mirror of
https://github.com/vanhauser-thc/thc-hydra.git
synced 2025-07-06 04:51:40 -07:00
Fix rtsp module potential buffer overflow
This commit is contained in:
David Maciejak
parent
91825f0fef
commit
4a87be9c48
2 changed files with 6 additions and 5 deletions
1
CHANGES
1
CHANGES
|
|
@ -4,6 +4,7 @@ Changelog for hydra
|
||||||
Release 8.9-dev
|
Release 8.9-dev
|
||||||
* your patch? :)
|
* your patch? :)
|
||||||
* Fix svn module memory leaks
|
* Fix svn module memory leaks
|
||||||
|
* Fix rtsp module potential buffer overflow
|
||||||
|
|
||||||
|
|
||||||
Release 8.9.1
|
Release 8.9.1
|
||||||
|
|
|
||||||
10
hydra-rtsp.c
10
hydra-rtsp.c
|
|
@ -78,7 +78,7 @@ void create_core_packet(int32_t control, char *ip, int32_t port) {
|
||||||
}
|
}
|
||||||
int32_t start_rtsp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
|
int32_t start_rtsp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp) {
|
||||||
char *empty = "";
|
char *empty = "";
|
||||||
char *login, *pass, buffer[500], buffer2[500];
|
char *login, *pass, buffer[1030], buffer2[500];
|
||||||
|
|
||||||
char *lresp;
|
char *lresp;
|
||||||
|
|
||||||
|
|
@ -112,10 +112,10 @@ int32_t start_rtsp(int32_t s, char *ip, int32_t port, unsigned char options, cha
|
||||||
|
|
||||||
if (use_Basic_Auth(lresp) == 1) {
|
if (use_Basic_Auth(lresp) == 1) {
|
||||||
|
|
||||||
sprintf(buffer2, "%.260s:%.260s", login, pass);
|
sprintf(buffer2, "%.249s:%.249s", login, pass);
|
||||||
hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
|
hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2));
|
||||||
|
|
||||||
sprintf(buffer, "%sAuthorization: : Basic %s\r\n\r\n", packet2, buffer2);
|
sprintf(buffer, "%.500sAuthorization: : Basic %.500s\r\n\r\n", packet2, buffer2);
|
||||||
|
|
||||||
if (debug) {
|
if (debug) {
|
||||||
hydra_report(stderr, "C:%s\n", buffer);
|
hydra_report(stderr, "C:%s\n", buffer);
|
||||||
|
|
@ -128,7 +128,7 @@ int32_t start_rtsp(int32_t s, char *ip, int32_t port, unsigned char options, cha
|
||||||
|
|
||||||
char *pbuffer = hydra_strcasestr(lresp, "WWW-Authenticate: Digest ");
|
char *pbuffer = hydra_strcasestr(lresp, "WWW-Authenticate: Digest ");
|
||||||
|
|
||||||
strncpy(aux, pbuffer + strlen("WWW-Authenticate: Digest "), sizeof(buffer));
|
strncpy(aux, pbuffer + strlen("WWW-Authenticate: Digest "), sizeof(aux));
|
||||||
aux[sizeof(aux) - 1] = '\0';
|
aux[sizeof(aux) - 1] = '\0';
|
||||||
#ifdef LIBOPENSSL
|
#ifdef LIBOPENSSL
|
||||||
sasl_digest_md5(dbuf, login, pass, aux, miscptr, "rtsp", hydra_address2string(ip), port, "");
|
sasl_digest_md5(dbuf, login, pass, aux, miscptr, "rtsp", hydra_address2string(ip), port, "");
|
||||||
|
|
@ -141,7 +141,7 @@ int32_t start_rtsp(int32_t s, char *ip, int32_t port, unsigned char options, cha
|
||||||
fprintf(stderr, "[ERROR] digest generation failed\n");
|
fprintf(stderr, "[ERROR] digest generation failed\n");
|
||||||
return 3;
|
return 3;
|
||||||
}
|
}
|
||||||
sprintf(buffer, "%sAuthorization: Digest %s\r\n\r\n", packet2, dbuf);
|
sprintf(buffer, "%.500sAuthorization: Digest %.500s\r\n\r\n", packet2, dbuf);
|
||||||
|
|
||||||
if (debug) {
|
if (debug) {
|
||||||
hydra_report(stderr, "C:%s\n", buffer);
|
hydra_report(stderr, "C:%s\n", buffer);
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue