Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Icecast-Server
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Service Desk
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Incidents
Environments
Packages & Registries
Packages & Registries
Container Registry
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
spr0cketeer
Icecast-Server
Commits
162e3dd6
Commit
162e3dd6
authored
Oct 17, 2018
by
Philipp Schafft
🦁
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Fix: Corrected possible bufferoverflows in format_prepare_headers()
parent
548e7963
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
20 additions
and
3 deletions
+20
-3
src/format.c
src/format.c
+20
-3
No files found.
src/format.c
View file @
162e3dd6
...
...
@@ -295,7 +295,7 @@ static inline ssize_t __print_var(char *str, size_t remaining, const char *forma
for
(
i
=
0
;
i
<
var
->
values
;
i
++
)
{
ret
=
snprintf
(
str
+
done
,
remaining
-
done
,
format
,
first
,
var
->
value
[
i
]);
if
(
ret
==
-
1
)
if
(
ret
<=
0
||
(
size_t
)
ret
>=
(
remaining
-
done
)
)
return
-
1
;
done
+=
ret
;
...
...
@@ -331,7 +331,7 @@ static int format_prepare_headers (source_t *source, client_t *client)
client
->
respcode
=
200
;
bytes
=
util_http_build_header
(
ptr
,
remaining
,
0
,
0
,
200
,
NULL
,
source
->
format
->
contenttype
,
NULL
,
NULL
,
source
,
client
);
if
(
bytes
<
0
)
{
if
(
bytes
<
=
0
)
{
ICECAST_LOG_ERROR
(
"Dropping client as we can not build response headers."
);
client
->
respcode
=
500
;
return
-
1
;
...
...
@@ -342,7 +342,7 @@ static int format_prepare_headers (source_t *source, client_t *client)
client
->
refbuf
->
data
=
ptr
=
new_ptr
;
client
->
refbuf
->
len
=
remaining
=
bytes
+
1024
;
bytes
=
util_http_build_header
(
ptr
,
remaining
,
0
,
0
,
200
,
NULL
,
source
->
format
->
contenttype
,
NULL
,
NULL
,
source
,
client
);
if
(
bytes
==
-
1
)
{
if
(
bytes
<=
0
||
(
size_t
)
bytes
>=
remaining
)
{
ICECAST_LOG_ERROR
(
"Dropping client as we can not build response headers."
);
client
->
respcode
=
500
;
return
-
1
;
...
...
@@ -354,6 +354,11 @@ static int format_prepare_headers (source_t *source, client_t *client)
}
}
if
(
bytes
<=
0
||
(
size_t
)
bytes
>=
remaining
)
{
ICECAST_LOG_ERROR
(
"Can not allocate headers for client %p"
,
client
);
client
->
respcode
=
500
;
return
-
1
;
}
remaining
-=
bytes
;
ptr
+=
bytes
;
...
...
@@ -421,6 +426,13 @@ static int format_prepare_headers (source_t *source, client_t *client)
}
}
if
(
bytes
<
0
||
(
size_t
)
bytes
>=
remaining
)
{
avl_tree_unlock
(
source
->
parser
->
vars
);
ICECAST_LOG_ERROR
(
"Can not allocate headers for client %p"
,
client
);
client
->
respcode
=
500
;
return
-
1
;
}
remaining
-=
bytes
;
ptr
+=
bytes
;
if
(
next
)
...
...
@@ -429,6 +441,11 @@ static int format_prepare_headers (source_t *source, client_t *client)
avl_tree_unlock
(
source
->
parser
->
vars
);
bytes
=
snprintf
(
ptr
,
remaining
,
"
\r\n
"
);
if
(
bytes
<=
0
||
(
size_t
)
bytes
>=
remaining
)
{
ICECAST_LOG_ERROR
(
"Can not allocate headers for client %p"
,
client
);
client
->
respcode
=
500
;
return
-
1
;
}
remaining
-=
bytes
;
ptr
+=
bytes
;
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment