.
In this case, the string that was passed couldn't contain
user-defined data and thus there was no risk for injection
bugs, but it's safer this way, if we later change the
content of the options string.
---
 libavformat/rtsp.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

Comments

Mans Rullgard June 16, 2011, 8:28 a.m. | #1
Martin Storsjö <martin@martin.st> writes:

> In this case, the string that was passed couldn't contain
> user-defined data and thus there was no risk for injection
> bugs, but it's safer this way, if we later change the
> content of the options string.
> ---
>  libavformat/rtsp.c |    4 ++--
>  1 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/libavformat/rtsp.c b/libavformat/rtsp.c
> index b2735f6..eeea9be 100644
> --- a/libavformat/rtsp.c
> +++ b/libavformat/rtsp.c
> @@ -1234,10 +1234,10 @@ int ff_rtsp_make_setup_request(AVFormatContext *s, const char *host, int port,
>              if (reply->transports[0].source[0]) {
>                  ff_url_join(url, sizeof(url), "rtp", NULL,
>                              reply->transports[0].source,
> -                            reply->transports[0].server_port_min, options);
> +                            reply->transports[0].server_port_min, "%s", options);
>              } else {
>                  ff_url_join(url, sizeof(url), "rtp", NULL, host,
> -                            reply->transports[0].server_port_min, options);
> +                            reply->transports[0].server_port_min, "%s", options);
>              }
>              if (!(rt->server_type == RTSP_SERVER_WMS && i > 1) &&
>                  rtp_set_remote_url(rtsp_st->rtp_handle, url) < 0) {
> -- 

Looks OK.

Patch

diff --git a/libavformat/rtsp.c b/libavformat/rtsp.c
index b2735f6..eeea9be 100644
--- a/libavformat/rtsp.c
+++ b/libavformat/rtsp.c
@@ -1234,10 +1234,10 @@  int ff_rtsp_make_setup_request(AVFormatContext *s, const char *host, int port,
             if (reply->transports[0].source[0]) {
                 ff_url_join(url, sizeof(url), "rtp", NULL,
                             reply->transports[0].source,
-                            reply->transports[0].server_port_min, options);
+                            reply->transports[0].server_port_min, "%s", options);
             } else {
                 ff_url_join(url, sizeof(url), "rtp", NULL, host,
-                            reply->transports[0].server_port_min, options);
+                            reply->transports[0].server_port_min, "%s", options);
             }
             if (!(rt->server_type == RTSP_SERVER_WMS && i > 1) &&
                 rtp_set_remote_url(rtsp_st->rtp_handle, url) < 0) {