Fix cross-site scripting vulnerability

(http://www.debian.org/security/2004/dsa-541). Patches obtained from: Debian
author: Michael Nottebrock <lofi@FreeBSD.org> 2004-10-13 23:32:53 +0000
committer: Michael Nottebrock <lofi@FreeBSD.org> 2004-10-13 23:32:53 +0000
commit: 8ce861a35fecd86689f47727945d3014e1474030 (patch)
tree: af8d10c4b1f640e282338fb0563e12b1abe5db35 /audio/icecast
parent: d2e2005631a04e4f2781093dbffb8930720d14ae (diff)
download: ports-8ce861a35fecd86689f47727945d3014e1474030.tar.gz
ports-8ce861a35fecd86689f47727945d3014e1474030.zip
9 files changed, 173 insertions, 1 deletions
diff --git a/audio/icecast/Makefile b/audio/icecast/Makefile
index 2c3eb6f67da2..99f4b9860060 100644
--- a/audio/icecast/Makefile
+++ b/audio/icecast/Makefile
@@ -7,7 +7,7 @@
 
 PORTNAME=	icecast
 PORTVERSION=	1.3.12
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	audio net
 MASTER_SITES=	http://www.icecast.org/files/
 
diff --git a/audio/icecast/files/patch-src::avl_functions.c b/audio/icecast/files/patch-src::avl_functions.c
new file mode 100644
index 000000000000..be7f00fd6051
--- /dev/null
+++ b/audio/icecast/files/patch-src::avl_functions.c
@@ -0,0 +1,11 @@
+--- src/avl_functions.c
++++ src/avl_functions.c
+@@ -307,7 +307,7 @@
+ 	}
+ 
+ 	snprintf(s1, BUFSIZE, "%s:%d", dir1->host, dir1->port);
+-	snprintf(s2, "%s:%d", dir2->host, dir2->port);
++	snprintf(s2, BUFSIZE, "%s:%d", dir2->host, dir2->port);
+ 
+ 	return compare_strings (s1, s2, param);
+ }
diff --git a/audio/icecast/files/patch-src::client.c b/audio/icecast/files/patch-src::client.c
new file mode 100644
index 000000000000..b38be8cbd1f5
--- /dev/null
+++ b/audio/icecast/files/patch-src::client.c
@@ -0,0 +1,11 @@
+--- src/client.c
++++ src/client.c
+@@ -90,8 +90,6 @@
+ 
+ extern server_info_t info;
+ 
+-static void client_send_fake_file (connection_t *con);
+-
+ /* Brand new client. Check what he wants, and either add him to
+    the correct tree of clients (inside a source), or kill him off */
+ void client_login(connection_t *con, char *expr)
diff --git a/audio/icecast/files/patch-src::commands.c b/audio/icecast/files/patch-src::commands.c
new file mode 100644
index 000000000000..5f9ab4bfb4bd
--- /dev/null
+++ b/audio/icecast/files/patch-src::commands.c
@@ -0,0 +1,25 @@
+--- src/commands.c
++++ src/commands.c
+@@ -84,8 +84,8 @@
+ #include "interpreter.h"
+ 
+ #include <time.h>
++#include <errno.h>
+ 
+-extern int errno;
+ extern int running;
+ extern server_info_t info;
+ extern mutex_t library_mutex;
+@@ -2884,8 +2884,11 @@
+ 	time_t before = 0;
+ 
+ 	if (!arg || !arg[0])
++	{
+ 		admin_write_line (req, ADMIN_SHOW_PING_INVALID_SYNTAX, PING_SYNTAX);
+-	
++		return 0;
++	}
++		
+ 	host[0] = '\0';
+ 
+ 	if (splitc (host, arg, ':') != NULL)
diff --git a/audio/icecast/files/patch-src::http.c b/audio/icecast/files/patch-src::http.c
new file mode 100644
index 000000000000..b2b23087e5c9
--- /dev/null
+++ b/audio/icecast/files/patch-src::http.c
@@ -0,0 +1,81 @@
+--- src/http.c
++++ src/http.c
+@@ -327,7 +327,60 @@
+ }
+ 
+ char * 
+-url_encode (const char *str, char **result_p)
++html_escape (const char *str)
++{
++  const char *p;
++  char *q;
++  char *result;
++  int toescape= 0;
++
++  if (!str) {
++	  xa_debug (1, "WARNING: html_escape() called with NULL string");
++	  return NULL;
++  }
++
++  for (p = str; *p; p++) {
++    if ((unsigned char) (*p) == '&') toescape+=4;
++    if ((unsigned char) (*p) == '"') toescape+=5;
++    if ((unsigned char) (*p) == '<') toescape+=3;
++    if ((unsigned char) (*p) == '>') toescape+=3;
++  }
++  
++  result = (char  *) nmalloc (p - str + toescape + 1);
++
++  for (q = result, p = str; *p; p++) {
++      unsigned char a = *p;
++      if (a == '&') {
++      	  *q++ = '&';
++      	  *q++ = 'a';
++      	  *q++ = 'm';
++      	  *q++ = 'p';
++      	  *q++ = ';';
++      } else if (a == '"') {
++      	  *q++ = '&';
++      	  *q++ = 'q';
++      	  *q++ = 'u';
++      	  *q++ = 'o';
++      	  *q++ = 't';
++      	  *q++ = ';';
++      } else if (a == '<') {
++      	  *q++ = '&';
++      	  *q++ = 'l';
