Icecast-libshout issueshttps://gitlab.xiph.org/xiph/icecast-libshout/-/issues2022-09-13T10:40:11Zhttps://gitlab.xiph.org/xiph/icecast-libshout/-/issues/2336a potential NPD in source file src/proto_http.c2022-09-13T10:40:11Zash1852a potential NPD in source file src/proto_http.cHi, I found a potential null pointer dereference bug in the project source code of libshout, and I have shown the execution sequence of the program that may generate the bug on the graph below. The red text illustrates the steps that gen...Hi, I found a potential null pointer dereference bug in the project source code of libshout, and I have shown the execution sequence of the program that may generate the bug on the graph below. The red text illustrates the steps that generate the bug, the file path can be seen in the blue framed section.
![getvar](/uploads/d440a52b893294bb5844c94ffe3e2a93/getvar.jpg)
Although the code shown is for the latest but is still exist in current version.
What I'm confused about is, some empty judgment operation to return value of httpp_getvar can be found in some code snippets of the libshout project, so I'm not sure if the context of this snippet can assert that the call-statement won't return null, if so please give me some hints.thank you for checking if this bug is true.Philipp SchafftPhilipp Schaffthttps://gitlab.xiph.org/xiph/icecast-libshout/-/issues/2333Support 30X Redirects2021-11-18T14:26:16ZJamie WoodsSupport 30X RedirectsIt would be very useful for libshout to natively handle receiving 301/302 redirects, when connecting as a source.
This would allow various streaming applications to connect to a different Icecast instance dynamically (for example - regi...It would be very useful for libshout to natively handle receiving 301/302 redirects, when connecting as a source.
This would allow various streaming applications to connect to a different Icecast instance dynamically (for example - regional clusters of servers)Philipp SchafftPhilipp Schaffthttps://gitlab.xiph.org/xiph/icecast-libshout/-/issues/2327When preventing caller "abuse-after-free", abort()2023-03-09T09:48:58ZMoritz GrimmWhen preventing caller "abuse-after-free", abort()The shout_free() function attempts to prevent use-after-free issues by not doing anything in case the caller still has an open connection. While this can mitigate security issues in calling applications, it covers up these flaws in the f...The shout_free() function attempts to prevent use-after-free issues by not doing anything in case the caller still has an open connection. While this can mitigate security issues in calling applications, it covers up these flaws in the form of hard to detect memory leaks.
Libshout should either leave the responsibility for these kinds of defects where they belong and not perform the "is a connection still open?" check, as it will never be able to solve _all_ of these problems (and applications running into this _will_ have other problems as well and are in some dire need of SAST tools).
However, since there is some merit to this safeguard, at least make it highly visible with a proper, noisy abort(): [shout_free_abort_before_use-after-free.diff](/uploads/7eb49ff1ce810e41d523e54cbb6f8428/shout_free_abort_before_use-after-free.diff) -- it might be a wake-up call!https://gitlab.xiph.org/xiph/icecast-libshout/-/issues/2311Add support for JWT tokens2023-03-18T10:25:44ZThiago SantosAdd support for JWT tokensAdds support for setting a JWT authorization token (or any opaque token) to libshout. It will be used as an "Authorization: Bearer <token>" header instead of the usual user/password header for HTTP requests.Adds support for setting a JWT authorization token (or any opaque token) to libshout. It will be used as an "Authorization: Bearer <token>" header instead of the usual user/password header for HTTP requests.Philipp SchafftPhilipp Schafft