[xiph-commits] r18125 - in icecast/trunk/icecast: . src

ph3-der-loewe at svn.xiph.org ph3-der-loewe at svn.xiph.org
Fri Nov 25 13:24:28 PST 2011


Author: ph3-der-loewe
Date: 2011-11-25 13:24:28 -0800 (Fri, 25 Nov 2011)
New Revision: 18125

Modified:
   icecast/trunk/icecast/AUTHORS
   icecast/trunk/icecast/ChangeLog
   icecast/trunk/icecast/src/cfgfile.c
   icecast/trunk/icecast/src/connection.c
Log:
Allow the source password to be undefined.
This is to avoid falling back to a default password which may open security holes.


Modified: icecast/trunk/icecast/AUTHORS
===================================================================
--- icecast/trunk/icecast/AUTHORS	2011-11-25 19:59:03 UTC (rev 18124)
+++ icecast/trunk/icecast/AUTHORS	2011-11-25 21:24:28 UTC (rev 18125)
@@ -2,3 +2,5 @@
 Michael Smith <msmith at icecast.org>
 oddsock <oddsock at xiph.org>
 Karl Heyes <karl at xiph.org>
+Philipp "ph3-der-loewe" Schafft <lion at lion.leolix.org>
+Thomas B. "dm8tbr" Ruecker <thomas.rucker at tieto.com>

Modified: icecast/trunk/icecast/ChangeLog
===================================================================
--- icecast/trunk/icecast/ChangeLog	2011-11-25 19:59:03 UTC (rev 18124)
+++ icecast/trunk/icecast/ChangeLog	2011-11-25 21:24:28 UTC (rev 18125)
@@ -1,3 +1,15 @@
+2011-11-25 21:20  ph3-der-loewe
+
+	* trunk/icecast/AUTHORS, trunk/icecast/src/cfgfile.c.
+	  trunk/icecast/src/connection.c: Allow the source password
+	  to be undefined. This is to avoid falling back to a default
+	  password which may open security holes.
+
+----------------------------------------------------------------------
+	Everything above is post 2.3.2. The stuff below is incomplete.
+	The time zone above is UTC, the time zone below is unknown.
+	ph3-der-loewe, Fri Nov 25 21:20:58 UTC 2011
+----------------------------------------------------------------------
 2005-11-29 03:06  karl
 
 	* trunk/icecast/src/auth_url.c: update for authentication header

Modified: icecast/trunk/icecast/src/cfgfile.c
===================================================================
--- icecast/trunk/icecast/src/cfgfile.c	2011-11-25 19:59:03 UTC (rev 18124)
+++ icecast/trunk/icecast/src/cfgfile.c	2011-11-25 21:24:28 UTC (rev 18125)
@@ -8,6 +8,8 @@
  *                      oddsock <oddsock at xiph.org>,
  *                      Karl Heyes <karl at xiph.org>
  *                      and others (see AUTHORS for details).
+ * Copyright 2011,      Philipp "ph3-der-loewe" Schafft <lion at lion.leolix.org>,
+                        Thomas B. "dm8tbr" Ruecker <thomas.rucker at tieto.com>.
  */
 
 #ifdef HAVE_CONFIG_H

Modified: icecast/trunk/icecast/src/connection.c
===================================================================
--- icecast/trunk/icecast/src/connection.c	2011-11-25 19:59:03 UTC (rev 18124)
+++ icecast/trunk/icecast/src/connection.c	2011-11-25 21:24:28 UTC (rev 18125)
@@ -8,6 +8,7 @@
  *                      oddsock <oddsock at xiph.org>,
  *                      Karl Heyes <karl at xiph.org>
  *                      and others (see AUTHORS for details).
+ * Copyright 2011,      Philipp "ph3-der-loewe" Schafft <lion at lion.leolix.org>
  */
 
 /* -*- c-basic-offset: 4; indent-tabs-mode: nil; -*- */
@@ -1168,7 +1169,12 @@
         if (mountinfo && mountinfo->password)
             source_password = strdup (mountinfo->password);
         else
-            source_password = strdup (config->source_password);
+        {
+            if (config->source_password) 
+                source_password = strdup (config->source_password);
+            else
+                source_password = NULL;
+        }
         config_release_config();
 
         /* Get rid of trailing \r\n or \n after password */
@@ -1198,7 +1204,7 @@
         }
         *ptr = '\0';
 
-        if (strcmp (client->refbuf->data, source_password) == 0)
+        if (source_password && strcmp (client->refbuf->data, source_password) == 0)
         {
             client->respcode = 200;
             /* send this non-blocking but if there is only a partial write



More information about the commits mailing list