[pulseaudio-discuss] [PATCH v2] module-rtp-recv: fix crash on empty UDP packets (CVE-2014-3970)
tanu.kaskinen at linux.intel.com
Fri Jun 6 04:43:05 PDT 2014
On Thu, 2014-06-05 at 22:29 +0600, Alexander E. Patrakov wrote:
> On FIONREAD returning 0 bytes, we cannot return success, as the caller
> (rtpoll_work_cb in module-rtp-recv.c) would then try to
> pa_memblock_unref(chunk.memblock) and, because memblock is NULL, trigger
> an assertion.
> Also we have to read out the possible empty packet from the socket, so
> that the kernel doesn't tell us again and again about it.
> Signed-off-by: Alexander E. Patrakov <patrakov at gmail.com>
> src/modules/rtp/rtp.c | 25 +++++++++++++++++++++++--
> 1 file changed, 23 insertions(+), 2 deletions(-)
More information about the pulseaudio-discuss