Commit efbcaaba authored by Philipp Schafft's avatar Philipp Schafft 🦁

Fix: Corrected possible bufferoverflows in format_prepare_headers()

See: #2342
parent 4125e568
......@@ -300,7 +300,7 @@ static int format_prepare_headers (source_t *source, client_t *client)
client->respcode = 200;
bytes = util_http_build_header(ptr, remaining, 0, 0, 200, NULL, source->format->contenttype, NULL, NULL, source);
if (bytes == -1) {
if (bytes <= 0) {
ICECAST_LOG_ERROR("Dropping client as we can not build response headers.");
client_send_500(client, "Header generation failed.");
return -1;
......@@ -311,7 +311,7 @@ static int format_prepare_headers (source_t *source, client_t *client)
client->refbuf->data = ptr = new_ptr;
client->refbuf->len = remaining = bytes + 1024;
bytes = util_http_build_header(ptr, remaining, 0, 0, 200, NULL, source->format->contenttype, NULL, NULL, source);
if (bytes == -1 ) {
if (bytes <= 0 || bytes >= remaining) {
ICECAST_LOG_ERROR("Dropping client as we can not build response headers.");
client_send_500(client, "Header generation failed.");
return -1;
......@@ -392,6 +392,13 @@ static int format_prepare_headers (source_t *source, client_t *client)
}
}
if (bytes < 0 || bytes >= remaining) {
avl_tree_unlock(source->parser->vars);
ICECAST_LOG_ERROR("Can not allocate headers for client %p", client);
client_send_500(client, "Header generation failed.");
return -1;
}
remaining -= bytes;
ptr += bytes;
if (next)
......@@ -400,6 +407,11 @@ static int format_prepare_headers (source_t *source, client_t *client)
avl_tree_unlock(source->parser->vars);
bytes = snprintf (ptr, remaining, "\r\n");
if (bytes < 0 || bytes >= remaining) {
ICECAST_LOG_ERROR("Can not allocate headers for client %p", client);
client_send_500(client, "Header generation failed.");
return -1;
}
remaining -= bytes;
ptr += bytes;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment