mirrors/gstreamer
mirrors/gstreamer
1
1
Fork 0
mirror of https://gitlab.freedesktop.org/gstreamer/gstreamer.git synced 2024-09-23 04:20:17 +00:00
Code Issues 1 Projects Releases Wiki Activity
gstreamer/gst/rtsp-server
History
Sebastian Dröge 44ccca3086 rtsp-auth: Fix NULL pointer dereference when handling an invalid basic Authorization header 
When using the basic authentication scheme, we wouldn't validate that
the authorization field of the credentials is not NULL and pass it on
to g_hash_table_lookup(). g_str_hash() however is not NULL-safe and will
dereference the NULL pointer and crash.
A specially crafted (read: invalid) RTSP header can cause this to
happen.

As a solution, check for the authorization to be not NULL before
continuing processing it and if it is simply fail authentication.

This fixes CVE-2020-6095 and TALOS-2020-1018.

Discovered by Peter Wang of Cisco ASIG.
2020-03-23 16:06:43 +02:00
..
meson.build docs: Port to hotdoc 2019-05-13 11:38:39 -04:00
rtsp-address-pool.c libs: fix API export/import and 'inconsistent linkage' on MSVC 2018-09-24 09:36:21 +01:00
rtsp-address-pool.h rtsp-server: GST_EXPORT -> GST_RTSP_SERVER_API 2018-03-13 13:37:13 +00:00
rtsp-auth.c rtsp-auth: Fix NULL pointer dereference when handling an invalid basic Authorization header 2020-03-23 16:06:43 +02:00
rtsp-auth.h rtsp-auth: Add support for parsing .htdigest files 2018-06-21 15:47:39 +02:00
rtsp-client.c rtsp-client: Use watch_context before unref 2020-03-09 14:17:34 +01:00
rtsp-client.h onvif: Implement and test the Streaming Specification 2019-06-06 18:45:17 +02:00
rtsp-context.c doc: Fix some docstrings 2019-05-13 17:00:00 -04:00
rtsp-context.h Include ONVIF types from single-include rtsp-server.h 2018-11-01 10:18:22 +02:00
rtsp-latency-bin.c rtsp-latency-bin: replace G_TYPE_INSTANCE_GET_PRIVATE as it's been deprecated 2020-01-23 17:00:59 +02:00
rtsp-latency-bin.h onvif: encapsulate onvif part into a bin 2018-10-03 13:26:36 +03:00
rtsp-media-factory-uri.c rtsp-media: Try to get dynamic payloaders by name from their bin first 2019-07-22 19:44:28 +03:00
rtsp-media-factory-uri.h Fix typos 2019-06-07 13:42:24 +02:00
rtsp-media-factory.c Don't pass default GLib marshallers for signals 2019-11-04 14:16:10 +00:00
rtsp-media-factory.h New property for socket binding to mcast addresses 2018-09-28 13:27:48 +03:00
rtsp-media.c rtsp-media: Sink pipeline in gst_rtsp_media_take_pipeline() 2020-02-22 00:43:31 +02:00
rtsp-media.h rtsp-client: Lock shared media 2019-10-16 13:20:54 +00:00
rtsp-mount-points.c GstRTSPMountPoints: Remove any existing factory before adding a new one 2019-11-04 12:01:09 +00:00
rtsp-mount-points.h rtsp-server: GST_EXPORT -> GST_RTSP_SERVER_API 2018-03-13 13:37:13 +00:00
rtsp-onvif-client.c onvif: Implement and test the Streaming Specification 2019-06-06 18:45:17 +02:00
rtsp-onvif-client.h onvif: Implement and test the Streaming Specification 2019-06-06 18:45:17 +02:00