++      	  *q++ = 't';
++      	  *q++ = ';';
++      } else if (a == '>') {
++      	  *q++ = '&';
++      	  *q++ = 'g';
++      	  *q++ = 't';
++      	  *q++ = ';';
++      } else *q++ = *p;
++    }
++  *q++ = 0; 
++  return result;
++}
++
++char * 
++url_encode (const char *str, char** result_p)
+ {
+   const char *p;
+   char *q;
+@@ -345,7 +398,6 @@
+       unacceptable++;
+ 
+   result = (char  *) nmalloc (p - str + unacceptable + unacceptable + 1);
+-
+   *result_p = result;
+ 
+   for (q = result, p = str; *p; p++) 
+@@ -1336,7 +1388,7 @@
+ 	  add_varpair2 (variables, nstrdup (ident), ice_itoa (i));
+ 	  add_varpair2 (variables, ice_cat (ident, ".id"), ice_itoa (travclients->id));
+ 	  add_varpair2 (variables, ice_cat (ident, ".host"), nstrdup (con_host (travclients)));
+-	  add_varpair2 (variables, ice_cat (ident, ".user_agent"), nstrdup (get_user_agent (travclients)));
++	  add_varpair2 (variables, ice_cat (ident, ".user_agent"), nstrdup (html_escape(get_user_agent (travclients))));
+ 	  add_varpair2 (variables, ice_cat (ident, ".writebytes"), ice_utoa (travclients->food.client->write_bytes));
+ 	  add_varpair2 (variables, ice_cat (ident, ".connecttime"), nstrdup (nice_time (get_time() - travclients->connect_time, buf)));
+ 	  endptr = parse_template_file (clicon, NULL, runptr, fd, variables);
diff --git a/audio/icecast/files/patch-src::http.h b/audio/icecast/files/patch-src::http.h
new file mode 100644
index 000000000000..9e0ba9ec6026
--- /dev/null
+++ b/audio/icecast/files/patch-src::http.h
@@ -0,0 +1,10 @@
+--- src/http.h
++++ src/http.h
+@@ -44,6 +44,7 @@
+ int print_http_variable (vartree_t *request_vars, const char *name, connection_t *clicon, int fd);
+ char *url_encode(const char *string, char **result_p);
+ char *url_decode (const char *string);
++char *html_escape(const char *string);
+ const char *parse_template_file (connection_t *clicon, connection_t *sourcecon, const char *ptr, int fd, vartree_t *variables);
+ int write_template_parsed_html_page (connection_t *clicon, connection_t *sourcecon, const char *template_file, int fd, vartree_t *variables);
+ const char *http_loop_sources (char *ident, connection_t *clicon, const char *ptr, int fd, vartree_t *variables);
diff --git a/audio/icecast/files/patch-src::ice_string.c b/audio/icecast/files/patch-src::ice_string.c
new file mode 100644
index 000000000000..8daba719660a
--- /dev/null
+++ b/audio/icecast/files/patch-src::ice_string.c
@@ -0,0 +1,11 @@
+--- src/ice_string.c
++++ src/ice_string.c
+@@ -334,8 +334,6 @@
+ 
+ char *safe_strcat(char *dest, const char *src, unsigned int maxsize)
+ {
+-	int size = 0;
+-
+ 	if (!dest || !src) return dest;
+ 
+ 	if (ice_strlen(dest) + ice_strlen(src)  + 1 >= maxsize) {
diff --git a/audio/icecast/files/patch-src::main.c b/audio/icecast/files/patch-src::main.c
new file mode 100644
index 000000000000..f42a0be38022
--- /dev/null
+++ b/audio/icecast/files/patch-src::main.c
@@ -0,0 +1,11 @@
+--- src/main.c
++++ src/main.c
+@@ -544,7 +544,7 @@
+ 	directory_server_t *ds;
+ 	int i;
+ 	avl_traverser trav = {0};
+-	static main_shutting_down = 0;
++	static int main_shutting_down = 0;
+ 	
+ 	thread_library_lock ();
+ 		if (!main_shutting_down)
diff --git a/audio/icecast/files/patch-src::static.c b/audio/icecast/files/patch-src::static.c
new file mode 100644
index 000000000000..264fa6403a78
--- /dev/null
+++ b/audio/icecast/files/patch-src::static.c
@@ -0,0 +1,12 @@
+--- src/static.c
++++ src/static.c
+@@ -232,9 +232,7 @@
+ void 
+ send_file_to_socket (connection_t *con, char *filename)
+ {
+-	struct stat buf;
+ 	int mp3file;
+-	char *suffix;
+ 	long length;
+ 	char buff[BUFSIZE];
+
author	Michael Nottebrock <lofi@FreeBSD.org>	2004-10-13 23:32:53 +0000
committer	Michael Nottebrock <lofi@FreeBSD.org>	2004-10-13 23:32:53 +0000
commit	8ce861a35fecd86689f47727945d3014e1474030 (patch)
tree	af8d10c4b1f640e282338fb0563e12b1abe5db35 /audio/icecast
parent	d2e2005631a04e4f2781093dbffb8930720d14ae (diff)
download	ports-8ce861a35fecd86689f47727945d3014e1474030.tar.gz ports-8ce861a35fecd86689f47727945d3014e1474030.zip