X-Git-Url: https://git.sesse.net/?a=blobdiff_plain;f=modules%2Faccess%2Frtsp%2Freal_sdpplin.c;h=65b3d09e98d4b07c3393eff204b24e14bb004f22;hb=2a70bf3485b7c8ae409b5fbc73655713a1ef440b;hp=08814b5a0d0bc339e86d0f2305c35abd3622da26;hpb=775fa8a1c8fc2041908e01ea7f12bc0bb0c22f6f;p=vlc diff --git a/modules/access/rtsp/real_sdpplin.c b/modules/access/rtsp/real_sdpplin.c index 08814b5a0d..65b3d09e98 100644 --- a/modules/access/rtsp/real_sdpplin.c +++ b/modules/access/rtsp/real_sdpplin.c @@ -17,189 +17,140 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA * - * $Id: sdpplin.c,v 1.5 2004/04/23 21:59:04 miguelfreitas Exp $ + * $Id$ * * sdp/sdpplin parser. * */ - -#include "real.h" - -/* - * Decodes base64 strings (based upon b64 package) - */ - -static char *b64_decode(const char *in, char *out, int *size) -{ - char dtable[256]; /* Encode / decode table */ - int i,j,k; - - for (i = 0; i < 255; i++) { - dtable[i] = 0x80; - } - for (i = 'A'; i <= 'Z'; i++) { - dtable[i] = 0 + (i - 'A'); - } - for (i = 'a'; i <= 'z'; i++) { - dtable[i] = 26 + (i - 'a'); - } - for (i = '0'; i <= '9'; i++) { - dtable[i] = 52 + (i - '0'); - } - dtable['+'] = 62; - dtable['/'] = 63; - dtable['='] = 0; - - k=0; - - /*CONSTANTCONDITION*/ - for (j=0; j> 4); - out[k++] = (b[1] << 4) | (b[2] >> 2); - out[k++] = (b[2] << 6) | b[3]; - i = a[2] == '=' ? 1 : (a[3] == '=' ? 2 : 3); - if (i < 3) { - out[k]=0; - *size=k; - return out; - } - } - out[k]=0; - *size=k; - return out; -} -static char *nl(char *data) { +#include "real.h" +#include +#define BUFLEN 32000 +static inline char *nl(char *data) { char *nlptr = (data) ? strchr(data,'\n') : NULL; return (nlptr) ? nlptr + 1 : NULL; } -static int filter(const char *in, const char *filter, char **out) { +static int filter(const char *in, const char *filter, char **out, size_t outlen) { int flen=strlen(filter); - int len; - - if (!in) - return 0; - - len = (strchr(in,'\n')) ? strchr(in,'\n')-in : strlen(in); + size_t len; - if (!strncmp(in,filter,flen)) - { + if (!in) return 0; + + len = (strchr(in,'\n')) ? (size_t)(strchr(in,'\n')-in) : strlen(in); + if (!strncmp(in,filter,flen)) { if(in[flen]=='"') flen++; if(in[len-1]==13) len--; if(in[len-1]=='"') len--; + if( len-flen+1 > outlen ) + { + printf("Discarding end of string to avoid overflow"); + len=outlen+flen-1; + } memcpy(*out, in+flen, len-flen+1); (*out)[len-flen]=0; - return len-flen; } - return 0; } + static sdpplin_stream_t *sdpplin_parse_stream(char **data) { - sdpplin_stream_t *desc = malloc(sizeof(sdpplin_stream_t)); - char *buf=malloc(32000); - char *decoded=malloc(32000); - int handled; - - memset(desc, 0, sizeof(sdpplin_stream_t)); + sdpplin_stream_t *desc; + char* buf = NULL; + char* decoded = NULL; + int handled; + + desc = calloc( 1, sizeof(sdpplin_stream_t) ); + if( !desc ) + return NULL; + + buf = malloc( BUFLEN ); + if( !buf ) + goto error; + + decoded = malloc( BUFLEN ); + if( !decoded ) + goto error; - if (filter(*data, "m=", &buf)) { + if (filter(*data, "m=", &buf, BUFLEN)) { desc->id = strdup(buf); - } else - { + } else { lprintf("sdpplin: no m= found.\n"); - free(desc); - free(buf); - return NULL; + goto error; } *data=nl(*data); while (*data && **data && *data[0]!