mirrors/gstreamer
mirrors/gstreamer
1
1
Fork 0
mirror of https://gitlab.freedesktop.org/gstreamer/gstreamer.git synced 2024-07-16 11:28:36 +00:00
Code Issues 1 Projects Releases Wiki Activity

rtsp-auth: Fix NULL pointer dereference when handling an invalid basic Authorization header

Browse source 
When using the basic authentication scheme, we wouldn't validate that
the authorization field of the credentials is not NULL and pass it on
to g_hash_table_lookup(). g_str_hash() however is not NULL-safe and will
dereference the NULL pointer and crash.
A specially crafted (read: invalid) RTSP header can cause this to
happen.

As a solution, check for the authorization to be not NULL before
continuing processing it and if it is simply fail authentication.

This fixes CVE-2020-6095 and TALOS-2020-1018.

Discovered by Peter Wang of Cisco ASIG.
This commit is contained in:
Sebastian Dröge 2020-03-23 16:06:43 +02:00
parent daa18dc867
commit 44ccca3086
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
gst/rtsp-server/rtsp-auth.c
View file

@ -871,7 +871,7 @@ default_authenticate (GstRTSPAuth * auth, GstRTSPContext * ctx)
GST_DEBUG_OBJECT (auth, "check Basic auth");
g_mutex_lock (&priv->lock);
if ((token =
if ((*credential)->authorization && (token =
g_hash_table_lookup (priv->basic,
(*credential)->authorization))) {
GST_DEBUG_OBJECT (auth, "setting token %p", token);