rtsp-onvif-media-factory.c onvif-media: fix "void function returning a value" compiler warning 2019-06-25 13:19:44 +01:00
rtsp-onvif-media-factory.h onvif: Implement and test the Streaming Specification 2019-06-06 18:45:17 +02:00
rtsp-onvif-media.c onvif-media: fix "void function returning a value" compiler warning 2019-06-25 13:19:44 +01:00
rtsp-onvif-media.h Mark all ONVIF-specific subclasses as Since 1.14 2018-11-01 10:23:02 +02:00
rtsp-onvif-server.c Include ONVIF types from single-include rtsp-server.h 2018-11-01 10:18:22 +02:00
rtsp-onvif-server.h onvif: Implement and test the Streaming Specification 2019-06-06 18:45:17 +02:00
rtsp-params.c libs: fix API export/import and 'inconsistent linkage' on MSVC 2018-09-24 09:36:21 +01:00
rtsp-params.h rtsp-server: GST_EXPORT -> GST_RTSP_SERVER_API 2018-03-13 13:37:13 +00:00
rtsp-permissions.c libs: fix API export/import and 'inconsistent linkage' on MSVC 2018-09-24 09:36:21 +01:00
rtsp-permissions.h rtsp-server: GST_EXPORT -> GST_RTSP_SERVER_API 2018-03-13 13:37:13 +00:00
rtsp-sdp.c rtsp-sdp: Don't try to use non-initialized values 2019-11-27 15:27:36 +01:00
rtsp-sdp.h rtsp-server: GST_EXPORT -> GST_RTSP_SERVER_API 2018-03-13 13:37:13 +00:00
rtsp-server-internal.h rtsp-stream: clear backlog when removing transport 2020-02-24 20:24:29 +00:00
rtsp-server-object.h rtsp-client: Handle Content-Length limitation 2019-04-22 09:17:13 +00:00
rtsp-server-prelude.h Include ONVIF types from single-include rtsp-server.h 2018-11-01 10:18:22 +02:00
rtsp-server.c Don't pass default GLib marshallers for signals 2019-11-04 14:16:10 +00:00
rtsp-server.h rtsp-server: Declare GstRTSPServer struct before anything else 2018-11-01 11:29:01 +02:00
rtsp-session-media.c rtsp-server: Add various Since: 1.14 markers 2019-04-23 15:01:32 +03:00
rtsp-session-media.h rtsp-server: GST_EXPORT -> GST_RTSP_SERVER_API 2018-03-13 13:37:13 +00:00
rtsp-session-pool.c Don't pass default GLib marshallers for signals 2019-11-04 14:16:10 +00:00
rtsp-session-pool.h rtsp-server: GST_EXPORT -> GST_RTSP_SERVER_API 2018-03-13 13:37:13 +00:00
rtsp-session.c rtsp-session: Butcher the file to please gst-indent in the CI 2019-12-18 19:48:31 +00:00
rtsp-session.h rtsp-session & client: Remove deprecated GTimeVal 2019-12-18 19:48:31 +00:00
rtsp-stream-transport.c rtsp-stream: clear backlog when removing transport 2020-02-24 20:24:29 +00:00
rtsp-stream-transport.h stream: refactor TCP backpressure handling 2019-10-21 13:49:54 +02:00
rtsp-stream.c rtsp-stream: fix deadlock on transport removal 2020-02-24 20:24:29 +00:00
rtsp-stream.h onvif: Implement and test the Streaming Specification 2019-06-06 18:45:17 +02:00
rtsp-thread-pool.c libs: fix API export/import and 'inconsistent linkage' on MSVC 2018-09-24 09:36:21 +01:00
rtsp-thread-pool.h rtsp-server: GST_EXPORT -> GST_RTSP_SERVER_API 2018-03-13 13:37:13 +00:00
rtsp-token.c libs: fix API export/import and 'inconsistent linkage' on MSVC 2018-09-24 09:36:21 +01:00
rtsp-token.h rtsp-server: GST_EXPORT -> GST_RTSP_SERVER_API 2018-03-13 13:37:13 +00:00