projects
/
ffmpeg.git
/ commitdiff
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
246d6b3
)
avformat/icecast: reject CR/LF in metadata header values
author
Franciszek Kalinowski
<franek.kalinowski@isec.pl>
Tue, 19 May 2026 07:43:54 +0000
(09:43 +0200)
committer
Michael Niedermayer
<michael@niedermayer.cc>
Thu, 18 Jun 2026 02:03:04 +0000
(
04:03
+0200)
Reported by Franciszek Kalinowski (isec.pl / striga.ai) and Bartosz Smigielski.
(cherry picked from commit
99e1ecca36455689c0c417a02ca36cd5b6e2346d
)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
libavformat/icecast.c
patch
|
blob
|
history
diff --git
a/libavformat/icecast.c
b/libavformat/icecast.c
index 3146d7f38426679b9cdb23ece1aca03536c44d0b..323d330e422955089abfe859e0bf5e5d1cb20d22 100644
(file)
--- a/
libavformat/icecast.c
+++ b/
libavformat/icecast.c
@@
-70,8
+70,14
@@
static const AVOption options[] = {
static void cat_header(AVBPrint *bp, const char key[], const char value[])
{
- if (NOT_EMPTY(value))
+ if (NOT_EMPTY(value)) {
+ if (strpbrk(value, "\r\n")) {
+ av_log(NULL, AV_LOG_ERROR,
+ "Refusing to send '%s' header: value contains CR/LF\n", key);
+ return;
+ }
av_bprintf(bp, "%s: %s\r\n", key, value);
+ }
}
static int icecast_close(URLContext *h)