Lines 3-8
Link Here
|
3 |
* |
3 |
* |
4 |
* Oliver Fromme <oliver.fromme@heim3.tu-clausthal.de> |
4 |
* Oliver Fromme <oliver.fromme@heim3.tu-clausthal.de> |
5 |
* Wed Apr 9 20:57:47 MET DST 1997 |
5 |
* Wed Apr 9 20:57:47 MET DST 1997 |
|
|
6 |
* |
7 |
* Modified by Jeremy Huddleston <eradicator@gentoo.org> 2004.10.21 per |
8 |
* http://bugs.gentoo.org/show_bug.cgi?id=68343 |
9 |
* http://www.barrossecurity.com/advisories/mpg123_getauthfromurl_bof_advisory.txt |
10 |
* |
6 |
*/ |
11 |
*/ |
7 |
|
12 |
|
8 |
#undef ALSA |
13 |
#undef ALSA |
Lines 221-232
unsigned char *proxyport;
Link Here
|
221 |
#define ACCEPT_HEAD "Accept: audio/mpeg, audio/x-mpegurl, */*\r\n" |
226 |
#define ACCEPT_HEAD "Accept: audio/mpeg, audio/x-mpegurl, */*\r\n" |
222 |
|
227 |
|
223 |
char *httpauth = NULL; |
228 |
char *httpauth = NULL; |
224 |
char httpauth1[256]; |
229 |
char *httpauth1 = NULL; |
225 |
|
230 |
|
226 |
int http_open (char *url) |
231 |
int http_open (char *url) |
227 |
{ |
232 |
{ |
228 |
char *purl, *host, *request, *sptr; |
233 |
char *purl, *host, *request, *sptr; |
229 |
int linelength; |
234 |
unsigned int linelength, linelengthbase, purl_length; |
230 |
unsigned long myip; |
235 |
unsigned long myip; |
231 |
unsigned char *myport; |
236 |
unsigned char *myport; |
232 |
int sock; |
237 |
int sock; |
Lines 270-322
int http_open (char *url)
Link Here
|
270 |
exit(1); |
275 |
exit(1); |
271 |
} |
276 |
} |
272 |
|
277 |
|
273 |
|
278 |
/* |
274 |
if ((linelength = strlen(url)+200) < 1024) |
279 |
* The length of purl is upper bound by 3*strlen(url) + 1 if everything |
275 |
linelength = 1024; |
280 |
* in it is a space. For HTTP redirections, we need something longer; |
276 |
if (!(request = malloc(linelength)) || !(purl = malloc(1024))) { |
281 |
* 1024 bytes were arbitrarily chosen. |
|
|
282 |
*/ |
283 |
purl_length = strlen(url) * 3 + 1; |
284 |
if (purl_length < 1024) purl_length = 1024; |
285 |
purl = (char *)malloc(sizeof(char) * purl_length); |
286 |
if (!purl) { |
277 |
fprintf (stderr, "malloc() failed, out of memory.\n"); |
287 |
fprintf (stderr, "malloc() failed, out of memory.\n"); |
278 |
exit (1); |
288 |
exit (1); |
279 |
} |
289 |
} |
280 |
/* |
|
|
281 |
* 2000-10-21: |
282 |
* We would like spaces to be automatically converted to %20's when |
283 |
* fetching via HTTP. |
284 |
* -- Martin Sjögren <md9ms@mdstud.chalmers.se> |
285 |
*/ |
286 |
if ((sptr = strchr(url, ' ')) == NULL) { |
287 |
strncpy (purl, url, 1023); |
288 |
purl[1023] = '\0'; |
289 |
} |
290 |
else { |
291 |
int purllength = 0; |
292 |
char *urlptr = url; |
293 |
purl[0] = '\0'; |
294 |
do { |
295 |
purllength += sptr-urlptr + 3; |
296 |
if (purllength >= 1023) |
297 |
break; |
298 |
strncat (purl, urlptr, sptr-urlptr); |
299 |
//purl[sptr-url] = '\0'; |
300 |
strcat (purl, "%20"); |
301 |
urlptr = sptr + 1; |
302 |
} |
303 |
while ((sptr = strchr (urlptr, ' ')) != NULL); |
304 |
strcat (purl, urlptr); |
305 |
} |
306 |
|
290 |
|
|
|
291 |
/* |
292 |
* 2000-10-21: |
293 |
* We would like spaces to be automatically converted to %20's when |
294 |
* fetching via HTTP. |
295 |
* -- Martin Sjögren <md9ms@mdstud.chalmers.se> |
296 |
*/ |
297 |
if ((sptr = strchr(url, ' ')) == NULL) { |
298 |
strcpy (purl, url); |
299 |
} else { |
300 |
char *urlptr = url; |
301 |
purl[0] = '\0'; |
302 |
do { |
303 |
strncat (purl, urlptr, sptr - urlptr); |
304 |
strcat (purl, "%20"); |
305 |
urlptr = sptr + 1; |
306 |
} |
307 |
while ((sptr = strchr (urlptr, ' ')) != NULL); |
308 |
strcat (purl, urlptr); |
309 |
} |
310 |
|
311 |
httpauth1 = (char *)malloc((strlen(purl) + 1) * sizeof(char)); |
312 |
if(!httpauth1) { |
313 |
fprintf(stderr, "malloc() failed, out of memory.\n"); |
314 |
exit(1); |
315 |
} |
316 |
getauthfromURL(purl,httpauth1); |
317 |
|
318 |
/* "GET http://" + 11 |
319 |
* " HTTP/1.0\r\nUser-Agent: <prgName>/<prgVersion>\r\n" 26 + prgName + prgVersion |
320 |
* ACCEPT_HEAD strlen(ACCEPT_HEAD) |
321 |
* "Authorization: Basic \r\n" 23 |
322 |
* "\r\n" 2 |
323 |
*/ |
324 |
linelengthbase = 62 + strlen(prgName) + strlen(prgVersion) + strlen(ACCEPT_HEAD); |
325 |
|
326 |
if(httpauth) |
327 |
linelengthbase += (strlen(httpauth) + 1) * 4; |
307 |
|
328 |
|
308 |
getauthfromURL(purl,httpauth1); |
329 |
if(httpauth1) |
|
|
330 |
linelengthbase += (strlen(httpauth1) + 1) * 4; |
309 |
|
331 |
|
310 |
do { |
332 |
do { |
311 |
strcpy (request, "GET "); |
|
|
312 |
if (proxyip != INADDR_NONE) { |
333 |
if (proxyip != INADDR_NONE) { |
313 |
if (strncasecmp(url, "http://", 7) != 0 && strncasecmp(url,"ftp://", 6) != 0) |
|
|
314 |
strcat (request, "http://"); |
315 |
strcat (request, purl); |
316 |
myport = proxyport; |
334 |
myport = proxyport; |
317 |
myip = proxyip; |
335 |
myip = proxyip; |
318 |
} |
336 |
|
319 |
else { |
337 |
linelength = linelengthbase + strlen(purl); |
|
|
338 |
if(host) |
339 |
linelength += 9 + strlen(host) + strlen(myport); /* "Host: <host>:<port>\r\n" */ |
340 |
|
341 |
request = (char *)malloc((linelength + 1) * sizeof(char)); |
342 |
if (!request) { |
343 |
fprintf (stderr, "malloc() failed, out of memory.\n"); |
344 |
exit (1); |
345 |
} |
346 |
|
347 |
strcpy (request, "GET "); |
348 |
if (strncasecmp(url, "http://", 7) != 0 && strncasecmp(url,"ftp://", 6) != 0) |
349 |
strcat (request, "http://"); |
350 |
strcat (request, purl); |
351 |
} else { |
320 |
if (host) { |
352 |
if (host) { |
321 |
free(host); |
353 |
free(host); |
322 |
host=NULL; |
354 |
host=NULL; |
Lines 325-343
int http_open (char *url)
Link Here
|
325 |
free(proxyport); |
357 |
free(proxyport); |
326 |
proxyport=NULL; |
358 |
proxyport=NULL; |
327 |
} |
359 |
} |
328 |
if (!(sptr = url2hostport(purl, &host, &myip, &myport))) { |
360 |
|
329 |
fprintf (stderr, "Unknown host \"%s\".\n", |
361 |
sptr = url2hostport(purl, &host, &myip, &myport); |
330 |
host ? host : ""); |
362 |
if (!sptr) { |
|
|
363 |
fprintf (stderr, "Unknown host \"%s\".\n", host ? host : ""); |
364 |
exit (1); |
365 |
} |
366 |
|
367 |
linelength = linelengthbase + strlen(sptr); |
368 |
if(host) |
369 |
linelength += 9 + strlen(host) + strlen(myport); /* "Host: <host>:<port>\r\n" */ |
370 |
|
371 |
request = (char *)malloc((linelength + 1) * sizeof(char)); |
372 |
if (!request) { |
373 |
fprintf (stderr, "malloc() failed, out of memory.\n"); |
