[icecast-dev] bug in cvs version of icecast2?

Emil Styrke emil at lysator.liu.se
Sun Jun 2 12:59:42 PDT 2002


Hi!

I found out that icecast will crash when trying to stream a title or
artist with % in the name.  The cause seems to be in stats.c, line 158
where the text is sent as a format string to vsnprintf.  This could
possibly be used for an exploit too.  The solution I came up with is
to call stats_event instead of stats_event_args from
format_vorbis_get_buffer in format_vorbis.c.  I've included a patch
below.

        /Emil

Index: format_vorbis.c
===================================================================
RCS file: /usr/local/cvsroot/icecast/src/format_vorbis.c,v
retrieving revision 1.6
diff -r1.6 format_vorbis.c
144,145c144,145
<                               if (tag) stats_event_args(self->mount, "title", tag);
<                               else stats_event_args(self->mount, "title", "unknown");

---
>                               if (tag) stats_event(self->mount, "title", tag);
>                               else stats_event(self->mount, "title", "unknown");
147,148c147,148
<                               if (tag) stats_event_args(self->mount, "artist", tag);
<                               else stats_event_args(self->mount, "artist", "unknown");
---
>                               if (tag) stats_event(self->mount, "artist", tag);
>                               else stats_event(self->mount, "artist", "unknown");

<p>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: part
Type: application/pgp-signature
Size: 233 bytes
Desc: not available
Url : http://lists.xiph.org/pipermail/icecast-dev/attachments/20020602/fe764234/part.pgp


More information about the Icecast-dev mailing list