[icecast-dev] httpp and possible buffer overrun
news at likai.net
Thu Apr 4 16:43:51 PST 2002
speaking of which ... (that icecast has its own http parser), i just
looked at the source code of httpp_parse(). something bad happens when
there are more than 32 lines in the incoming data, which is definitely
not sufficient for xmlrpc. there is, furthermore, a possibility for
buffer overrun attacks. i guess someone should be looking at it more
Likai Liu wrote:
> as icecast already has its own http parser (check the httpp module),
> maybe something should be taken care of so there is no code of
> duplicated purpose. also, should the xmlrpc binding use a different
> port than the main streaming ports, or should it open up its own port?
> these are in need of a discussion.
<p><p><p>--- >8 ----
List archives: http://www.xiph.org/archives/
icecast project homepage: http://www.icecast.org/
To unsubscribe from this list, send a message to 'icecast-dev-request at xiph.org'
containing only the word 'unsubscribe' in the body. No subject is needed.
Unsubscribe messages sent to the list will be ignored/filtered.
More information about the Icecast-dev