|
Lines 3-8
Link Here
|
| 3 |
* |
3 |
* |
| 4 |
* Oliver Fromme <oliver.fromme@heim3.tu-clausthal.de> |
4 |
* Oliver Fromme <oliver.fromme@heim3.tu-clausthal.de> |
| 5 |
* Wed Apr 9 20:57:47 MET DST 1997 |
5 |
* Wed Apr 9 20:57:47 MET DST 1997 |
|
|
6 |
* |
| 7 |
* Modified by Jeremy Huddleston <eradicator@gentoo.org> 2004.10.21 per |
| 8 |
* http://bugs.gentoo.org/show_bug.cgi?id=68343 |
| 9 |
* http://www.barrossecurity.com/advisories/mpg123_getauthfromurl_bof_advisory.txt |
| 10 |
* |
| 6 |
*/ |
11 |
*/ |
| 7 |
|
12 |
|
| 8 |
#undef ALSA |
13 |
#undef ALSA |
|
Lines 221-232
unsigned char *proxyport;
Link Here
|
| 221 |
#define ACCEPT_HEAD "Accept: audio/mpeg, audio/x-mpegurl, */*\r\n" |
226 |
#define ACCEPT_HEAD "Accept: audio/mpeg, audio/x-mpegurl, */*\r\n" |
| 222 |
|
227 |
|
| 223 |
char *httpauth = NULL; |
228 |
char *httpauth = NULL; |
| 224 |
char httpauth1[256]; |
229 |
char *httpauth1 = NULL; |
| 225 |
|
230 |
|
| 226 |
int http_open (char *url) |
231 |
int http_open (char *url) |
| 227 |
{ |
232 |
{ |
| 228 |
char *purl, *host, *request, *sptr; |
233 |
char *purl, *host, *request, *sptr; |
| 229 |
int linelength; |
234 |
unsigned int linelength, linelengthbase, purl_length; |
| 230 |
unsigned long myip; |
235 |
unsigned long myip; |
| 231 |
unsigned char *myport; |
236 |
unsigned char *myport; |
| 232 |
int sock; |
237 |
int sock; |
|
Lines 270-322
int http_open (char *url)
Link Here
|
| 270 |
exit(1); |
275 |
exit(1); |
| 271 |
} |
276 |
} |
| 272 |
|
277 |
|
| 273 |
|
278 |
/* |
| 274 |
if ((linelength = strlen(url)+200) < 1024) |
279 |
* The length of purl is upper bound by 3*strlen(url) + 1 if everything |
| 275 |
linelength = 1024; |
280 |
* in it is a space. For HTTP redirections, we need something longer; |
| 276 |
if (!(request = malloc(linelength)) || !(purl = malloc(1024))) { |
281 |
* 1024 bytes were arbitrarily chosen. |
|
|
282 |
*/ |
| 283 |
purl_length = strlen(url) * 3 + 1; |
| 284 |
if (purl_length < 1024) purl_length = 1024; |
| 285 |
purl = (char *)malloc(sizeof(char) * purl_length); |
| 286 |
if (!purl) { |
| 277 |
fprintf (stderr, "malloc() failed, out of memory.\n"); |
287 |
fprintf (stderr, "malloc() failed, out of memory.\n"); |
| 278 |
exit (1); |
288 |
exit (1); |
| 279 |
} |
289 |
} |
| 280 |
/* |
|
|
| 281 |
* 2000-10-21: |
| 282 |
* We would like spaces to be automatically converted to %20's when |
| 283 |
* fetching via HTTP. |
| 284 |
* -- Martin Sjögren <md9ms@mdstud.chalmers.se> |
| 285 |
*/ |
| 286 |
if ((sptr = strchr(url, ' ')) == NULL) { |
| 287 |
strncpy (purl, url, 1023); |
| 288 |
purl[1023] = '\0'; |
| 289 |
} |
| 290 |
else { |
| 291 |
int purllength = 0; |
| 292 |
char *urlptr = url; |
| 293 |
purl[0] = '\0'; |
| 294 |
do { |
| 295 |
purllength += sptr-urlptr + 3; |
| 296 |
if (purllength >= 1023) |
| 297 |
break; |
| 298 |
strncat (purl, urlptr, sptr-urlptr); |
| 299 |
//purl[sptr-url] = '\0'; |
| 300 |
strcat (purl, "%20"); |
| 301 |
urlptr = sptr + 1; |
| 302 |
} |
| 303 |
while ((sptr = strchr (urlptr, ' ')) != NULL); |
| 304 |
strcat (purl, urlptr); |
| 305 |
} |
| 306 |
|
290 |
|
|
|
291 |
/* |
| 292 |
* 2000-10-21: |
| 293 |
* We would like spaces to be automatically converted to %20's when |
| 294 |
* fetching via HTTP. |
| 295 |
* -- Martin Sjögren <md9ms@mdstud.chalmers.se> |
| 296 |
*/ |
| 297 |
if ((sptr = strchr(url, ' ')) == NULL) { |
| 298 |
strcpy (purl, url); |
| 299 |
} else { |
| 300 |
char *urlptr = url; |
| 301 |
purl[0] = '\0'; |
| 302 |
do { |
| 303 |
strncat (purl, urlptr, sptr - urlptr); |
| 304 |
strcat (purl, "%20"); |
| 305 |
urlptr = sptr + 1; |
| 306 |
} |
| 307 |
while ((sptr = strchr (urlptr, ' ')) != NULL); |
| 308 |
strcat (purl, urlptr); |
| 309 |
} |
| 310 |
|
| 311 |
httpauth1 = (char *)malloc((strlen(purl) + 1) * sizeof(char)); |
| 312 |
if(!httpauth1) { |
| 313 |
fprintf(stderr, "malloc() failed, out of memory.\n"); |
| 314 |
exit(1); |
| 315 |
} |
| 316 |
getauthfromURL(purl,httpauth1); |
| 317 |
|
| 318 |
/* "GET http://" + 11 |
| 319 |
* " HTTP/1.0\r\nUser-Agent: <prgName>/<prgVersion>\r\n" 26 + prgName + prgVersion |
| 320 |
* ACCEPT_HEAD strlen(ACCEPT_HEAD) |
| 321 |
* "Authorization: Basic \r\n" 23 |
| 322 |
* "\r\n" 2 |
| 323 |
*/ |
| 324 |
linelengthbase = 62 + strlen(prgName) + strlen(prgVersion) + strlen(ACCEPT_HEAD); |
| 325 |
|
| 326 |
if(httpauth) |
| 327 |
linelengthbase += (strlen(httpauth) + 1) * 4; |
| 307 |
|
328 |
|
| 308 |
getauthfromURL(purl,httpauth1); |
329 |
if(httpauth1) |
|
|
330 |
linelengthbase += (strlen(httpauth1) + 1) * 4; |
| 309 |
|
331 |
|
| 310 |
do { |
332 |
do { |
| 311 |
strcpy (request, "GET "); |
|
|
| 312 |
if (proxyip != INADDR_NONE) { |
333 |
if (proxyip != INADDR_NONE) { |
| 313 |
if (strncasecmp(url, "http://", 7) != 0 && strncasecmp(url,"ftp://", 6) != 0) |
|
|
| 314 |
strcat (request, "http://"); |
| 315 |
strcat (request, purl); |
| 316 |
myport = proxyport; |
334 |
myport = proxyport; |
| 317 |
myip = proxyip; |
335 |
myip = proxyip; |
| 318 |
} |
336 |
|
| 319 |
else { |
337 |
linelength = linelengthbase + strlen(purl); |
|
|
338 |
if(host) |
| 339 |
linelength += 9 + strlen(host) + strlen(myport); /* "Host: <host>:<port>\r\n" */ |
| 340 |
|
| 341 |
request = (char *)malloc((linelength + 1) * sizeof(char)); |
| 342 |
if (!request) { |
| 343 |
fprintf (stderr, "malloc() failed, out of memory.\n"); |
| 344 |
exit (1); |
| 345 |
} |
| 346 |
|
| 347 |
strcpy (request, "GET "); |
| 348 |
if (strncasecmp(url, "http://", 7) != 0 && strncasecmp(url,"ftp://", 6) != 0) |
| 349 |
strcat (request, "http://"); |
| 350 |
strcat (request, purl); |
| 351 |
} else { |
| 320 |
if (host) { |
352 |
if (host) { |
| 321 |
free(host); |
353 |
free(host); |
| 322 |
host=NULL; |
354 |
host=NULL; |
|
Lines 325-343
int http_open (char *url)
Link Here
|
| 325 |
free(proxyport); |
357 |
free(proxyport); |
| 326 |
proxyport=NULL; |
358 |
proxyport=NULL; |
| 327 |
} |
359 |
} |
| 328 |
if (!(sptr = url2hostport(purl, &host, &myip, &myport))) { |
360 |
|
| 329 |
fprintf (stderr, "Unknown host \"%s\".\n", |
361 |
sptr = url2hostport(purl, &host, &myip, &myport); |
| 330 |
host ? host : ""); |
362 |
if (!sptr) { |
|
|
363 |
fprintf (stderr, "Unknown host \"%s\".\n", host ? host : ""); |
| 364 |
exit (1); |
| 365 |
} |
| 366 |
|
| 367 |
linelength = linelengthbase + strlen(sptr); |
| 368 |
if(host) |
| 369 |
linelength += 9 + strlen(host) + strlen(myport); /* "Host: <host>:<port>\r\n" */ |
| 370 |
|
| 371 |
request = (char *)malloc((linelength + 1) * sizeof(char)); |
| 372 |
if (!request) { |
| 373 |
fprintf (stderr, "malloc() failed, out of memory.\n"); |
| 331 |
exit (1); |
374 |
exit (1); |
| 332 |
} |
375 |
} |
|
|
376 |
|
| 377 |
strcpy (request, "GET "); |
| 333 |
strcat (request, sptr); |
378 |
strcat (request, sptr); |
| 334 |
} |
379 |
} |
| 335 |
sprintf (request + strlen(request), |
380 |
|
| 336 |
" HTTP/1.0\r\nUser-Agent: %s/%s\r\n", |
381 |
sprintf (request + strlen(request), " HTTP/1.0\r\nUser-Agent: %s/%s\r\n", prgName, prgVersion); |
| 337 |
prgName, prgVersion); |
|
|
| 338 |
if (host) { |
382 |
if (host) { |
| 339 |
sprintf(request + strlen(request), |
383 |
sprintf(request + strlen(request), "Host: %s:%s\r\n", host, myport); |
| 340 |
"Host: %s:%s\r\n", host, myport); |
|
|
| 341 |
#if 0 |
384 |
#if 0 |
| 342 |
free (host); |
385 |
free (host); |
| 343 |
#endif |
386 |
#endif |
|
Lines 394-408
fail:
Link Here
|
| 394 |
exit(1); |
437 |
exit(1); |
| 395 |
} |
438 |
} |
| 396 |
|
439 |
|
| 397 |
if (strlen(httpauth1) || httpauth) { |
440 |
if (httpauth1 || httpauth) { |
| 398 |
char buf[1023]; |
441 |
char *buf; |
| 399 |
strcat (request,"Authorization: Basic "); |
442 |
strcat (request,"Authorization: Basic "); |
| 400 |
if(strlen(httpauth1)) |
443 |
if(httpauth1) { |
| 401 |
encode64(httpauth1,buf); |
444 |
buf=(char *)malloc((strlen(httpauth1) + 1) * 4 * sizeof(char)); |
| 402 |
else |
445 |
if(!buf) { |
| 403 |
encode64(httpauth,buf); |
446 |
fprintf(stderr, "Error allocating sufficient memory for http authentication. Exiting."); |
| 404 |
strcat (request,buf); |
447 |
exit(1); |
|
|
448 |
} |
| 449 |
encode64(httpauth1,buf); |
| 450 |
free(httpauth1); |
| 451 |
} else { |
| 452 |
buf=(char *)malloc((strlen(httpauth) + 1) * 4 * sizeof(char)); |
| 453 |
if(!buf) { |
| 454 |
fprintf(stderr, "Error allocating sufficient memory for http authentication. Exiting."); |
| 455 |
exit(1); |
| 456 |
} |
| 457 |
encode64(httpauth,buf); |
| 458 |
} |
| 459 |
|
| 460 |
strcat (request, buf); |
| 405 |
strcat (request,"\r\n"); |
461 |
strcat (request,"\r\n"); |
|
|
462 |
free(buf); |
| 406 |
} |
463 |
} |
| 407 |
strcat (request, "\r\n"); |
464 |
strcat (request, "\r\n"); |
| 408 |
|
465 |
|
|
Lines 428-443
fail:
Link Here
|
| 428 |
} |
485 |
} |
| 429 |
do { |
486 |
do { |
| 430 |
readstring (request, linelength-1, myfile); |
487 |
readstring (request, linelength-1, myfile); |
| 431 |
if (!strncmp(request, "Location:", 9)) |
488 |
if (!strncmp(request, "Location:", 9)) { |
| 432 |
strncpy (purl, request+10, 1023); |
489 |
strncpy (purl, request+10, purl_length); |
|
|
490 |
purl[purl_length - 1] = 0; |
| 491 |
} |
| 433 |
} while (request[0] != '\r' && request[0] != '\n'); |
492 |
} while (request[0] != '\r' && request[0] != '\n'); |
|
|
493 |
|
| 494 |
free(request); |
| 434 |
} while (relocate && purl[0] && numrelocs++ < 5); |
495 |
} while (relocate && purl[0] && numrelocs++ < 5); |
| 435 |
if (relocate) { |
496 |
if (relocate) { |
| 436 |
fprintf (stderr, "Too many HTTP relocations.\n"); |
497 |
fprintf (stderr, "Too many HTTP relocations.\n"); |
| 437 |
exit (1); |
498 |
exit (1); |
| 438 |
} |
499 |
} |
| 439 |
free (purl); |
500 |
free(purl); |
| 440 |
free (request); |
|
|
| 441 |
free(host); |
501 |
free(host); |
| 442 |
free(proxyport); |
502 |
free(proxyport); |
| 443 |
free(myport); |
503 |
free(myport); |
