mirror of
https://gitlab.xiph.org/xiph/icecast-server.git
synced 2024-09-22 04:15:54 -04:00
Fix: Worked around buffer overflows in URL auth's cURL interface
This is only a workaround that keeps compatibility with 2.4.x mainline. A real fix has been implemented in 2.5.x (master).
This commit is contained in:
parent
e49086aaf6
commit
03ea74c04a
@ -141,34 +141,52 @@ static int my_getpass(void *client, char *prompt, char *buffer, int buflen)
|
||||
static size_t handle_returned_header (void *ptr, size_t size, size_t nmemb, void *stream)
|
||||
{
|
||||
auth_client *auth_user = stream;
|
||||
size_t bytes = size * nmemb;
|
||||
size_t len = size * nmemb;
|
||||
client_t *client = auth_user->client;
|
||||
|
||||
if (client)
|
||||
{
|
||||
if (client) {
|
||||
auth_t *auth = client->auth;
|
||||
auth_url *url = auth->state;
|
||||
if (strncasecmp (ptr, url->auth_header, url->auth_header_len) == 0)
|
||||
|
||||
if (url->auth_header && len >= url->auth_header_len && strncasecmp(ptr, url->auth_header, url->auth_header_len) == 0)
|
||||
client->authenticated = 1;
|
||||
if (strncasecmp (ptr, url->timelimit_header, url->timelimit_header_len) == 0)
|
||||
{
|
||||
|
||||
if (url->timelimit_header && len > url->timelimit_header_len && strncasecmp(ptr, url->timelimit_header, url->timelimit_header_len) == 0) {
|
||||
const char *input = ptr;
|
||||
unsigned int limit = 0;
|
||||
sscanf ((char *)ptr+url->timelimit_header_len, "%u\r\n", &limit);
|
||||
client->con->discon_time = time(NULL) + limit;
|
||||
|
||||
if (len >= 2 && input[len - 2] == '\r' && input[len - 1] == '\n') {
|
||||
input += url->timelimit_header_len;
|
||||
|
||||
if (sscanf(input, "%u\r\n", &limit) == 1) {
|
||||
client->con->discon_time = time(NULL) + limit;
|
||||
} else {
|
||||
ICECAST_LOG_ERROR("Auth backend returned invalid timeline header: Can not parse limit");
|
||||
}
|
||||
} else {
|
||||
ICECAST_LOG_ERROR("Auth backend returned invalid timelimit header.");
|
||||
}
|
||||
}
|
||||
if (strncasecmp (ptr, "icecast-auth-message: ", 22) == 0)
|
||||
{
|
||||
char *eol;
|
||||
snprintf (url->errormsg, sizeof (url->errormsg), "%s", (char*)ptr+22);
|
||||
eol = strchr (url->errormsg, '\r');
|
||||
if (eol == NULL)
|
||||
eol = strchr (url->errormsg, '\n');
|
||||
if (eol)
|
||||
*eol = '\0';
|
||||
|
||||
if (len > 24 && strncasecmp(ptr, "icecast-auth-message: ", 22) == 0) {
|
||||
const char *input = ptr;
|
||||
size_t copy_len = len - 24 + 1; /* length of string plus \0-termination */
|
||||
|
||||
if (copy_len > sizeof(url->errormsg)) {
|
||||
copy_len = sizeof(url->errormsg);
|
||||
}
|
||||
|
||||
if (len >= 2 && input[len - 2] == '\r' && input[len - 1] == '\n') {
|
||||
input += 22;
|
||||
memcpy(url->errormsg, input, copy_len);
|
||||
url->errormsg[copy_len-1] = 0;
|
||||
} else {
|
||||
ICECAST_LOG_ERROR("Auth backend returned invalid message header.");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return bytes;
|
||||
return len;
|
||||
}
|
||||
|
||||
/* capture returned data, but don't do anything with it */
|
||||
|
Loading…
Reference in New Issue
Block a user