diff options
author | Michael Nottebrock <lofi@FreeBSD.org> | 2004-10-13 23:32:53 +0000 |
---|---|---|
committer | Michael Nottebrock <lofi@FreeBSD.org> | 2004-10-13 23:32:53 +0000 |
commit | 8ce861a35fecd86689f47727945d3014e1474030 (patch) | |
tree | af8d10c4b1f640e282338fb0563e12b1abe5db35 /audio/icecast | |
parent | d2e2005631a04e4f2781093dbffb8930720d14ae (diff) | |
download | ports-8ce861a35fecd86689f47727945d3014e1474030.tar.gz ports-8ce861a35fecd86689f47727945d3014e1474030.zip |
Fix cross-site scripting vulnerability
(http://www.debian.org/security/2004/dsa-541).
Patches obtained from: Debian
Notes
Notes:
svn path=/head/; revision=119334
Diffstat (limited to 'audio/icecast')
-rw-r--r-- | audio/icecast/Makefile | 2 | ||||
-rw-r--r-- | audio/icecast/files/patch-src::avl_functions.c | 11 | ||||
-rw-r--r-- | audio/icecast/files/patch-src::client.c | 11 | ||||
-rw-r--r-- | audio/icecast/files/patch-src::commands.c | 25 | ||||
-rw-r--r-- | audio/icecast/files/patch-src::http.c | 81 | ||||
-rw-r--r-- | audio/icecast/files/patch-src::http.h | 10 | ||||
-rw-r--r-- | audio/icecast/files/patch-src::ice_string.c | 11 | ||||
-rw-r--r-- | audio/icecast/files/patch-src::main.c | 11 | ||||
-rw-r--r-- | audio/icecast/files/patch-src::static.c | 12 |
9 files changed, 173 insertions, 1 deletions
diff --git a/audio/icecast/Makefile b/audio/icecast/Makefile index 2c3eb6f67da2..99f4b9860060 100644 --- a/audio/icecast/Makefile +++ b/audio/icecast/Makefile @@ -7,7 +7,7 @@ PORTNAME= icecast PORTVERSION= 1.3.12 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= audio net MASTER_SITES= http://www.icecast.org/files/ diff --git a/audio/icecast/files/patch-src::avl_functions.c b/audio/icecast/files/patch-src::avl_functions.c new file mode 100644 index 000000000000..be7f00fd6051 --- /dev/null +++ b/audio/icecast/files/patch-src::avl_functions.c @@ -0,0 +1,11 @@ +--- src/avl_functions.c ++++ src/avl_functions.c +@@ -307,7 +307,7 @@ + } + + snprintf(s1, BUFSIZE, "%s:%d", dir1->host, dir1->port); +- snprintf(s2, "%s:%d", dir2->host, dir2->port); ++ snprintf(s2, BUFSIZE, "%s:%d", dir2->host, dir2->port); + + return compare_strings (s1, s2, param); + } diff --git a/audio/icecast/files/patch-src::client.c b/audio/icecast/files/patch-src::client.c new file mode 100644 index 000000000000..b38be8cbd1f5 --- /dev/null +++ b/audio/icecast/files/patch-src::client.c @@ -0,0 +1,11 @@ +--- src/client.c ++++ src/client.c +@@ -90,8 +90,6 @@ + + extern server_info_t info; + +-static void client_send_fake_file (connection_t *con); +- + /* Brand new client. Check what he wants, and either add him to + the correct tree of clients (inside a source), or kill him off */ + void client_login(connection_t *con, char *expr) diff --git a/audio/icecast/files/patch-src::commands.c b/audio/icecast/files/patch-src::commands.c new file mode 100644 index 000000000000..5f9ab4bfb4bd --- /dev/null +++ b/audio/icecast/files/patch-src::commands.c @@ -0,0 +1,25 @@ +--- src/commands.c ++++ src/commands.c +@@ -84,8 +84,8 @@ + #include "interpreter.h" + + #include <time.h> ++#include <errno.h> + +-extern int errno; + extern int running; + extern server_info_t info; + extern mutex_t library_mutex; +@@ -2884,8 +2884,11 @@ + time_t before = 0; + + if (!arg || !arg[0]) ++ { + admin_write_line (req, ADMIN_SHOW_PING_INVALID_SYNTAX, PING_SYNTAX); +- ++ return 0; ++ } ++ + host[0] = '\0'; + + if (splitc (host, arg, ':') != NULL) diff --git a/audio/icecast/files/patch-src::http.c b/audio/icecast/files/patch-src::http.c new file mode 100644 index 000000000000..b2b23087e5c9 --- /dev/null +++ b/audio/icecast/files/patch-src::http.c @@ -0,0 +1,81 @@ +--- src/http.c ++++ src/http.c +@@ -327,7 +327,60 @@ + } + + char * +-url_encode (const char *str, char **result_p) ++html_escape (const char *str) ++{ ++ const char *p; ++ char *q; ++ char *result; ++ int toescape= 0; ++ ++ if (!str) { ++ xa_debug (1, "WARNING: html_escape() called with NULL string"); ++ return NULL; ++ } ++ ++ for (p = str; *p; p++) { ++ if ((unsigned char) (*p) == '&') toescape+=4; ++ if ((unsigned char) (*p) == '"') toescape+=5; ++ if ((unsigned char) (*p) == '<') toescape+=3; ++ if ((unsigned char) (*p) == '>') toescape+=3; ++ } ++ ++ result = (char *) nmalloc (p - str + toescape + 1); ++ ++ for (q = result, p = str; *p; p++) { ++ unsigned char a = *p; ++ if (a == '&') { ++ *q++ = '&'; ++ *q++ = 'a'; ++ *q++ = 'm'; ++ *q++ = 'p'; ++ *q++ = ';'; ++ } else if (a == '"') { ++ *q++ = '&'; ++ *q++ = 'q'; ++ *q++ = 'u'; ++ *q++ = 'o'; ++ *q++ = 't'; ++ *q++ = ';'; ++ } else if (a == '<') { ++ *q++ = '&'; ++ *q++ = 'l'; ++ *q++ = 't'; ++ *q++ = ';'; ++ } else if (a == '>') { ++ *q++ = '&'; ++ *q++ = 'g'; ++ *q++ = 't'; ++ *q++ = ';'; ++ } else *q++ = *p; ++ } ++ *q++ = 0; ++ return result; ++} ++ ++char * ++url_encode (const char *str, char** result_p) + { + const char *p; + char *q; +@@ -345,7 +398,6 @@ + unacceptable++; + + result = (char *) nmalloc (p - str + unacceptable + unacceptable + 1); +- + *result_p = result; + + for (q = result, p = str; *p; p++) +@@ -1336,7 +1388,7 @@ + add_varpair2 (variables, nstrdup (ident), ice_itoa (i)); + add_varpair2 (variables, ice_cat (ident, ".id"), ice_itoa (travclients->id)); + add_varpair2 (variables, ice_cat (ident, ".host"), nstrdup (con_host (travclients))); +- add_varpair2 (variables, ice_cat (ident, ".user_agent"), nstrdup (get_user_agent (travclients))); ++ add_varpair2 (variables, ice_cat (ident, ".user_agent"), nstrdup (html_escape(get_user_agent (travclients)))); + add_varpair2 (variables, ice_cat (ident, ".writebytes"), ice_utoa (travclients->food.client->write_bytes)); + add_varpair2 (variables, ice_cat (ident, ".connecttime"), nstrdup (nice_time (get_time() - travclients->connect_time, buf))); + endptr = parse_template_file (clicon, NULL, runptr, fd, variables); diff --git a/audio/icecast/files/patch-src::http.h b/audio/icecast/files/patch-src::http.h new file mode 100644 index 000000000000..9e0ba9ec6026 --- /dev/null +++ b/audio/icecast/files/patch-src::http.h @@ -0,0 +1,10 @@ +--- src/http.h ++++ src/http.h +@@ -44,6 +44,7 @@ + int print_http_variable (vartree_t *request_vars, const char *name, connection_t *clicon, int fd); + char *url_encode(const char *string, char **result_p); + char *url_decode (const char *string); ++char *html_escape(const char *string); + const char *parse_template_file (connection_t *clicon, connection_t *sourcecon, const char *ptr, int fd, vartree_t *variables); + int write_template_parsed_html_page (connection_t *clicon, connection_t *sourcecon, const char *template_file, int fd, vartree_t *variables); + const char *http_loop_sources (char *ident, connection_t *clicon, const char *ptr, int fd, vartree_t *variables); diff --git a/audio/icecast/files/patch-src::ice_string.c b/audio/icecast/files/patch-src::ice_string.c new file mode 100644 index 000000000000..8daba719660a --- /dev/null +++ b/audio/icecast/files/patch-src::ice_string.c @@ -0,0 +1,11 @@ +--- src/ice_string.c ++++ src/ice_string.c +@@ -334,8 +334,6 @@ + + char *safe_strcat(char *dest, const char *src, unsigned int maxsize) + { +- int size = 0; +- + if (!dest || !src) return dest; + + if (ice_strlen(dest) + ice_strlen(src) + 1 >= maxsize) { diff --git a/audio/icecast/files/patch-src::main.c b/audio/icecast/files/patch-src::main.c new file mode 100644 index 000000000000..f42a0be38022 --- /dev/null +++ b/audio/icecast/files/patch-src::main.c @@ -0,0 +1,11 @@ +--- src/main.c ++++ src/main.c +@@ -544,7 +544,7 @@ + directory_server_t *ds; + int i; + avl_traverser trav = {0}; +- static main_shutting_down = 0; ++ static int main_shutting_down = 0; + + thread_library_lock (); + if (!main_shutting_down) diff --git a/audio/icecast/files/patch-src::static.c b/audio/icecast/files/patch-src::static.c new file mode 100644 index 000000000000..264fa6403a78 --- /dev/null +++ b/audio/icecast/files/patch-src::static.c @@ -0,0 +1,12 @@ +--- src/static.c ++++ src/static.c +@@ -232,9 +232,7 @@ + void + send_file_to_socket (connection_t *con, char *filename) + { +- struct stat buf; + int mp3file; +- char *suffix; + long length; + char buff[BUFSIZE]; + |