Skip to content

Commit 8cfd7ca

Browse files
jubertiSean-Der
juberti
authored and
Sean-Der
committed
Add bounds check to Answer generation
sprintf -> snprintf
1 parent d62ee06 commit 8cfd7ca

File tree

3 files changed

+20
-14
lines changed

3 files changed

+20
-14
lines changed

src/main.h

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ void lk_websocket(const char *url, const char *token);
99
void lk_wifi(void);
1010
void lk_init_audio_capture(void);
1111
void lk_init_audio_decoder(void);
12-
void lk_populate_answer(char *answer, int include_audio);
12+
void lk_populate_answer(char *answer, size_t answer_size, int include_audio);
1313
void lk_publisher_peer_connection_task(void *user_data);
1414
void lk_subscriber_peer_connection_task(void *user_data);
1515
void lk_audio_encoder_task(void *arg);

src/webrtc.cpp

Lines changed: 13 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -212,7 +212,7 @@ PeerConnection *lk_create_peer_connection(int isPublisher) {
212212
return peer_connection;
213213
}
214214

215-
static const char *sdp_no_audio =
215+
static const char sdp_no_audio[] =
216216
"v=0\r\n"
217217
"o=- 8611954123959290783 2 IN IP4 127.0.0.1\r\n"
218218
"s=-\r\n"
@@ -228,7 +228,7 @@ static const char *sdp_no_audio =
228228
"%s\r\n" // a=fingeprint
229229
"a=sctp-port:5000\r\n";
230230

231-
static const char *sdp_audio =
231+
static const char sdp_audio[] =
232232
"v=0\r\n"
233233
"o=- 8611954123959290783 2 IN IP4 127.0.0.1\r\n"
234234
"s=-\r\n"
@@ -254,14 +254,18 @@ static const char *sdp_audio =
254254
"%s\r\n" // a=fingeprint
255255
"a=recvonly\r\n";
256256

257-
void lk_populate_answer(char *answer, int include_audio) {
257+
void lk_populate_answer(char *answer, size_t answer_size, int include_audio) {
258+
size_t ret = 0;
258259
if (include_audio) {
259-
sprintf(answer, sdp_audio, subscriber_answer_ice_ufrag,
260-
subscriber_answer_ice_pwd, subscriber_answer_fingerprint,
261-
subscriber_answer_ice_ufrag, subscriber_answer_ice_pwd,
262-
subscriber_answer_fingerprint);
260+
ret = snprintf(answer, answer_size, sdp_audio, subscriber_answer_ice_ufrag,
261+
subscriber_answer_ice_pwd, subscriber_answer_fingerprint,
262+
subscriber_answer_ice_ufrag, subscriber_answer_ice_pwd,
263+
subscriber_answer_fingerprint);
263264
} else {
264-
sprintf(answer, sdp_no_audio, subscriber_answer_ice_ufrag,
265-
subscriber_answer_ice_pwd, subscriber_answer_fingerprint);
265+
ret =
266+
snprintf(answer, answer_size, sdp_no_audio, subscriber_answer_ice_ufrag,
267+
subscriber_answer_ice_pwd, subscriber_answer_fingerprint);
266268
}
269+
270+
assert(ret < answer_size);
267271
}

src/websocket.cpp

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -131,11 +131,12 @@ void lk_websocket_handle_livekit_response(Livekit__SignalResponse *packet) {
131131
candidate_obj->valuestring);
132132
if (xSemaphoreTake(g_mutex, portMAX_DELAY) == pdTRUE) {
133133
if (ice_candidate_buffer != NULL) {
134-
xSemaphoreGive(g_mutex);
135-
return;
134+
ESP_LOGI(LOG_TAG, "ice_candidate_buffer is not NULL");
135+
} else {
136+
ESP_LOGI(LOG_TAG, "buffering ICE candidate");
137+
ice_candidate_buffer = strdup(candidate_obj->valuestring);
136138
}
137139

138-
ice_candidate_buffer = strdup(candidate_obj->valuestring);
139140
xSemaphoreGive(g_mutex);
140141
}
141142

@@ -354,7 +355,8 @@ void lk_websocket(const char *room_url, const char *token) {
354355
Livekit__SignalRequest r = LIVEKIT__SIGNAL_REQUEST__INIT;
355356
Livekit__SessionDescription s = LIVEKIT__SESSION_DESCRIPTION__INIT;
356357

357-
lk_populate_answer(answer_buffer, subscriber_status == 2);
358+
lk_populate_answer(answer_buffer, ANSWER_BUFFER_SIZE,
359+
subscriber_status == 2);
358360
s.sdp = answer_buffer;
359361
s.type = (char *)SDP_TYPE_ANSWER;
360362
r.answer = &s;

0 commit comments

Comments
 (0)