File icecast-2.3.2-CVE-2011-4612.diff of Package icecast
--- src/fserve.c.orig 2013-06-04 23:27:51.958232557 +0200
+++ src/fserve.c 2013-06-04 23:28:58.929312505 +0200
@@ -410,6 +410,19 @@
int xslt_playlist_file_available = 1;
ice_config_t *config;
FILE *file;
+ char *filtered_path, *p;
+
+ /* strip \r and \n from path string; it's duplicated, so it must be
+ * freed at return
+ */
+ filtered_path = strdup(path);
+ if (!filtered_path)
+ return -1;
+ for (p = filtered_path; *p; p++) {
+ if (*p == '\r' || *p == '\n')
+ *p = '_';
+ }
+ path = filtered_path;
fullpath = util_get_path_from_normalised_uri (path);
INFO2 ("checking for file %H (%H)", path, fullpath);
@@ -432,6 +445,7 @@
WARN2 ("req for file \"%H\" %s", fullpath, strerror (errno));
client_send_404 (httpclient, "The file you requested could not be found");
free (fullpath);
+ free (filtered_path);
return -1;
}
m3u_file_available = 0;
@@ -480,6 +494,7 @@
fserve_add_client (httpclient, NULL);
free (sourceuri);
free (fullpath);
+ free (filtered_path);
return 0;
}
if (xslt_playlist_requested && xslt_playlist_file_available == 0)
@@ -504,6 +519,7 @@
client_send_404 (httpclient, "The file you requested could not be found");
config_release_config();
free (fullpath);
+ free (filtered_path);
return -1;
}
config_release_config();
@@ -513,6 +529,7 @@
client_send_404 (httpclient, "The file you requested could not be found");
WARN1 ("found requested file but there is no handler for it: %H", fullpath);
free (fullpath);
+ free (filtered_path);
return -1;
}
@@ -522,9 +539,11 @@
WARN1 ("Problem accessing file \"%H\"", fullpath);
client_send_404 (httpclient, "File not readable");
free (fullpath);
+ free (filtered_path);
return -1;
}
free (fullpath);
+ free (filtered_path);
content_length = file_buf.st_size;
range = httpp_getvar (httpclient->parser, "range");
