From 315c2f93bb3bd17514dd20fb269684dc2c23ee4d Mon Sep 17 00:00:00 2001
From: Jan Schmidt <jan@centricular.com>
Date: Fri, 4 Sep 2015 11:23:43 +1000
Subject: rtsp-media: Don't crash on encrypted RTX SDP

In parse_keymgmt(), don't mutate the input string that's been passed
as const, especially since we might need the original value again if
the same key info applies to multiple streams (RTX, for example).

https://bugzilla.gnome.org/show_bug.cgi?id=754753
---
 gst/rtsp-server/rtsp-media.c | 28 +++++++++++++++++++---------
 1 file changed, 19 insertions(+), 9 deletions(-)

diff --git a/gst/rtsp-server/rtsp-media.c b/gst/rtsp-server/rtsp-media.c
index 2483504a4d..adccff920a 100644
--- a/gst/rtsp-server/rtsp-media.c
+++ b/gst/rtsp-server/rtsp-media.c
@@ -3356,7 +3356,6 @@ static gboolean
 parse_keymgmt (const gchar * keymgmt, GstCaps * caps)
 {
   gboolean res = FALSE;
-  gchar *p, *kmpid;
   gsize size;
   guchar *data;
   GstMIKEYMessage *msg;
@@ -3364,17 +3363,28 @@ parse_keymgmt (const gchar * keymgmt, GstCaps * caps)
   const gchar *srtp_cipher;
   const gchar *srtp_auth;
 
-  p = (gchar *) keymgmt;
+  {
+    gchar *orig_value;
+    gchar *p, *kmpid;
 
-  SKIP_SPACES (p);
-  if (*p == '\0')
-    return FALSE;
+    p = orig_value = g_strdup (keymgmt);
 
-  PARSE_STRING (p, " ", kmpid);
-  if (!g_str_equal (kmpid, "mikey"))
-    return FALSE;
+    SKIP_SPACES (p);
+    if (*p == '\0') {
+      g_free (orig_value);
+      return FALSE;
+    }
+
+    PARSE_STRING (p, " ", kmpid);
+    if (kmpid == NULL || !g_str_equal (kmpid, "mikey")) {
+      g_free (orig_value);
+      return FALSE;
+    }
+    data = g_base64_decode (p, &size);
+
+    g_free (orig_value);        /* Don't need this any more */
+  }
 
-  data = g_base64_decode (p, &size);
   if (data == NULL)
     return FALSE;
 
-- 
cgit v1.2.3-70-g09d2