[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnurl] 178/256: rtsp: do not call fwrite() with NULL point
From: |
gnunet |
Subject: |
[GNUnet-SVN] [gnurl] 178/256: rtsp: do not call fwrite() with NULL pointer FILE * |
Date: |
Fri, 06 Oct 2017 19:44:29 +0200 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to branch master
in repository gnurl.
commit a14f7152ce1c25cf110d3ccf640f9d4ce17dacd3
Author: Daniel Stenberg <address@hidden>
AuthorDate: Fri Sep 8 10:20:36 2017 +0200
rtsp: do not call fwrite() with NULL pointer FILE *
If the default write callback is used and no destination has been set, a
NULL pointer would be passed to fwrite()'s 4th argument.
OSS-fuzz bug https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3327
(not publicly open yet)
Detected by OSS-fuzz
Closes #1874
---
lib/rtsp.c | 9 +++++++++
tests/fuzz/curl_fuzz_data/oss-fuzz-3327 | Bin 0 -> 27 bytes
2 files changed, 9 insertions(+)
diff --git a/lib/rtsp.c b/lib/rtsp.c
index 9bd935fd5..4bca11459 100644
--- a/lib/rtsp.c
+++ b/lib/rtsp.c
@@ -756,6 +756,15 @@ CURLcode rtp_client_write(struct connectdata *conn, char
*ptr, size_t len)
}
writeit = data->set.fwrite_rtp?data->set.fwrite_rtp:data->set.fwrite_func;
+
+ if(!data->set.fwrite_rtp && !data->set.is_fwrite_set &&
+ !data->set.rtp_out) {
+ /* if no callback is set for either RTP or default, the default function
+ fwrite() is utilized and that can't handle a NULL input */
+ failf(data, "No destination to default data callback!");
+ return CURLE_WRITE_ERROR;
+ }
+
wrote = writeit(ptr, 1, len, data->set.rtp_out);
if(CURL_WRITEFUNC_PAUSE == wrote) {
diff --git a/tests/fuzz/curl_fuzz_data/oss-fuzz-3327
b/tests/fuzz/curl_fuzz_data/oss-fuzz-3327
new file mode 100644
index 000000000..064cc623a
Binary files /dev/null and b/tests/fuzz/curl_fuzz_data/oss-fuzz-3327 differ
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [gnurl] 182/256: checksrc: verify spaces around equals signs, (continued)
- [GNUnet-SVN] [gnurl] 182/256: checksrc: verify spaces around equals signs, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 209/256: ossfuzz: changes before merging the generated corpora, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 255/256: RELEASE-NOTES: curl 7.56.0, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 232/256: reuse_conn: don't copy flags that are known to be equal, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 186/256: checksrc: verify space after semicolons, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 231/256: curl.h: include <sys/select.h> on cygwin too, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 215/256: mime: rephrase the multipart output state machine (#1898) ..., gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 161/256: vtls: select ssl backend case-insensitive (follow-up), gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 174/256: form API: add new test 650., gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 223/256: ntlm: use strict order for SSL backend #if branches, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 178/256: rtsp: do not call fwrite() with NULL pointer FILE *,
gnunet <=
- [GNUnet-SVN] [gnurl] 169/256: OpenSSL: fix erroneous SSL backend encapsulation, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 80/256: vtls: prepare the SSL backends for encapsulated private data, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 222/256: symbols-in-versions: add CURLSSLSET_NO_BACKENDS, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 248/256: examples: bring back curl_formadd-using examples, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 164/256: SSL: fix unused parameter warnings, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 240/256: test650: Use variable replacement to set the host address and port, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 229/256: tests: adjust .gitignore for new tests, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 147/256: http-proxy: treat all 2xx as CONNECT success, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 201/256: openssl: add missing includes, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 126/256: mime: new MIME API., gnunet, 2017/10/06