1
0
mirror of https://gitlab.xiph.org/xiph/icecast-server.git synced 2024-12-04 14:46:30 -05:00
Commit Graph

1957 Commits

Author SHA1 Message Date
Philipp Schafft
6e2773a43d Merged update for file extension check
Closes: #2248
2016-03-27 18:09:53 +00:00
Philipp Schafft
c8f565b030 Update: SECURITY File extension check for trailing characters
This changes the file extension check in a way that it no longer
ignores trailing characters. This significantly reduces the risk
for false positives while matching. However this invalidates old
setups with files like foo.xsl3. However I have never files like
that in the wild.

This is based on the patch privided by ePirat in ticket #2248.

See: #2248
2016-03-27 17:51:59 +00:00
Philipp Schafft
805084ccd1 Merge branch 'webm-stuff' 2016-03-27 17:23:46 +00:00
Joseph Wallace
a2cac3ee93 Make ebml_parse_tag return tag ID code
(applying lessons learned from libshout)
2016-03-27 12:29:23 -04:00
Joseph Wallace
a218055158 Move tag-parsing bail conditions to top for clarity. 2016-03-27 12:29:23 -04:00
Joseph Wallace
78293f0485 Delete some debugging comments. 2016-03-27 12:29:06 -04:00
Joseph Wallace
dcbba0c600 Cleanup some signed-type issues in format-ebml.c 2016-03-27 12:29:06 -04:00
Philipp Schafft
9cae2ef646 Updated submodules 2016-03-27 13:16:23 +00:00
Joseph Wallace
788bd94eeb BUGFIX: Use a signed type for capturing the return value of client_read_bytes()
Signed-off-by: Marvin Scholz <epirat07@gmail.com>
2016-02-13 21:12:34 +01:00
Marvin Scholz
3a73f9c146 More hardening of XML output against invalid entities
This replaces the add node function with the one intended for text nodes
to prevent that invalid entities are not encoded and therefore could
break the XML output.

(See d739c65e54 and #2255)
2016-02-10 20:56:56 +01:00
Thomas B. Ruecker
4c57532e7b Added missing space to fix output 2016-02-10 08:15:48 +00:00
Marvin Scholz
37150fe020 Fix STATS legacy authentication
This fixes the issue that auth for STATS method always fails, by
adding stats method to legacy admin auth in cfgfile.c
2016-02-09 20:27:10 +01:00
Marvin Scholz
d739c65e54 Fix invalid entities in listclient xml
This fixes a bug where listener Referer or User-Agent strings containing
a sequence like `&T;` was not escaped properly and therefore made the
whole XML document invalid.
Injecting new XML nodes (<foo></foo>) was not possible, it seems in the
worse case all it could cause was that the XML failed to parse.

Fix #2255
2016-02-08 23:02:02 +01:00
Philipp Schafft
235527192c Merge branch 'webmKeyFrames' 2016-02-06 17:44:56 +00:00
Marvin Scholz
eecbc647b4 Fix handling of URIs in custom XSL loader
There was an error how URIs were handled in our custom XSL loader
that rewrites include URIs to point to admin dir if the include
is not found in the current dir.

The check for the file would not work if the path contains chars
that are usually escaped in URIs, like a space (%20), as we get
a already encoded version of that URI in the loader and did not
decode it before checking the existence of the file.

(Fix #2249)
2016-01-26 10:13:07 +01:00
Philipp Schafft
6e031962f4 Added missing line termination 2016-01-26 04:42:33 +00:00
Marvin Scholz
e0c386a77f Replace autogen.sh with a simple wrapper for autoreconf.
The autoreconf tool does the same tool detection the older
shell script does, and is now sufficiently widely deployed
to depend on. The new script is what is currently used in
other Xiph.Org projects.

Note this is a change to the new pattern of needing to
invoke ./configure separately after running ./autogen.sh.

(Fix #2254)
2016-01-25 21:43:22 +01:00
Philipp Schafft
471cbaa60b Fix: remove tailing dots in URI.
This works around the problem that windows ignores tailing dots.
This way you could trick Icecast2 to send a XSLT file as plain text.

Please test.

Closes: #2247
2015-12-24 00:38:11 +00:00
Joseph Wallace
d196e75416 Convert ints used as boolean values into actual bools. 2015-12-19 15:32:37 -05:00
Joseph Wallace
1f6a0a497f Replace "long long"s with an appropriate type from <stdint.h> 2015-12-19 15:02:33 -05:00
Philipp Schafft
255af9e610 Fix: Moved <mime-types> into <paths>.
This moved the <mime-types> setting into <paths>. The code still
supports reading it from the root element but will warn the user
about this.

