mirror of
https://gitlab.freedesktop.org/gstreamer/gstreamer.git
synced 2025-01-11 18:05:37 +00:00
rtpvorbisdepay: fix unbounded memory usage
All received configurations are parsed and added to a list, this lead to an unbounded memory usage. As the configuration is resent every second this quickly lead to a large memory usage. Add a check to only add the config if it is not already available in the list. This fix only handle the typical case of a well behaved stream, a malicious server could still send many useless configurations to raise the client memory usage.
This commit is contained in:
parent
82f2ac783b
commit
4e7ce28623
1 changed files with 23 additions and 0 deletions
|
@ -134,6 +134,22 @@ gst_rtp_vorbis_depay_finalize (GObject * object)
|
|||
G_OBJECT_CLASS (parent_class)->finalize (object);
|
||||
}
|
||||
|
||||
static gboolean
|
||||
gst_rtp_vorbis_depay_has_ident (GstRtpVorbisDepay * rtpvorbisdepay,
|
||||
guint32 ident)
|
||||
{
|
||||
GList *walk;
|
||||
|
||||
for (walk = rtpvorbisdepay->configs; walk; walk = g_list_next (walk)) {
|
||||
GstRtpVorbisConfig *conf = (GstRtpVorbisConfig *) walk->data;
|
||||
|
||||
if (conf->ident == ident)
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/* takes ownership of confbuf */
|
||||
static gboolean
|
||||
gst_rtp_vorbis_depay_parse_configuration (GstRtpVorbisDepay * rtpvorbisdepay,
|
||||
|
@ -228,6 +244,13 @@ gst_rtp_vorbis_depay_parse_configuration (GstRtpVorbisDepay * rtpvorbisdepay,
|
|||
if (size < length && size + 1 != length)
|
||||
goto too_small;
|
||||
|
||||
if (gst_rtp_vorbis_depay_has_ident (rtpvorbisdepay, ident)) {
|
||||
size -= length;
|
||||
data += length;
|
||||
offset += length;
|
||||
continue;
|
||||
}
|
||||
|
||||
/* read header sizes we read 2 sizes, the third size (for which we allocate
|
||||
* space) must be derived from the total packed header length. */
|
||||
h_sizes = g_newa (guint, n_headers + 1);
|
||||
|
|
Loading…
Reference in a new issue