summaryrefslogtreecommitdiff
path: root/media-sound/peercast/files/peercast-0.1218-CVE-2008-2040.patch
diff options
context:
space:
mode:
Diffstat (limited to 'media-sound/peercast/files/peercast-0.1218-CVE-2008-2040.patch')
-rw-r--r--media-sound/peercast/files/peercast-0.1218-CVE-2008-2040.patch122
1 files changed, 122 insertions, 0 deletions
diff --git a/media-sound/peercast/files/peercast-0.1218-CVE-2008-2040.patch b/media-sound/peercast/files/peercast-0.1218-CVE-2008-2040.patch
new file mode 100644
index 000000000000..23037ac82b74
--- /dev/null
+++ b/media-sound/peercast/files/peercast-0.1218-CVE-2008-2040.patch
@@ -0,0 +1,122 @@
+diff -Nurad peercast-0.1218+svn20080104/core/common/channel.cpp peercast-0.1218+svn20080104.new/core/common/channel.cpp
+--- peercast-0.1218+svn20080104/core/common/channel.cpp 2008-04-01 13:59:52.000000000 +0200
++++ peercast-0.1218+svn20080104.new/core/common/channel.cpp 2008-04-30 17:45:28.000000000 +0200
+@@ -440,7 +440,7 @@
+ if (http.isHeader(PCX_HS_POS))
+ streamPos = atoi(arg);
+ else
+- Servent::readICYHeader(http, info, NULL);
++ Servent::readICYHeader(http, info, NULL, 0);
+
+ LOG_CHANNEL("Channel fetch: %s",http.cmdLine);
+ }
+diff -Nurad peercast-0.1218+svn20080104/core/common/http.cpp peercast-0.1218+svn20080104.new/core/common/http.cpp
+--- peercast-0.1218+svn20080104/core/common/http.cpp 2008-04-01 13:59:52.000000000 +0200
++++ peercast-0.1218+svn20080104.new/core/common/http.cpp 2008-04-30 17:45:28.000000000 +0200
+@@ -102,7 +102,7 @@
+ return 0;
+ }
+ //-----------------------------------------
+-void HTTP::getAuthUserPass(char *user, char *pass)
++void HTTP::getAuthUserPass(char *user, char *pass, size_t ulen, size_t plen)
+ {
+ if (arg)
+ {
+@@ -119,10 +119,14 @@
+ if (s)
+ {
+ *s = 0;
+- if (user)
+- strcpy(user,str.cstr());
+- if (pass)
+- strcpy(pass,s+1);
++ if (user){
++ strncpy(user,str.cstr(), ulen);
++ user[ulen - 1] = 0;
++ }
++ if (pass){
++ strncpy(pass,s+1, plen);
++ pass[plen - 1] = 0;
++ }
+ }
+ }
+ }
+diff -Nurad peercast-0.1218+svn20080104/core/common/http.h peercast-0.1218+svn20080104.new/core/common/http.h
+--- peercast-0.1218+svn20080104/core/common/http.h 2008-04-01 13:59:52.000000000 +0200
++++ peercast-0.1218+svn20080104.new/core/common/http.h 2008-04-30 17:45:28.000000000 +0200
+@@ -176,7 +176,7 @@
+ char *getArgStr();
+ int getArgInt();
+
+- void getAuthUserPass(char *, char *);
++ void getAuthUserPass(char *, char *, size_t, size_t);
+
+ char cmdLine[8192],*arg;
+
+diff -Nurad peercast-0.1218+svn20080104/core/common/servent.h peercast-0.1218+svn20080104.new/core/common/servent.h
+--- peercast-0.1218+svn20080104/core/common/servent.h 2008-04-01 13:59:52.000000000 +0200
++++ peercast-0.1218+svn20080104.new/core/common/servent.h 2008-04-30 17:45:28.000000000 +0200
+@@ -206,7 +206,7 @@
+ void sendPCPChannel();
+ void checkPCPComms(Channel *, AtomStream &);
+
+- static void readICYHeader(HTTP &, ChanInfo &, char *);
++ static void readICYHeader(HTTP &, ChanInfo &, char *, size_t);
+ bool canStream(Channel *);
+
+ bool isConnected() {return status == S_CONNECTED;}
+diff -Nurad peercast-0.1218+svn20080104/core/common/servhs.cpp peercast-0.1218+svn20080104.new/core/common/servhs.cpp
+--- peercast-0.1218+svn20080104/core/common/servhs.cpp 2008-04-01 13:59:52.000000000 +0200
++++ peercast-0.1218+svn20080104.new/core/common/servhs.cpp 2008-04-30 17:45:28.000000000 +0200
+@@ -587,7 +587,7 @@
+ {
+ case ServMgr::AUTH_HTTPBASIC:
+ if (http.isHeader("Authorization"))
+- http.getAuthUserPass(user,pass);
++ http.getAuthUserPass(user,pass, sizeof(user), sizeof(pass));
+ break;
+ case ServMgr::AUTH_COOKIE:
+ if (http.isHeader("Cookie"))
+@@ -1405,7 +1405,7 @@
+
+ }
+ // -----------------------------------
+-void Servent::readICYHeader(HTTP &http, ChanInfo &info, char *pwd)
++void Servent::readICYHeader(HTTP &http, ChanInfo &info, char *pwd, size_t plen)
+ {
+ char *arg = http.getArgStr();
+ if (!arg) return;
+@@ -1429,8 +1429,10 @@
+ info.desc.set(arg,String::T_ASCII);
+ info.desc.convertTo(String::T_UNICODE);
+
+- }else if (http.isHeader("Authorization"))
+- http.getAuthUserPass(NULL,pwd);
++ }else if (http.isHeader("Authorization")){
++ if(pwd)
++ http.getAuthUserPass(NULL,pwd, 0, plen);
++ }
+ else if (http.isHeader(PCX_HS_CHANNELID))
+ info.id.fromStr(arg);
+ else if (http.isHeader("ice-password"))
+@@ -1501,7 +1503,7 @@
+ while (http.nextHeader())
+ {
+ LOG_DEBUG("ICY %s",http.cmdLine);
+- readICYHeader(http,info,loginPassword.cstr());
++ readICYHeader(http,info,loginPassword.cstr(), String::MAX_LEN);
+ }
+
+
+diff -Nurad peercast-0.1218+svn20080104/core/common/url.cpp peercast-0.1218+svn20080104.new/core/common/url.cpp
+--- peercast-0.1218+svn20080104/core/common/url.cpp 2008-04-01 13:59:52.000000000 +0200
++++ peercast-0.1218+svn20080104.new/core/common/url.cpp 2008-04-30 17:45:28.000000000 +0200
+@@ -171,7 +171,7 @@
+ LOG_CHANNEL("Fetch HTTP: %s",http.cmdLine);
+
+ ChanInfo tmpInfo = ch->info;
+- Servent::readICYHeader(http,ch->info,NULL);
++ Servent::readICYHeader(http,ch->info,NULL, 0);
+
+ if (!tmpInfo.name.isEmpty())
+ ch->info.name = tmpInfo.name;
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-08 16:36:22 +0000