Also there seems to be no documentation about this setting.

Closes: #2164
2015-12-12 08:17:58 +00:00
Joseph Wallace
de004670c3 Be clearer about ebml_parse_sized_int's sign & endian behavior. 2015-12-01 02:21:24 -05:00
Philipp Schafft
3dd8bdbf40 Feature: display playlist 2015-11-28 18:11:01 +00:00
Philipp Schafft
d3370f3d1c Cleanup: unify util.c a bit with libshout. 2015-11-28 17:58:18 +00:00
Joseph Wallace
e6cb7e26ee Move ebml-private structure definitions out of header file. 2015-11-28 12:49:54 -05:00
Joseph Wallace
0d7448efc7 Change buffer-related sizes & indices to size_t or ssize_t, as applicable. 2015-11-28 12:49:45 -05:00
Joseph Wallace
8a09627d05 Fix type of copy_state in EBML parser to an enum variable. 2015-11-28 12:41:46 -05:00
Joseph Wallace
dc263858a4 Additional format_ebml.c comments. 2015-11-28 12:41:46 -05:00
Joseph Wallace
af238d9129 Move MKV element magic values into proper #define constants. 2015-11-28 12:41:46 -05:00
Joseph Wallace
d394a244f0 Bugfix: Cluster test could have read past the end of the input buffer.
Move the cluster test inside the space-to-read check with the other tests.
2015-11-28 12:41:46 -05:00
Joseph Wallace
9de8fe483d Remove spare whitespace on blank lines. 2015-11-28 12:41:46 -05:00
Joseph Wallace
e4258bfad3 Don't wait for video keyframes on audio-only streams. 2015-11-28 12:41:46 -05:00
Joseph Wallace
9cf4ed560c Probe SimpleBlocks to determine which clusters start with a keyframe. 2015-11-28 12:41:45 -05:00
Joseph Wallace
6e11db5de2 Probe Tracks section of header to identify the video track.
We'll sync keyframes on that track next commit.
2015-11-28 12:41:45 -05:00
Joseph Wallace
9899413839 Add parser for bodies of Integer elements. 2015-11-28 12:41:45 -05:00
Joseph Wallace
f461ff6763 Buffer clusters to have time to probe them for metadata, like keyframes. 2015-11-28 12:41:45 -05:00
Joseph Wallace
def5a4cf6c Implement EBML-aware parser.
* Loop over elements in input buffer.
* Most are literally copied with their contents without
  inspection into the header or data buffers as appropriate.
* Some only copy the element header, to allow inspecting
  children elements.
* Cluster elements are identified and used as sync points.

No probing is done for keyframes *yet*
2015-11-28 12:41:45 -05:00
Joseph Wallace
50c4984c78 Add functions to comprehend EBML tags. 2015-11-28 12:41:45 -05:00
Joseph Wallace
531d060d16 Adjust EBML parser writing protocol.
This will allow leaving unparsed data in the input buffer to wait for completion.
2015-11-28 12:41:45 -05:00
Joseph Wallace
13dc880d29 Yield sync point status from ebml_read directly.
This simplifies some fragile "was the last chunk a sync point?" logic.
2015-11-28 12:41:45 -05:00
Joseph Wallace
744b66c40e Make the state-machine nature of the EBML parser more evident. 2015-11-28 12:41:45 -05:00
Joseph Wallace
15e7fc6e4a Add comments & braces to format_ebml.c.
This should help make future changes to the code clearer.
2015-11-28 12:41:45 -05:00
Marvin Scholz
2ff8c50d3b Makefile: Fix commons include path 2015-11-28 17:15:42 +01:00
Marvin Scholz
b54afbc6be Correct AC_CONFIG_MACRO_DIRS to AC_CONFIG_MACRO_DIR for compatibility 2015-11-28 17:15:42 +01:00
Marvin Scholz
d16e091e25 Update submodule for more deprecated Makefile INCLUDES fixes 2015-11-28 17:15:42 +01:00
Marvin Scholz
d3c1dafa7e Change deprecated INCLUDES variable in Makefile 2015-11-28 17:15:42 +01:00
Marvin Scholz
4cd55dc166 Add missing AC_CONFIG_MACRO_DIRS and some configure.ac cleanup 2015-11-28 17:15:42 +01:00
Marvin Scholz
d6fa6891d3 Update m4 to fix a bunch of warnings 2015-11-28 17:15:42 +01:00
Marvin Scholz
95fb449d56 Add config.h.in~ to .gitignore 2015-11-28 17:15:42 +01:00
Philipp Schafft
24bc25ec38 Cleanup: fixed some compiler warnings 2015-11-28 11:30:34 +00:00