[icecast-dev] httpp and possible buffer overrun

Likai Liu news at likai.net
Thu Apr 4 16:43:51 PST 2002

speaking of which ... (that icecast has its own http parser), i just 
looked at the source code of httpp_parse(). something bad happens when 
there are more than 32 lines in the incoming data, which is definitely 
not sufficient for xmlrpc. there is, furthermore, a possibility for 
buffer overrun attacks. i guess someone should be looking at it more 


Likai Liu wrote:

> as icecast already has its own http parser (check the httpp module), 
> maybe something should be taken care of so there is no code of 
> duplicated purpose. also, should the xmlrpc binding use a different 
> port than the main streaming ports, or should it open up its own port? 
> these are in need of a discussion.

<p><p><p>--- >8 ----
List archives:  http://www.xiph.org/archives/
icecast project homepage: http://www.icecast.org/
To unsubscribe from this list, send a message to 'icecast-dev-request at xiph.org'
containing only the word 'unsubscribe' in the body.  No subject is needed.
Unsubscribe messages sent to the list will be ignored/filtered.

More information about the Icecast-dev mailing list