[icecast-dev] bug in cvs version of icecast2?
Emil Styrke
emil at lysator.liu.se
Sun Jun 2 12:59:42 PDT 2002
Hi!
I found out that icecast will crash when trying to stream a title or
artist with % in the name. The cause seems to be in stats.c, line 158
where the text is sent as a format string to vsnprintf. This could
possibly be used for an exploit too. The solution I came up with is
to call stats_event instead of stats_event_args from
format_vorbis_get_buffer in format_vorbis.c. I've included a patch
below.
/Emil
Index: format_vorbis.c
===================================================================
RCS file: /usr/local/cvsroot/icecast/src/format_vorbis.c,v
retrieving revision 1.6
diff -r1.6 format_vorbis.c
144,145c144,145
< if (tag) stats_event_args(self->mount, "title", tag);
< else stats_event_args(self->mount, "title", "unknown");
---
> if (tag) stats_event(self->mount, "title", tag);
> else stats_event(self->mount, "title", "unknown");
147,148c147,148
< if (tag) stats_event_args(self->mount, "artist", tag);
< else stats_event_args(self->mount, "artist", "unknown");
---
> if (tag) stats_event(self->mount, "artist", tag);
> else stats_event(self->mount, "artist", "unknown");
<p>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: part
Type: application/pgp-signature
Size: 233 bytes
Desc: not available
Url : http://lists.xiph.org/pipermail/icecast-dev/attachments/20020602/fe764234/part.pgp
More information about the Icecast-dev
mailing list