diff options
Diffstat (limited to 'media-sound/peercast/files/peercast-0.1218-CVE-2008-2040.patch')
-rw-r--r-- | media-sound/peercast/files/peercast-0.1218-CVE-2008-2040.patch | 122 |
1 files changed, 122 insertions, 0 deletions
diff --git a/media-sound/peercast/files/peercast-0.1218-CVE-2008-2040.patch b/media-sound/peercast/files/peercast-0.1218-CVE-2008-2040.patch new file mode 100644 index 000000000000..23037ac82b74 --- /dev/null +++ b/media-sound/peercast/files/peercast-0.1218-CVE-2008-2040.patch @@ -0,0 +1,122 @@ +diff -Nurad peercast-0.1218+svn20080104/core/common/channel.cpp peercast-0.1218+svn20080104.new/core/common/channel.cpp +--- peercast-0.1218+svn20080104/core/common/channel.cpp 2008-04-01 13:59:52.000000000 +0200 ++++ peercast-0.1218+svn20080104.new/core/common/channel.cpp 2008-04-30 17:45:28.000000000 +0200 +@@ -440,7 +440,7 @@ + if (http.isHeader(PCX_HS_POS))
+ streamPos = atoi(arg);
+ else
+- Servent::readICYHeader(http, info, NULL);
++ Servent::readICYHeader(http, info, NULL, 0);
+
+ LOG_CHANNEL("Channel fetch: %s",http.cmdLine);
+ }
+diff -Nurad peercast-0.1218+svn20080104/core/common/http.cpp peercast-0.1218+svn20080104.new/core/common/http.cpp +--- peercast-0.1218+svn20080104/core/common/http.cpp 2008-04-01 13:59:52.000000000 +0200 ++++ peercast-0.1218+svn20080104.new/core/common/http.cpp 2008-04-30 17:45:28.000000000 +0200 +@@ -102,7 +102,7 @@ + return 0; + } + //----------------------------------------- +-void HTTP::getAuthUserPass(char *user, char *pass) ++void HTTP::getAuthUserPass(char *user, char *pass, size_t ulen, size_t plen) + { + if (arg) + { +@@ -119,10 +119,14 @@ + if (s) + { + *s = 0; +- if (user) +- strcpy(user,str.cstr()); +- if (pass) +- strcpy(pass,s+1); ++ if (user){ ++ strncpy(user,str.cstr(), ulen); ++ user[ulen - 1] = 0; ++ } ++ if (pass){ ++ strncpy(pass,s+1, plen); ++ pass[plen - 1] = 0; ++ } + } + } + } +diff -Nurad peercast-0.1218+svn20080104/core/common/http.h peercast-0.1218+svn20080104.new/core/common/http.h +--- peercast-0.1218+svn20080104/core/common/http.h 2008-04-01 13:59:52.000000000 +0200 ++++ peercast-0.1218+svn20080104.new/core/common/http.h 2008-04-30 17:45:28.000000000 +0200 +@@ -176,7 +176,7 @@ + char *getArgStr(); + int getArgInt(); + +- void getAuthUserPass(char *, char *); ++ void getAuthUserPass(char *, char *, size_t, size_t); + + char cmdLine[8192],*arg; + +diff -Nurad peercast-0.1218+svn20080104/core/common/servent.h peercast-0.1218+svn20080104.new/core/common/servent.h +--- peercast-0.1218+svn20080104/core/common/servent.h 2008-04-01 13:59:52.000000000 +0200 ++++ peercast-0.1218+svn20080104.new/core/common/servent.h 2008-04-30 17:45:28.000000000 +0200 +@@ -206,7 +206,7 @@ + void sendPCPChannel();
+ void checkPCPComms(Channel *, AtomStream &);
+ +- static void readICYHeader(HTTP &, ChanInfo &, char *); ++ static void readICYHeader(HTTP &, ChanInfo &, char *, size_t); + bool canStream(Channel *); + + bool isConnected() {return status == S_CONNECTED;}
+diff -Nurad peercast-0.1218+svn20080104/core/common/servhs.cpp peercast-0.1218+svn20080104.new/core/common/servhs.cpp +--- peercast-0.1218+svn20080104/core/common/servhs.cpp 2008-04-01 13:59:52.000000000 +0200 ++++ peercast-0.1218+svn20080104.new/core/common/servhs.cpp 2008-04-30 17:45:28.000000000 +0200 +@@ -587,7 +587,7 @@ + {
+ case ServMgr::AUTH_HTTPBASIC:
+ if (http.isHeader("Authorization"))
+- http.getAuthUserPass(user,pass);
++ http.getAuthUserPass(user,pass, sizeof(user), sizeof(pass));
+ break;
+ case ServMgr::AUTH_COOKIE:
+ if (http.isHeader("Cookie"))
+@@ -1405,7 +1405,7 @@ +
+ } + // ----------------------------------- +-void Servent::readICYHeader(HTTP &http, ChanInfo &info, char *pwd) ++void Servent::readICYHeader(HTTP &http, ChanInfo &info, char *pwd, size_t plen) + { + char *arg = http.getArgStr(); + if (!arg) return; +@@ -1429,8 +1429,10 @@ + info.desc.set(arg,String::T_ASCII);
+ info.desc.convertTo(String::T_UNICODE);
+ +- }else if (http.isHeader("Authorization")) +- http.getAuthUserPass(NULL,pwd); ++ }else if (http.isHeader("Authorization")){ ++ if(pwd) ++ http.getAuthUserPass(NULL,pwd, 0, plen); ++ } + else if (http.isHeader(PCX_HS_CHANNELID)) + info.id.fromStr(arg);
+ else if (http.isHeader("ice-password")) +@@ -1501,7 +1503,7 @@ + while (http.nextHeader()) + { + LOG_DEBUG("ICY %s",http.cmdLine); +- readICYHeader(http,info,loginPassword.cstr()); ++ readICYHeader(http,info,loginPassword.cstr(), String::MAX_LEN); + } + + +diff -Nurad peercast-0.1218+svn20080104/core/common/url.cpp peercast-0.1218+svn20080104.new/core/common/url.cpp +--- peercast-0.1218+svn20080104/core/common/url.cpp 2008-04-01 13:59:52.000000000 +0200 ++++ peercast-0.1218+svn20080104.new/core/common/url.cpp 2008-04-30 17:45:28.000000000 +0200 +@@ -171,7 +171,7 @@ + LOG_CHANNEL("Fetch HTTP: %s",http.cmdLine); + + ChanInfo tmpInfo = ch->info; +- Servent::readICYHeader(http,ch->info,NULL); ++ Servent::readICYHeader(http,ch->info,NULL, 0); + + if (!tmpInfo.name.isEmpty()) + ch->info.name = tmpInfo.name; |