Commit 530b78d7 authored by Philipp Schafft's avatar Philipp Schafft 🦁

Allow the source password to be undefined.

This is to avoid falling back to a default password which may open security holes.

svn path=/icecast/trunk/icecast/; revision=18125
parent 99788838
...@@ -2,3 +2,5 @@ Jack Moffitt <jack@icecast.org> ...@@ -2,3 +2,5 @@ Jack Moffitt <jack@icecast.org>
Michael Smith <msmith@icecast.org> Michael Smith <msmith@icecast.org>
oddsock <oddsock@xiph.org> oddsock <oddsock@xiph.org>
Karl Heyes <karl@xiph.org> Karl Heyes <karl@xiph.org>
Philipp "ph3-der-loewe" Schafft <lion@lion.leolix.org>
Thomas B. "dm8tbr" Ruecker <thomas.rucker@tieto.com>
2011-11-25 21:20 ph3-der-loewe
* trunk/icecast/AUTHORS, trunk/icecast/src/cfgfile.c.
trunk/icecast/src/connection.c: Allow the source password
to be undefined. This is to avoid falling back to a default
password which may open security holes.
----------------------------------------------------------------------
Everything above is post 2.3.2. The stuff below is incomplete.
The time zone above is UTC, the time zone below is unknown.
ph3-der-loewe, Fri Nov 25 21:20:58 UTC 2011
----------------------------------------------------------------------
2005-11-29 03:06 karl 2005-11-29 03:06 karl
* trunk/icecast/src/auth_url.c: update for authentication header * trunk/icecast/src/auth_url.c: update for authentication header
......
...@@ -8,6 +8,8 @@ ...@@ -8,6 +8,8 @@
* oddsock <oddsock@xiph.org>, * oddsock <oddsock@xiph.org>,
* Karl Heyes <karl@xiph.org> * Karl Heyes <karl@xiph.org>
* and others (see AUTHORS for details). * and others (see AUTHORS for details).
* Copyright 2011, Philipp "ph3-der-loewe" Schafft <lion@lion.leolix.org>,
Thomas B. "dm8tbr" Ruecker <thomas.rucker@tieto.com>.
*/ */
#ifdef HAVE_CONFIG_H #ifdef HAVE_CONFIG_H
......
...@@ -8,6 +8,7 @@ ...@@ -8,6 +8,7 @@
* oddsock <oddsock@xiph.org>, * oddsock <oddsock@xiph.org>,
* Karl Heyes <karl@xiph.org> * Karl Heyes <karl@xiph.org>
* and others (see AUTHORS for details). * and others (see AUTHORS for details).
* Copyright 2011, Philipp "ph3-der-loewe" Schafft <lion@lion.leolix.org>
*/ */
/* -*- c-basic-offset: 4; indent-tabs-mode: nil; -*- */ /* -*- c-basic-offset: 4; indent-tabs-mode: nil; -*- */
...@@ -1168,7 +1169,12 @@ static void _handle_shoutcast_compatible (client_queue_t *node) ...@@ -1168,7 +1169,12 @@ static void _handle_shoutcast_compatible (client_queue_t *node)
if (mountinfo && mountinfo->password) if (mountinfo && mountinfo->password)
source_password = strdup (mountinfo->password); source_password = strdup (mountinfo->password);
else else
source_password = strdup (config->source_password); {
if (config->source_password)
source_password = strdup (config->source_password);
else
source_password = NULL;
}
config_release_config(); config_release_config();
/* Get rid of trailing \r\n or \n after password */ /* Get rid of trailing \r\n or \n after password */
...@@ -1198,7 +1204,7 @@ static void _handle_shoutcast_compatible (client_queue_t *node) ...@@ -1198,7 +1204,7 @@ static void _handle_shoutcast_compatible (client_queue_t *node)
} }
*ptr = '\0'; *ptr = '\0';
if (strcmp (client->refbuf->data, source_password) == 0) if (source_password && strcmp (client->refbuf->data, source_password) == 0)
{ {
client->respcode = 200; client->respcode = 200;
/* send this non-blocking but if there is only a partial write /* send this non-blocking but if there is only a partial write
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment