Skip to content

GitLab

  • Menu
Projects Groups Snippets
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • gst-rtsp-server gst-rtsp-server
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 92
    • Issues 92
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 10
    • Merge requests 10
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Packages & Registries
    • Packages & Registries
    • Container Registry
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • GStreamer
  • gst-rtsp-servergst-rtsp-server
  • Merge requests
  • !111

Merged
Created Mar 23, 2020 by Sebastian Dröge@slomo🍵Owner

rtsp-auth: Fix NULL pointer dereference when handling an invalid basic Authorization header

  • Overview 4
  • Commits 1
  • Pipelines 2
  • Changes 1

When using the basic authentication scheme, we wouldn't validate that the authorization field of the credentials is not NULL and pass it on to g_hash_table_lookup(). g_str_hash() however is not NULL-safe and will dereference the NULL pointer and crash. A specially crafted (read: invalid) RTSP header can cause this to happen.

As a solution, check for the authorization to be not NULL before continuing processing it and if it is simply fail authentication.

This fixes CVE-2020-6095 and TALOS-2020-1018.

Discovered by Peter Wang of Cisco ASIG.

Assignee
Assign to
Reviewer
Request review from
Time tracking
Source branch: rtsp-auth-basic-crash