media-sound/peercast/files/peercast-0.1218-CVE-2008-2040.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122

diff -Nurad peercast-0.1218+svn20080104/core/common/channel.cpp peercast-0.1218+svn20080104.new/core/common/channel.cpp
--- peercast-0.1218+svn20080104/core/common/channel.cpp	2008-04-01 13:59:52.000000000 +0200
+++ peercast-0.1218+svn20080104.new/core/common/channel.cpp	2008-04-30 17:45:28.000000000 +0200
@@ -440,7 +440,7 @@
 		if (http.isHeader(PCX_HS_POS))
 			streamPos = atoi(arg);
 		else
-			Servent::readICYHeader(http, info, NULL);
+			Servent::readICYHeader(http, info, NULL, 0);
 
 		LOG_CHANNEL("Channel fetch: %s",http.cmdLine);
 	}
diff -Nurad peercast-0.1218+svn20080104/core/common/http.cpp peercast-0.1218+svn20080104.new/core/common/http.cpp
--- peercast-0.1218+svn20080104/core/common/http.cpp	2008-04-01 13:59:52.000000000 +0200
+++ peercast-0.1218+svn20080104.new/core/common/http.cpp	2008-04-30 17:45:28.000000000 +0200
@@ -102,7 +102,7 @@
 		return 0;
 }
 //-----------------------------------------
-void HTTP::getAuthUserPass(char *user, char *pass)
+void HTTP::getAuthUserPass(char *user, char *pass, size_t ulen, size_t plen)
 {
 	if (arg)
 	{
@@ -119,10 +119,14 @@
 			if (s)
 			{
 				*s = 0;
-				if (user)
-					strcpy(user,str.cstr());
-				if (pass)
-					strcpy(pass,s+1);
+				if (user){
+					strncpy(user,str.cstr(), ulen);
+					user[ulen - 1] = 0;
+				}
+				if (pass){
+					strncpy(pass,s+1, plen);
+					pass[plen - 1] = 0;
+				}
 			}			
 		}
 	}
diff -Nurad peercast-0.1218+svn20080104/core/common/http.h peercast-0.1218+svn20080104.new/core/common/http.h
--- peercast-0.1218+svn20080104/core/common/http.h	2008-04-01 13:59:52.000000000 +0200
+++ peercast-0.1218+svn20080104.new/core/common/http.h	2008-04-30 17:45:28.000000000 +0200
@@ -176,7 +176,7 @@
 	char	*getArgStr();
 	int		getArgInt();
 
-	void	getAuthUserPass(char *, char *);
+	void	getAuthUserPass(char *, char *, size_t, size_t);
 
 	char	cmdLine[8192],*arg;
 
diff -Nurad peercast-0.1218+svn20080104/core/common/servent.h peercast-0.1218+svn20080104.new/core/common/servent.h
--- peercast-0.1218+svn20080104/core/common/servent.h	2008-04-01 13:59:52.000000000 +0200
+++ peercast-0.1218+svn20080104.new/core/common/servent.h	2008-04-30 17:45:28.000000000 +0200
@@ -206,7 +206,7 @@
 	void	sendPCPChannel();
 	void	checkPCPComms(Channel *, AtomStream &);
 
-	static void	readICYHeader(HTTP &, ChanInfo &, char *);
+	static void	readICYHeader(HTTP &, ChanInfo &, char *, size_t);
 	bool	canStream(Channel *);
 
 	bool	isConnected() {return status == S_CONNECTED;}
diff -Nurad peercast-0.1218+svn20080104/core/common/servhs.cpp peercast-0.1218+svn20080104.new/core/common/servhs.cpp
--- peercast-0.1218+svn20080104/core/common/servhs.cpp	2008-04-01 13:59:52.000000000 +0200
+++ peercast-0.1218+svn20080104.new/core/common/servhs.cpp	2008-04-30 17:45:28.000000000 +0200
@@ -587,7 +587,7 @@
 		{
 			case ServMgr::AUTH_HTTPBASIC:
 				if (http.isHeader("Authorization"))
-					http.getAuthUserPass(user,pass);
+					http.getAuthUserPass(user,pass, sizeof(user), sizeof(pass));
 				break;
 			case ServMgr::AUTH_COOKIE:
 				if (http.isHeader("Cookie"))
@@ -1405,7 +1405,7 @@
 
 }
 // -----------------------------------
-void Servent::readICYHeader(HTTP &http, ChanInfo &info, char *pwd)
+void Servent::readICYHeader(HTTP &http, ChanInfo &info, char *pwd, size_t plen)
 {
 	char *arg = http.getArgStr();
 	if (!arg) return;
@@ -1429,8 +1429,10 @@
 		info.desc.set(arg,String::T_ASCII);
 		info.desc.convertTo(String::T_UNICODE);
 
-	}else if (http.isHeader("Authorization"))
-		http.getAuthUserPass(NULL,pwd);
+	}else if (http.isHeader("Authorization")){
+		if(pwd)
+			http.getAuthUserPass(NULL,pwd, 0, plen);
+    }
 	else if (http.isHeader(PCX_HS_CHANNELID))
 		info.id.fromStr(arg);
 	else if (http.isHeader("ice-password"))
@@ -1501,7 +1503,7 @@
 	while (http.nextHeader())
 	{
 		LOG_DEBUG("ICY %s",http.cmdLine);
-		readICYHeader(http,info,loginPassword.cstr());
+		readICYHeader(http,info,loginPassword.cstr(), String::MAX_LEN);
 	}
 
 
diff -Nurad peercast-0.1218+svn20080104/core/common/url.cpp peercast-0.1218+svn20080104.new/core/common/url.cpp
--- peercast-0.1218+svn20080104/core/common/url.cpp	2008-04-01 13:59:52.000000000 +0200
+++ peercast-0.1218+svn20080104.new/core/common/url.cpp	2008-04-30 17:45:28.000000000 +0200
@@ -171,7 +171,7 @@
 				LOG_CHANNEL("Fetch HTTP: %s",http.cmdLine);
 
 				ChanInfo tmpInfo = ch->info;
-				Servent::readICYHeader(http,ch->info,NULL);
+				Servent::readICYHeader(http,ch->info,NULL, 0);
 
 				if (!tmpInfo.name.isEmpty())
 					ch->info.name = tmpInfo.name;