Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:rmax
icecast
icecast-2.3.2-CVE-2011-4612.diff
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File icecast-2.3.2-CVE-2011-4612.diff of Package icecast
--- src/fserve.c.orig 2013-06-04 23:27:51.958232557 +0200 +++ src/fserve.c 2013-06-04 23:28:58.929312505 +0200 @@ -410,6 +410,19 @@ int xslt_playlist_file_available = 1; ice_config_t *config; FILE *file; + char *filtered_path, *p; + + /* strip \r and \n from path string; it's duplicated, so it must be + * freed at return + */ + filtered_path = strdup(path); + if (!filtered_path) + return -1; + for (p = filtered_path; *p; p++) { + if (*p == '\r' || *p == '\n') + *p = '_'; + } + path = filtered_path; fullpath = util_get_path_from_normalised_uri (path); INFO2 ("checking for file %H (%H)", path, fullpath); @@ -432,6 +445,7 @@ WARN2 ("req for file \"%H\" %s", fullpath, strerror (errno)); client_send_404 (httpclient, "The file you requested could not be found"); free (fullpath); + free (filtered_path); return -1; } m3u_file_available = 0; @@ -480,6 +494,7 @@ fserve_add_client (httpclient, NULL); free (sourceuri); free (fullpath); + free (filtered_path); return 0; } if (xslt_playlist_requested && xslt_playlist_file_available == 0) @@ -504,6 +519,7 @@ client_send_404 (httpclient, "The file you requested could not be found"); config_release_config(); free (fullpath); + free (filtered_path); return -1; } config_release_config(); @@ -513,6 +529,7 @@ client_send_404 (httpclient, "The file you requested could not be found"); WARN1 ("found requested file but there is no handler for it: %H", fullpath); free (fullpath); + free (filtered_path); return -1; } @@ -522,9 +539,11 @@ WARN1 ("Problem accessing file \"%H\"", fullpath); client_send_404 (httpclient, "File not readable"); free (fullpath); + free (filtered_path); return -1; } free (fullpath); + free (filtered_path); content_length = file_buf.st_size; range = httpp_getvar (httpclient->parser, "range");
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor