mirror of
https://gitlab.freedesktop.org/gstreamer/gstreamer.git
synced 2024-12-29 11:40:38 +00:00
GStreamer multimedia framework
44ccca3086
When using the basic authentication scheme, we wouldn't validate that the authorization field of the credentials is not NULL and pass it on to g_hash_table_lookup(). g_str_hash() however is not NULL-safe and will dereference the NULL pointer and crash. A specially crafted (read: invalid) RTSP header can cause this to happen. As a solution, check for the authorization to be not NULL before continuing processing it and if it is simply fail authentication. This fixes CVE-2020-6095 and TALOS-2020-1018. Discovered by Peter Wang of Cisco ASIG. |
||
---|---|---|
docs | ||
examples | ||
gst | ||
pkgconfig | ||
tests | ||
.gitignore | ||
.gitlab-ci.yml | ||
AUTHORS | ||
ChangeLog | ||
COPYING | ||
COPYING.LIB | ||
gst-rtsp-server.doap | ||
meson.build | ||
meson_options.txt | ||
NEWS | ||
README | ||
RELEASE | ||
REQUIREMENTS | ||
TODO |
gst-rtsp-server is a library on top of GStreamer for building an RTSP server There are some examples in the examples/ directory and more comprehensive documentation in docs/README.