Fix: Fixed bufferoverflow within url_add_client()

This can be trigged by:
* overly long username,
* overly long password,
* overly long user agent string,
* overly long path.

src/auth_url.c

@@ -343,6 +343,7 @@ static auth_result url_remove_client(auth_client *auth_user)
     const char     *agent;
     char           *user_agent,
                    *ipaddr;
+    int             ret;
 
     if (url->removeurl == NULL)
         return AUTH_OK;
@@ -378,7 +379,7 @@ static auth_result url_remove_client(auth_client *auth_user)
     mount = util_url_escape(mountreq);
     ipaddr = util_url_escape(client->con->ip);
 
-    snprintf(post, sizeof (post),
+    ret = snprintf(post, sizeof(post),
             "action=%s&server=%s&port=%d&client=%lu&mount=%s"
             "&user=%s&pass=%s&duration=%lu&ip=%s&agent=%s",
             url->removeaction, /* already escaped */
@@ -392,6 +393,12 @@ static auth_result url_remove_client(auth_client *auth_user)
     free(ipaddr);
     free(user_agent);
 
+    if (ret <= 0 || ret >= (ssize_t)sizeof(post)) {
+        ICECAST_LOG_ERROR("Authentication failed for client %p as header POST data is too long.", client);
+        auth_user_url_clear(auth_user);
+        return AUTH_FAILED;
+    }
+
     if (strchr (url->removeurl, '@') == NULL) {
         if (url->userpwd) {
             curl_easy_setopt(url->handle, CURLOPT_USERPWD, url->userpwd);
@@ -499,6 +506,13 @@ static auth_result url_add_client(auth_client *auth_user)
     free(password);
     free(ipaddr);
 
+
+    if (post_offset <= 0 || post_offset >= (ssize_t)sizeof(post)) {
+        ICECAST_LOG_ERROR("Authentication failed for client %p as header POST data is too long.", client);
+        auth_user_url_clear(auth_user);
+        return AUTH_FAILED;
+    }
+
     pass_headers = NULL;
     if (url->pass_headers)
         pass_headers = strdup(url->pass_headers);