331 |
exit (1); |
374 |
exit (1); |
332 |
} |
375 |
} |
|
|
376 |
|
377 |
strcpy (request, "GET "); |
333 |
strcat (request, sptr); |
378 |
strcat (request, sptr); |
334 |
} |
379 |
} |
335 |
sprintf (request + strlen(request), |
380 |
|
336 |
" HTTP/1.0\r\nUser-Agent: %s/%s\r\n", |
381 |
sprintf (request + strlen(request), " HTTP/1.0\r\nUser-Agent: %s/%s\r\n", prgName, prgVersion); |
337 |
prgName, prgVersion); |
|
|
338 |
if (host) { |
382 |
if (host) { |
339 |
sprintf(request + strlen(request), |
383 |
sprintf(request + strlen(request), "Host: %s:%s\r\n", host, myport); |
340 |
"Host: %s:%s\r\n", host, myport); |
|
|
341 |
#if 0 |
384 |
#if 0 |
342 |
free (host); |
385 |
free (host); |
343 |
#endif |
386 |
#endif |
Lines 394-408
fail:
Link Here
|
394 |
exit(1); |
437 |
exit(1); |
395 |
} |
438 |
} |
396 |
|
439 |
|
397 |
if (strlen(httpauth1) || httpauth) { |
440 |
if (httpauth1 || httpauth) { |
398 |
char buf[1023]; |
441 |
char *buf; |
399 |
strcat (request,"Authorization: Basic "); |
442 |
strcat (request,"Authorization: Basic "); |
400 |
if(strlen(httpauth1)) |
443 |
if(httpauth1) { |
401 |
encode64(httpauth1,buf); |
444 |
buf=(char *)malloc((strlen(httpauth1) + 1) * 4 * sizeof(char)); |
402 |
else |
445 |
if(!buf) { |
403 |
encode64(httpauth,buf); |
446 |
fprintf(stderr, "Error allocating sufficient memory for http authentication. Exiting."); |
404 |
strcat (request,buf); |
447 |
exit(1); |
|
|
448 |
} |
449 |
encode64(httpauth1,buf); |
450 |
free(httpauth1); |
451 |
} else { |
452 |
buf=(char *)malloc((strlen(httpauth) + 1) * 4 * sizeof(char)); |
453 |
if(!buf) { |
454 |
fprintf(stderr, "Error allocating sufficient memory for http authentication. Exiting."); |
455 |
exit(1); |
456 |
} |
457 |
encode64(httpauth,buf); |
458 |
} |
459 |
|
460 |
strcat (request, buf); |
405 |
strcat (request,"\r\n"); |
461 |
strcat (request,"\r\n"); |
|
|
462 |
free(buf); |
406 |
} |
463 |
} |
407 |
strcat (request, "\r\n"); |
464 |
strcat (request, "\r\n"); |
408 |
|
465 |
|
Lines 428-443
fail:
Link Here
|
428 |
} |
485 |
} |
429 |
do { |
486 |
do { |
430 |
readstring (request, linelength-1, myfile); |
487 |
readstring (request, linelength-1, myfile); |
431 |
if (!strncmp(request, "Location:", 9)) |
488 |
if (!strncmp(request, "Location:", 9)) { |
432 |
strncpy (purl, request+10, 1023); |
489 |
strncpy (purl, request+10, purl_length); |
|
|
490 |
purl[purl_length - 1] = 0; |
491 |
} |
433 |
} while (request[0] != '\r' && request[0] != '\n'); |
492 |
} while (request[0] != '\r' && request[0] != '\n'); |
|
|
493 |
|
494 |
free(request); |
434 |
} while (relocate && purl[0] && numrelocs++ < 5); |
495 |
} while (relocate && purl[0] && numrelocs++ < 5); |
435 |
if (relocate) { |
496 |
if (relocate) { |
436 |
fprintf (stderr, "Too many HTTP relocations.\n"); |
497 |
fprintf (stderr, "Too many HTTP relocations.\n"); |
437 |
exit (1); |
498 |
exit (1); |
438 |
} |
499 |
} |
439 |
free (purl); |
500 |
free(purl); |
440 |
free (request); |
|
|
441 |
free(host); |
501 |
free(host); |
442 |
free(proxyport); |
502 |
free(proxyport); |
443 |
free(myport); |
503 |
free(myport); |