785ec1fe86
- buffer overflow in stream_cddb.c - buffer overflow in url.c - buffer overflow in demux_mov.c - stack overflow in demux_audio.c from brad@, ok maintainer also remove reference to rtunes_ao.diff from distinfo. this patch is not used now because it does not apply.
34 lines
1.1 KiB
Plaintext
34 lines
1.1 KiB
Plaintext
$OpenBSD: patch-stream_stream_cddb_c,v 1.1 2008/02/11 00:22:03 jakemsr Exp $
|
|
--- stream/stream_cddb.c.orig Fri Feb 8 13:34:13 2008
|
|
+++ stream/stream_cddb.c Fri Feb 8 13:38:40 2008
|
|
@@ -53,6 +53,7 @@
|
|
#include "version.h"
|
|
#include "stream.h"
|
|
#include "network.h"
|
|
+#include "libavutil/intreadwrite.h"
|
|
|
|
#define DEFAULT_FREEDB_SERVER "freedb.freedb.org"
|
|
#define DEFAULT_CACHE_DIR "/.cddb/"
|
|
@@ -453,8 +454,9 @@ cddb_parse_matches_list(HTTP_header_t *http_hdr, cddb_
|
|
} else {
|
|
len = ptr2-ptr+1;
|
|
}
|
|
+ len = FFMIN(sizeof(album_title) - 1, len);
|
|
strncpy(album_title, ptr, len);
|
|
- album_title[len-2]='\0';
|
|
+ album_title[len]='\0';
|
|
}
|
|
mp_msg(MSGT_DEMUX, MSGL_STATUS, MSGTR_MPDEMUX_CDDB_ParseOKFoundAlbumTitle, album_title);
|
|
return 0;
|
|
@@ -490,8 +492,9 @@ cddb_query_parse(HTTP_header_t *http_hdr, cddb_data_t
|
|
} else {
|
|
len = ptr2-ptr+1;
|
|
}
|
|
+ len = FFMIN(sizeof(album_title) - 1, len);
|
|
strncpy(album_title, ptr, len);
|
|
- album_title[len-2]='\0';
|
|
+ album_title[len]='\0';
|
|
}
|
|
mp_msg(MSGT_DEMUX, MSGL_STATUS, MSGTR_MPDEMUX_CDDB_ParseOKFoundAlbumTitle, album_title);
|
|
return cddb_request_titles(cddb_data);
|