[icecast-dev] bug in cvs version of icecast2?
Michael Smith
msmith at labyrinth.net.au
Mon Jun 3 03:16:57 PDT 2002
At 09:59 PM 6/2/02 +0200, you wrote:
>Hi!
>
>I found out that icecast will crash when trying to stream a title or
>artist with % in the name. The cause seems to be in stats.c, line 158
>where the text is sent as a format string to vsnprintf. This could
>possibly be used for an exploit too. The solution I came up with is
>to call stats_event instead of stats_event_args from
>format_vorbis_get_buffer in format_vorbis.c. I've included a patch
>below.
Argh! You'd think people would have learnt by now...
Thanks a lot for the patch! I've just committed it.
Michael
<p>--- >8 ----
List archives: http://www.xiph.org/archives/
icecast project homepage: http://www.icecast.org/
To unsubscribe from this list, send a message to 'icecast-dev-request at xiph.org'
containing only the word 'unsubscribe' in the body. No subject is needed.
Unsubscribe messages sent to the list will be ignored/filtered.
More information about the Icecast-dev
mailing list