Fix #1445, limit the createStream recursive depth. 3.0.70

ossrs · Dec 11, 2019 · 4f29813 · 4f29813
1 parent 41a9f15
commit 4f29813
Show file tree

Hide file tree

Showing 7 changed files with 327 additions and 9 deletions.
diff --git a/README.md b/README.md
@@ -145,6 +145,7 @@ For previous versions, please read:
 
 ## V3 changes
 
+* v3.0, 2019-12-11, Fix [#1445][bug #1445], limit the createStream recursive depth. 3.0.70
 * v3.0, 2019-12-11, For [#1042][bug #1042], cover RTMP handshake protocol.
 * v3.0, 2019-12-11, Fix [#1229][bug #1229], fix the security risk in logger. 3.0.69
 * v3.0, 2019-12-11, For [#1229][bug #1229], fix the security risk in HDS. 3.0.69
@@ -1515,6 +1516,7 @@ Winlin
 [bug #1501]: https://github.com/ossrs/srs/issues/1501
 [bug #1229]: https://github.com/ossrs/srs/issues/1229
 [bug #1042]: https://github.com/ossrs/srs/issues/1042
+[bug #1445]: https://github.com/ossrs/srs/issues/1445
 [bug #xxxxxxxxxxxxx]: https://github.com/ossrs/srs/issues/xxxxxxxxxxxxx
 
 [exo #828]: https://github.com/google/ExoPlayer/pull/828

diff --git a/trunk/src/core/srs_core.hpp b/trunk/src/core/srs_core.hpp
@@ -27,7 +27,7 @@
 // The version config.
 #define VERSION_MAJOR       3
 #define VERSION_MINOR       0
-#define VERSION_REVISION    69
+#define VERSION_REVISION    70
 
 // The macros generated by configure script.
 #include <srs_auto_headers.hpp>

diff --git a/trunk/src/kernel/srs_kernel_error.hpp b/trunk/src/kernel/srs_kernel_error.hpp
@@ -177,7 +177,8 @@
 #define ERROR_HTTP_HIJACK                   2052
 #define ERROR_RTMP_MESSAGE_CREATE           2053
 #define ERROR_RTMP_PROXY_EXCEED             2054
-//                                           
+#define ERROR_RTMP_CREATE_STREAM_DEPTH      2055
+//
 // The system control message,
 // It's not an error, but special control logic.
 //

diff --git a/trunk/src/protocol/srs_protocol_utility.cpp b/trunk/src/protocol/srs_protocol_utility.cpp
@@ -200,9 +200,9 @@ string srs_generate_stream_with_query(string host, string vhost, string stream,
 
     // Remove the start & when param is empty.
     srs_string_trim_start(query, "&");
-    
+
     // Prefix query with ?.
-    if (!srs_string_starts_with(query, "?")) {
+    if (!query.empty() && !srs_string_starts_with(query, "?")) {
         url += "?";
     }
 

diff --git a/trunk/src/protocol/srs_rtmp_stack.cpp b/trunk/src/protocol/srs_rtmp_stack.cpp
@@ -2538,7 +2538,7 @@ srs_error_t SrsRtmpServer::identify_client(int stream_id, SrsRtmpConnType& type,
         SrsAutoFree(SrsPacket, pkt);
 
         if (dynamic_cast<SrsCreateStreamPacket*>(pkt)) {
-            return identify_create_stream_client(dynamic_cast<SrsCreateStreamPacket*>(pkt), stream_id, type, stream_name, duration);
+            return identify_create_stream_client(dynamic_cast<SrsCreateStreamPacket*>(pkt), stream_id, 3, type, stream_name, duration);
         }
         if (dynamic_cast<SrsFMLEStartPacket*>(pkt)) {
             return identify_fmle_publish_client(dynamic_cast<SrsFMLEStartPacket*>(pkt), type, stream_name);
@@ -2909,9 +2909,13 @@ srs_error_t SrsRtmpServer::start_flash_publish(int stream_id)
     return err;
 }
 
-srs_error_t SrsRtmpServer::identify_create_stream_client(SrsCreateStreamPacket* req, int stream_id, SrsRtmpConnType& type, string& stream_name, srs_utime_t& duration)
+srs_error_t SrsRtmpServer::identify_create_stream_client(SrsCreateStreamPacket* req, int stream_id, int depth, SrsRtmpConnType& type, string& stream_name, srs_utime_t& duration)
 {
     srs_error_t err = srs_success;
+
+    if (depth <= 0) {
+        return srs_error_new(ERROR_RTMP_CREATE_STREAM_DEPTH, "create stream recursive depth");
+    }
 
     if (true) {
         SrsCreateStreamResPacket* pkt = new SrsCreateStreamResPacket(req->transaction_id, stream_id);
@@ -2952,7 +2956,7 @@ srs_error_t SrsRtmpServer::identify_create_stream_client(SrsCreateStreamPacket*
             return identify_flash_publish_client(dynamic_cast<SrsPublishPacket*>(pkt), type, stream_name);
         }
         if (dynamic_cast<SrsCreateStreamPacket*>(pkt)) {
-            return identify_create_stream_client(dynamic_cast<SrsCreateStreamPacket*>(pkt), stream_id, type, stream_name, duration);
+            return identify_create_stream_client(dynamic_cast<SrsCreateStreamPacket*>(pkt), stream_id, depth-1, type, stream_name, duration);
         }
         if (dynamic_cast<SrsFMLEStartPacket*>(pkt)) {
             return identify_haivision_publish_client(dynamic_cast<SrsFMLEStartPacket*>(pkt), type, stream_name);

diff --git a/trunk/src/protocol/srs_rtmp_stack.hpp b/trunk/src/protocol/srs_rtmp_stack.hpp
@@ -775,7 +775,7 @@ class SrsRtmpServer
         return protocol->expect_message<T>(pmsg, ppacket);
     }
 private:
-    virtual srs_error_t identify_create_stream_client(SrsCreateStreamPacket* req, int stream_id, SrsRtmpConnType& type, std::string& stream_name, srs_utime_t& duration);
+    virtual srs_error_t identify_create_stream_client(SrsCreateStreamPacket* req, int stream_id, int depth, SrsRtmpConnType& type, std::string& stream_name, srs_utime_t& duration);
     virtual srs_error_t identify_fmle_publish_client(SrsFMLEStartPacket* req, SrsRtmpConnType& type, std::string& stream_name);
     virtual srs_error_t identify_haivision_publish_client(SrsFMLEStartPacket* req, SrsRtmpConnType& type, std::string& stream_name);
     virtual srs_error_t identify_flash_publish_client(SrsPublishPacket* req, SrsRtmpConnType& type, std::string& stream_name);