Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
Icecast-Server
Icecast-Server
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 94
    • Issues 94
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 1
    • Merge Requests 1
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Incidents
    • Environments
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • External Wiki
    • External Wiki
  • Members
    • Members
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • Xiph.Org
  • Icecast-ServerIcecast-Server
  • Issues
  • #298

Closed
Open
Opened Dec 12, 2002 by alet@alet

Probably OBO error in command line handling

Hi,

It seems that the strncpy function is used to copy the config filename
(currently at line 94 of main.c). The manual page says that this function may
not add the terminating nul byte if there's none in the source string. It seems
it's possible to pass a filename which is longer than 256 bytes with no nul, and
later on strdup is called on this filename (config.c) which may lead to
arbitrary long memory allocation and maybe other problems (security?)

adding "filename[255] = '\0';" after the initial strncpy should solve the problem.
Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
None
Due date
None
Reference: xiph/icecast-server#298