From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTPS id EB4B84DE5F for ; Tue, 6 Jan 2026 12:52:48 +0000 (UTC) Authentication-Results: ffbox; dkim=fail (body hash mismatch (got b'lkWSvNrpB85SScRQEHADeQx2QIl3NTG6nAS4L2tFfnQ=', expected b'K6/3QP0zEUQAi8FM/TntCnIRfs/yLRzGfBGjdkiDPhA=')) header.d=ffmpeg.org header.i=@ffmpeg.org header.a=rsa-sha256 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org; i=@ffmpeg.org; q=dns/txt; s=mail; t=1767703959; h=mime-version : to : date : message-id : reply-to : subject : list-id : list-archive : list-archive : list-help : list-owner : list-post : list-subscribe : list-unsubscribe : from : cc : content-type : content-transfer-encoding : from; bh=lkWSvNrpB85SScRQEHADeQx2QIl3NTG6nAS4L2tFfnQ=; b=Sq7vW2cOX6SxixMnms294JNqXLMvdcJqAsFiBEhCo82yg9UhCXsXlZ98bUKyvelZDLnRD Mn0DSW+5bSeft4Mvq+MeOIzz69Y8FQ9ZhCSojkzo4PNFssrjwDowlyE3ZvMHvRzzwSLwVh1 ytyr3OhO+447S9RHRQQSIg1Kg1feyBgU6dTUBvC/Ai6Ra8+tRGipTrIFvG9kJoy2hymmzGT 7gR7aAHbqRm0yWeIScmVDQmNfu+zLmKUvJeVKTgl3FjtJbvEfl22n2yYq0LN44S2pg2Pr1x ayLK9JGb4Z/rQP7tCq9InBx4HbrgVZItDMWuRRG3+YiMLF0F2JKglQIzesXg== Received: from [172.20.0.4] (unknown [172.20.0.4]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id 3E54B690D3F; Tue, 6 Jan 2026 14:52:39 +0200 (EET) ARC-Seal: i=1; cv=none; a=rsa-sha256; d=ffmpeg.org; s=arc; t=1767703939; b=X62C4BPeH/nGkF/TfVCoR2So8AX8yvl5C1TTcYfCTgfmQfR7ayqb8hPP0P/pMxTqRn6+/ wpvOGd+Vps1hzu0YqMM+YxAVxLKbNUEjbOen/z5nkEIukcRbwOCmHjZjhU7BI63+YbK0w5S 2Nr1UvcBWUTAmsiR1HOehMFvG0lwAnW8s69inJiCsD2GND3Mc4mfhPtMl4a2nNsl4rNuELh esv2lIXFrvwCCmAbKLrj8dOBFdXdMAkJFP82DJRDGbVovCrHCCj2O3ALG/wgHpcU7Gx4Mg5 b5wWIpMbpdUQvH3BlEdWHN9WuoScffYeoEYh6VwFqtbiHlza2KgYrKt53d5w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=ffmpeg.org; s=arc; t=1767703939; h=from : sender : reply-to : subject : date : message-id : to : cc : mime-version : content-type : content-transfer-encoding : content-id : content-description : resent-date : resent-from : resent-sender : resent-to : resent-cc : resent-message-id : in-reply-to : references : list-id : list-help : list-unsubscribe : list-subscribe : list-post : list-owner : list-archive; bh=87gP+psv/slp47BSjJoG0XNrE+CbMMX5kYt/papFSeg=; b=qhE9ulJOeNbSkSe/swu5Z+LLMkQbNtgmQRPtDdjiaomPGX42uQ/Upx4SC//iV07/x5OyC /9EoJL/YIyevLBg0zdJQpRNpX63mz7fs9sKa2ExV24x6c+GE7B8iIKCW9H0OnzxLLuX6sNt 9InwS0ywHejOwUQLXGQuFeotEDll50ap3TgUpvb4+wnv5AOFyZzzANGWo9Ph/Gjr/jVwl1I zZjAHhGElgGHh0ISFAm3dcQtZB22FqIPiazz4Mb+LWmUIL0zFiutjOburGO5agSdfZxzkmT KcB9V7msnbWB8pasuYEYSjXtESEqZNcSN9IidKDRAjfhXFAxWiEBU7r6VXJQ== ARC-Authentication-Results: i=1; ffmpeg.org; dkim=pass header.d=ffmpeg.org header.i=@ffmpeg.org; arc=none; dmarc=pass header.from=ffmpeg.org policy.dmarc=quarantine Authentication-Results: ffmpeg.org; dkim=pass header.d=ffmpeg.org header.i=@ffmpeg.org; arc=none (Message is not ARC signed); dmarc=pass (Used From Domain Record) header.from=ffmpeg.org policy.dmarc=quarantine DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org; i=@ffmpeg.org; q=dns/txt; s=mail; t=1767703932; h=content-type : mime-version : content-transfer-encoding : from : to : reply-to : subject : date : from; bh=K6/3QP0zEUQAi8FM/TntCnIRfs/yLRzGfBGjdkiDPhA=; b=T1lh0CyIMNbusfymQjFGs2qie+5vfsvMckdezrd16S2ssxJ8j622q3SQsaPUzZx+dbEZm H24ZkgHN5s4GHtM9mh/yJvWmw4Nj6+YeeVlD20eXSVGaa3pwjQ8rDtzU34GrX9uXyslJ/aZ iLnWNHxaDOD7sX9uXnjQRz86dOoZggtXsXTxBw1SiRpERg6FV4rRAv52gC906Lh17eVfBoT FgKre8WL7fzHdl1qAjwzKdmWZo/gcF2Worr6O9PMhu2i/6IXPt8THs5wOsQAYZDA6UQhMaC 6uoFYVUaYzKmRmfeIWKeZOylyc1eS0KAa4zFzFrpF9XCrV89MSQkYBIT6PWw== Received: from de3a2b3407a2 (code.ffmpeg.org [188.245.149.3]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id 8CED06903B1 for ; Tue, 6 Jan 2026 14:52:12 +0200 (EET) MIME-Version: 1.0 To: ffmpeg-devel@ffmpeg.org Date: Tue, 06 Jan 2026 12:52:12 -0000 Message-ID: <176770393273.25.4675216318011519321@4457048688e7> Message-ID-Hash: TKHGOYAMYUDSSBGXZSQSHFB4LBPZ7DB7 X-Message-ID-Hash: TKHGOYAMYUDSSBGXZSQSHFB4LBPZ7DB7 X-MailFrom: code@ffmpeg.org X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-ffmpeg-devel.ffmpeg.org-0; header-match-ffmpeg-devel.ffmpeg.org-1; header-match-ffmpeg-devel.ffmpeg.org-2; header-match-ffmpeg-devel.ffmpeg.org-3; emergency; member-moderation X-Mailman-Version: 3.3.10 Precedence: list Reply-To: FFmpeg development discussions and patches Subject: [FFmpeg-devel] [PR] libavformat/http: reject HTTP header lines exceeding buffer size (PR #21392) List-Id: FFmpeg development discussions and patches Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: rcx86 via ffmpeg-devel Cc: rcx86 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Archived-At: List-Archive: List-Post: PR #21392 opened by rcx86 URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21392 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21392.patch Overly long HTTP header lines were silently truncated. A malicious server could exploit this to cause parsing issues or other unexpected behavior. >>From a58623aef1677fdab028010325cfbb247c78d648 Mon Sep 17 00:00:00 2001 From: HACKE-RC <60568652+HACKE-RC@users.noreply.github.com> Date: Mon, 29 Dec 2025 22:19:59 +0530 Subject: [PATCH] libavformat/http: reject HTTP header lines exceeding buffer size Overly long HTTP header lines were silently truncated. A malicious server could exploit this to cause parsing issues or other unexpected behavior. --- libavformat/http.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/libavformat/http.c b/libavformat/http.c index bd25a45636..422b1ecec5 100644 --- a/libavformat/http.c +++ b/libavformat/http.c @@ -827,6 +827,7 @@ static int http_get_line(HTTPContext *s, char *line, int line_size) { int ch; char *q; + int too_long = 0; q = line; for (;;) { @@ -839,10 +840,20 @@ static int http_get_line(HTTPContext *s, char *line, int line_size) q--; *q = '\0'; + if (too_long) { + av_log(s, AV_LOG_ERROR, + "HTTP header line exceeds buffer size (%d); rejecting\n", + line_size); + return AVERROR_INVALIDDATA; + } + return 0; } else { - if ((q - line) < line_size - 1) + if ((q - line) < line_size - 1) { *q++ = ch; + } else { + too_long = 1; + } } } } @@ -1659,7 +1670,8 @@ static int http_buf_read(URLContext *h, uint8_t *buf, int size) s->chunksize); if (!s->chunksize && s->multiple_requests) { - http_get_line(s, line, sizeof(line)); // read empty chunk + if ((err = http_get_line(s, line, sizeof(line))) < 0) + return err; s->chunkend = 1; return 0; } -- 2.49.1 _______________________________________________ ffmpeg-devel mailing list -- ffmpeg-devel@ffmpeg.org To unsubscribe send an email to ffmpeg-devel-leave@ffmpeg.org