Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
10
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Open sidebar
spr0cketeer
Icecast-Server
Commits
081a7974
Commit
081a7974
authored
Oct 17, 2018
by
Philipp Schafft
🦁
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Fix: Fixed buffer overflow in URL auth code.
Closes:
#2342
parent
e75b85fe
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
13 additions
and
1 deletion
+13
-1
src/auth_url.c
src/auth_url.c
+13
-1
No files found.
src/auth_url.c
View file @
081a7974
...
...
@@ -513,13 +513,25 @@ static auth_result url_add_client(auth_client *auth_user)
header_val
=
httpp_getvar
(
client
->
parser
,
cur_header
);
if
(
header_val
)
{
size_t
left
=
sizeof
(
post
)
-
post_offset
;
int
ret
;
header_valesc
=
util_url_escape
(
header_val
);
post_offs
et
+
=
snprintf
(
post
+
post_offset
,
r
et
=
snprintf
(
post
+
post_offset
,
sizeof
(
post
)
-
post_offset
,
"&%s%s=%s"
,
url
->
prefix_headers
?
url
->
prefix_headers
:
""
,
cur_header
,
header_valesc
);
free
(
header_valesc
);
if
(
ret
<=
0
||
(
size_t
)
ret
>=
left
)
{
ICECAST_LOG_ERROR
(
"Authentication failed for client %p as header
\"
%H
\"
is too long."
,
client
,
cur_header
);
free
(
pass_headers
);
auth_user_url_clear
(
auth_user
);
return
AUTH_FAILED
;
}
else
{
post_offset
+=
ret
;
}
}
cur_header
=
next_header
;
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment