From b424ad303dafbdb63b1833fe01248e93fddc931e Mon Sep 17 00:00:00 2001 From: William King Date: Wed, 22 May 2013 12:38:15 -0700 Subject: [PATCH] FS-5440: don't assert on bad input rtmp data --- src/mod/endpoints/mod_rtmp/rtmp.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/src/mod/endpoints/mod_rtmp/rtmp.c b/src/mod/endpoints/mod_rtmp/rtmp.c index 3bf2876059..74e7b95ae8 100644 --- a/src/mod/endpoints/mod_rtmp/rtmp.c +++ b/src/mod/endpoints/mod_rtmp/rtmp.c @@ -794,7 +794,10 @@ switch_status_t rtmp_handle_data(rtmp_session_t *rsession) readbuf += (rsession->hdrsize - 1) - s; } - switch_assert(s < 12 && s > 0); /** XXX **/ + if ( !(s < 12 && s > 0) ) { /** XXX **/ + switch_log_printf(SWITCH_CHANNEL_UUID_LOG(rsession->uuid), SWITCH_LOG_NOTICE, "Protocol error: Invalid header size\n"); + return SWITCH_STATUS_FALSE; + } if (rsession->profile->io->read(rsession, readbuf, &s) != SWITCH_STATUS_SUCCESS) { switch_log_printf(SWITCH_CHANNEL_UUID_LOG(rsession->uuid), SWITCH_LOG_NOTICE, "Disconnected from flash client\n"); @@ -875,8 +878,11 @@ switch_status_t rtmp_handle_data(rtmp_session_t *rsession) switch_log_printf(SWITCH_CHANNEL_UUID_LOG(rsession->uuid), SWITCH_LOG_ERROR, "Protocol error: exceeding max AMF packet size\n"); return SWITCH_STATUS_FALSE; } - - switch_assert(s <= rsession->in_chunksize); + + if (s > rsession->in_chunksize) { + switch_log_printf(SWITCH_CHANNEL_UUID_LOG(rsession->uuid), SWITCH_LOG_ERROR, "Protocol error: invalid chunksize\n"); + return SWITCH_STATUS_FALSE; + } if (rsession->profile->io->read(rsession, state->buf + state->buf_pos, &s) != SWITCH_STATUS_SUCCESS) { switch_log_printf(SWITCH_CHANNEL_UUID_LOG(rsession->uuid), SWITCH_LOG_NOTICE, "Disconnected from flash client\n");