Skip to content

Sanitize AMF packet input#388

Merged
mondain merged 1 commit intoRed5:mainfrom
kdkd:cherry-pick-a449f7b-20251126-121630
Nov 26, 2025
Merged

Sanitize AMF packet input#388
mondain merged 1 commit intoRed5:mainfrom
kdkd:cherry-pick-a449f7b-20251126-121630

Conversation

@kdkd
Copy link
Copy Markdown

@kdkd kdkd commented Nov 26, 2025

Cherry-picked commits

Commit a449f7b

Additional sanity checks on AMF packets.

AMF decided to allow negative length strings and arrays. If the client
tries these shenanigans, just treat it as a 0 length object instead of
believing them.

Add a few checks to make sure we aren't reading past the end of the packet
if it ends too early.

Also don't let a client claim it's going to send a 2 billion arrays to
trick us into allocation 2 billion items to store them in.

Additional sanity checks on AMF packets.
a410890 
AMF decided to allow negative length strings and arrays.  If the client
tries these shenanigans, just treat it as a 0 length object instead of
believing them.

Add a few checks to make sure we aren't reading past the end of the packet
if it ends too early.

Also don't let a client claim it's going to send a 2 billion arrays to
trick us into allocation 2 billion items to store them in.
@chushiyun2015

This comment was marked as spam.

Sign in to view
@mondain mondain merged commit 54ff1fb into Red5:main Nov 26, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mondain mondain mondain approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kdkd @chushiyun2015 @mondain