='m') { - handled=0; - - if(filter(*data,"a=control:streamid=",&buf)) { - desc->stream_id=atoi(buf); - handled=1; - *data=nl(*data); - } - if(filter(*data,"a=MaxBitRate:integer;",&buf)) { + if(filter(*data,"a=control:streamid=",&buf, BUFLEN)) { + /* This way negative values are mapped to unfeasibly high + * values, and will be discarded afterward + */ + unsigned long tmp = strtoul(buf, NULL, 10); + if ( tmp > UINT16_MAX ) + lprintf("stream id out of bound: %lu\n", tmp); + else + desc->stream_id=tmp; + handled=1; + *data=nl(*data); + } + if(filter(*data,"a=MaxBitRate:integer;",&buf, BUFLEN)) { desc->max_bit_rate=atoi(buf); if (!desc->avg_bit_rate) desc->avg_bit_rate=desc->max_bit_rate; handled=1; *data=nl(*data); } - - if(filter(*data,"a=MaxPacketSize:integer;",&buf)) { + if(filter(*data,"a=MaxPacketSize:integer;",&buf, BUFLEN)) { desc->max_packet_size=atoi(buf); if (!desc->avg_packet_size) desc->avg_packet_size=desc->max_packet_size; handled=1; *data=nl(*data); } - - if(filter(*data,"a=StartTime:integer;",&buf)) { + if(filter(*data,"a=StartTime:integer;",&buf, BUFLEN)) { desc->start_time=atoi(buf); handled=1; *data=nl(*data); } - - if(filter(*data,"a=Preroll:integer;",&buf)) { + if(filter(*data,"a=Preroll:integer;",&buf, BUFLEN)) { desc->preroll=atoi(buf); handled=1; *data=nl(*data); } - - if(filter(*data,"a=length:npt=",&buf)) { + if(filter(*data,"a=length:npt=",&buf, BUFLEN)) { desc->duration=(uint32_t)(atof(buf)*1000); handled=1; *data=nl(*data); } - - if(filter(*data,"a=StreamName:string;",&buf)) { + if(filter(*data,"a=StreamName:string;",&buf, BUFLEN)) { desc->stream_name=strdup(buf); desc->stream_name_size=strlen(desc->stream_name); handled=1; *data=nl(*data); } - - if(filter(*data,"a=mimetype:string;",&buf)) { + if(filter(*data,"a=mimetype:string;",&buf, BUFLEN)) { desc->mime_type=strdup(buf); desc->mime_type_size=strlen(desc->mime_type); handled=1; *data=nl(*data); } - - if(filter(*data,"a=OpaqueData:buffer;",&buf)) { - decoded = b64_decode(buf, decoded, &(desc->mlti_data_size)); - desc->mlti_data = malloc(sizeof(char)*desc->mlti_data_size); - memcpy(desc->mlti_data, decoded, desc->mlti_data_size); - handled=1; - *data=nl(*data); - lprintf("mlti_data_size: %i\n", desc->mlti_data_size); + if(filter(*data,"a=OpaqueData:buffer;",&buf, BUFLEN)) { + desc->mlti_data_size = + vlc_b64_decode_binary_to_buffer(decoded, BUFLEN, buf ); + if ( desc->mlti_data_size ) { + desc->mlti_data = malloc(desc->mlti_data_size); + memcpy(desc->mlti_data, decoded, desc->mlti_data_size); + handled=1; + *data=nl(*data); + lprintf("mlti_data_size: %i\n", desc->mlti_data_size); + } } - - if(filter(*data,"a=ASMRuleBook:string;",&buf)) { + if(filter(*data,"a=ASMRuleBook:string;",&buf, BUFLEN)) { desc->asm_rule_book=strdup(buf); handled=1; *data=nl(*data); @@ -215,71 +166,104 @@ static sdpplin_stream_t *sdpplin_parse_stream(char **data) { *data=nl(*data); } } - - free(buf); - free(decoded); - + free( buf ); + free( decoded) ; return desc; + +error: + free( decoded ); + free( desc ); + free( buf ); + return NULL; } -sdpplin_t *sdpplin_parse(char *data) { - sdpplin_t *desc = malloc(sizeof(sdpplin_t)); - sdpplin_stream_t *stream; - char *buf=malloc(3200); - char *decoded=malloc(3200); - int handled; - int len; +sdpplin_t *sdpplin_parse(char *data) +{ + sdpplin_t* desc; + sdpplin_stream_t* stream; + char* buf; + char* decoded; + int handled; + + desc = calloc( 1, sizeof(sdpplin_t) ); + if( !desc ) + return NULL; - memset(desc, 0, sizeof(sdpplin_t)); + buf = malloc( BUFLEN ); + if( !buf ) + { + free( desc ); + return NULL; + } - while (data && *data) { + decoded = malloc( BUFLEN ); + if( !decoded ) + { + free( buf ); + free( desc ); + return NULL; + } + desc->stream = NULL; + while (data && *data) { handled=0; - - if (filter(data, "m=", &buf)) { - stream=sdpplin_parse_stream(&data); - lprintf("got data for stream id %u\n", stream->stream_id); - desc->stream[stream->stream_id]=stream; - continue; - } - if(filter(data,"a=Title:buffer;",&buf)) { - decoded=b64_decode(buf, decoded, &len); - desc->title=strdup(decoded); - handled=1; - data=nl(data); + if (filter(data, "m=", &buf, BUFLEN)) { + if ( !desc->stream ) { + fprintf(stderr, "sdpplin.c: stream identifier found before stream count, skipping."); + continue; + } + stream=sdpplin_parse_stream(&data); + lprintf("got data for stream id %u\n", stream->stream_id); + if ( stream->stream_id >= desc->stream_count ) + lprintf("stream id %u is greater than stream count %u\n", stream->stream_id, desc->stream_count); + else + desc->stream[stream->stream_id]=stream; + continue; } - - if(filter(data,"a=Author:buffer;",&buf)) { - decoded=b64_decode(buf, decoded, &len); - desc->author=strdup(decoded); - handled=1; - data=nl(data); + if(filter(data,"a=Title:buffer;",&buf, BUFLEN)) { + desc->title=vlc_b64_decode(buf); + if(desc->title) { + handled=1; + data=nl(data); + } } - - if(filter(data,"a=Copyright:buffer;",&buf)) { - decoded=b64_decode(buf, decoded, &len); - desc->copyright=strdup(decoded); - handled=1; - data=nl(data); + if(filter(data,"a=Author:buffer;",&buf, BUFLEN)) { + desc->author=vlc_b64_decode(buf); + if(desc->author) { + handled=1; + data=nl(data); + } } - - if(filter(data,"a=Abstract:buffer;",&buf)) { - decoded=b64_decode(buf, decoded, &len); - desc->abstract=strdup(decoded); - handled=1; - data=nl(data); + if(filter(data,"a=Copyright:buffer;",&buf, BUFLEN)) { + desc->copyright=vlc_b64_decode(buf); + if(desc->copyright) { + handled=1; + data=nl(data); + } } - - if(filter(data,"a=StreamCount:integer;",&buf)) { - desc->stream_count=atoi(buf); - desc->stream = malloc(sizeof(sdpplin_stream_t*)*desc->stream_count); - handled=1; - data=nl(data); + if(filter(data,"a=Abstract:buffer;",&buf, BUFLEN)) { + desc->abstract=vlc_b64_decode(buf); + if(desc->abstract) { + handled=1; + data=nl(data); + } } - - if(filter(data,"a=Flags:integer;",&buf)) { + if(filter(data,"a=StreamCount:integer;",&buf, BUFLEN)) { + /* This way negative values are mapped to unfeasibly high + * values, and will be discarded afterward + */ + unsigned long tmp = strtoul(buf, NULL, 10); + if ( tmp > UINT16_MAX ) + lprintf("stream count out of bound: %lu\n", tmp); + else + desc->stream_count = tmp; + desc->stream = malloc(sizeof(sdpplin_stream_t*)*desc->stream_count); + handled=1; + data=nl(data); + } + if(filter(data,"a=Flags:integer;",&buf, BUFLEN)) { desc->flags=atoi(buf); handled=1; data=nl(data); @@ -296,15 +280,51 @@ sdpplin_t *sdpplin_parse(char *data) { } } - free(buf); - free(decoded); - + free( decoded ); + free( buf ); return desc; } void sdpplin_free(sdpplin_t *description) { - /* TODO: free strings */ - free(description); + int i; + + if( !description ) return; + + for( i=0; istream_count; i++ ) { + if( description->stream[i] ) { + free( description->stream[i]->id ); + free( description->stream[i]->bandwidth ); + free( description->stream[i]->range ); + free( description->stream[i]->length ); + free( description->stream[i]->rtpmap ); + free( description->stream[i]->mimetype ); + free( description->stream[i]->stream_name ); + free( description->stream[i]->mime_type ); + free( description->stream[i]->mlti_data ); + free( description->stream[i]->rmff_flags ); + free( description->stream[i]->asm_rule_book ); + free( description->stream[i] ); + } + } + if( description->stream_count ) + free( description->stream ); + + free( description->owner ); + free( description->session_name ); + free( description->session_info ); + free( description->uri ); + free( description->email ); + free( description->phone ); + free( description->connection ); + free( description->bandwidth ); + free( description->title ); + free( description->author ); + free( description->copyright ); + free( description->keywords ); + free( description->asm_rule_book ); + free( description->abstract ); + free( description->range ); + free( description ); }