1
0
mirror of https://gitlab.xiph.org/xiph/icecast-server.git synced 2024-12-04 14:46:30 -05:00

Allow the source password to be undefined.

This is to avoid falling back to a default password which may open security holes.

svn path=/icecast/trunk/icecast/; revision=18125
This commit is contained in:
Philipp Schafft 2011-11-25 21:24:28 +00:00
parent 99788838ac
commit 530b78d7a1
4 changed files with 24 additions and 2 deletions

View File

@ -2,3 +2,5 @@ Jack Moffitt <jack@icecast.org>
Michael Smith <msmith@icecast.org> Michael Smith <msmith@icecast.org>
oddsock <oddsock@xiph.org> oddsock <oddsock@xiph.org>
Karl Heyes <karl@xiph.org> Karl Heyes <karl@xiph.org>
Philipp "ph3-der-loewe" Schafft <lion@lion.leolix.org>
Thomas B. "dm8tbr" Ruecker <thomas.rucker@tieto.com>

View File

@ -1,3 +1,15 @@
2011-11-25 21:20 ph3-der-loewe
* trunk/icecast/AUTHORS, trunk/icecast/src/cfgfile.c.
trunk/icecast/src/connection.c: Allow the source password
to be undefined. This is to avoid falling back to a default
password which may open security holes.
----------------------------------------------------------------------
Everything above is post 2.3.2. The stuff below is incomplete.
The time zone above is UTC, the time zone below is unknown.
ph3-der-loewe, Fri Nov 25 21:20:58 UTC 2011
----------------------------------------------------------------------
2005-11-29 03:06 karl 2005-11-29 03:06 karl
* trunk/icecast/src/auth_url.c: update for authentication header * trunk/icecast/src/auth_url.c: update for authentication header

View File

@ -8,6 +8,8 @@
* oddsock <oddsock@xiph.org>, * oddsock <oddsock@xiph.org>,
* Karl Heyes <karl@xiph.org> * Karl Heyes <karl@xiph.org>
* and others (see AUTHORS for details). * and others (see AUTHORS for details).
* Copyright 2011, Philipp "ph3-der-loewe" Schafft <lion@lion.leolix.org>,
Thomas B. "dm8tbr" Ruecker <thomas.rucker@tieto.com>.
*/ */
#ifdef HAVE_CONFIG_H #ifdef HAVE_CONFIG_H

View File

@ -8,6 +8,7 @@
* oddsock <oddsock@xiph.org>, * oddsock <oddsock@xiph.org>,
* Karl Heyes <karl@xiph.org> * Karl Heyes <karl@xiph.org>
* and others (see AUTHORS for details). * and others (see AUTHORS for details).
* Copyright 2011, Philipp "ph3-der-loewe" Schafft <lion@lion.leolix.org>
*/ */
/* -*- c-basic-offset: 4; indent-tabs-mode: nil; -*- */ /* -*- c-basic-offset: 4; indent-tabs-mode: nil; -*- */
@ -1168,7 +1169,12 @@ static void _handle_shoutcast_compatible (client_queue_t *node)
if (mountinfo && mountinfo->password) if (mountinfo && mountinfo->password)
source_password = strdup (mountinfo->password); source_password = strdup (mountinfo->password);
else else
{
if (config->source_password)
source_password = strdup (config->source_password); source_password = strdup (config->source_password);
else
source_password = NULL;
}
config_release_config(); config_release_config();
/* Get rid of trailing \r\n or \n after password */ /* Get rid of trailing \r\n or \n after password */
@ -1198,7 +1204,7 @@ static void _handle_shoutcast_compatible (client_queue_t *node)
} }
*ptr = '\0'; *ptr = '\0';
if (strcmp (client->refbuf->data, source_password) == 0) if (source_password && strcmp (client->refbuf->data, source_password) == 0)
{ {
client->respcode = 200; client->respcode = 200;
/* send this non-blocking but if there is only a partial write /* send this non-blocking but if there is only a partial write