mirrors/pipewire
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pipewire/pipewire.git synced 2026-05-02 06:46:36 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

security: fix unsafe atoi() on network RTSP status code

Browse source 
Input Validation: Medium

atoi() on network-received data returns 0 on parse failure, which is
indistinguishable from a valid "0" input. It also accepts negative
values and does not detect overflow. Replace with strtol() and
validate that the status code is in the valid HTTP/RTSP range
(100-599) to prevent protocol state confusion from malformed
responses.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Wim Taymans 2026-04-27 16:13:14 +02:00
parent ca0fa1e4e1
commit 9b845f4415
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/modules/module-raop/rtsp-client.c
View file

@ -253,8 +253,8 @@ static int process_status(struct pw_rtsp_client *client, char *buf)
if (s == NULL) if (s == NULL)
return -EPROTO; return -EPROTO;
client->status = atoi(s); client->status = strtol(s, NULL, 10);
if (client->status == 0) if (client->status < 100 || client->status > 599)
return -EPROTO; return -EPROTO;
s = pw_split_walk(buf, " ", &len, &state); s = pw_split_walk(buf, " ", &len, &state);