--- peercast-0.1218+svn20080104/core/common/channel.cpp 2008-04-01 13:59:52.000000000 +0200 +++ peercast-0.1218+svn20080104/core/common/channel.cpp 2008-04-30 17:45:28.000000000 +0200 @@ -440,7 +440,7 @@ if (http.isHeader(PCX_HS_POS)) streamPos = atoi(arg); else - Servent::readICYHeader(http, info, NULL); + Servent::readICYHeader(http, info, NULL, 0); LOG_CHANNEL("Channel fetch: %s",http.cmdLine); } --- peercast-0.1218+svn20080104/core/common/http.cpp 2008-04-01 13:59:52.000000000 +0200 +++ peercast-0.1218+svn20080104/core/common/http.cpp 2008-04-30 17:45:28.000000000 +0200 @@ -102,7 +102,7 @@ return 0; } //----------------------------------------- -void HTTP::getAuthUserPass(char *user, char *pass) +void HTTP::getAuthUserPass(char *user, char *pass, size_t ulen, size_t plen) { if (arg) { @@ -119,10 +119,14 @@ if (s) { *s = 0; - if (user) - strcpy(user,str.cstr()); - if (pass) - strcpy(pass,s+1); + if (user){ + strncpy(user,str.cstr(), ulen); + user[ulen - 1] = 0; + } + if (pass){ + strncpy(pass,s+1, plen); + pass[plen - 1] = 0; + } } } } --- peercast-0.1218+svn20080104/core/common/http.h 2008-04-01 13:59:52.000000000 +0200 +++ peercast-0.1218+svn20080104/core/common/http.h 2008-04-30 17:45:28.000000000 +0200 @@ -176,7 +176,7 @@ char *getArgStr(); int getArgInt(); - void getAuthUserPass(char *, char *); + void getAuthUserPass(char *, char *, size_t, size_t); char cmdLine[8192],*arg; --- peercast-0.1218+svn20080104/core/common/servent.h 2008-04-01 13:59:52.000000000 +0200 +++ peercast-0.1218+svn20080104/core/common/servent.h 2008-04-30 17:45:28.000000000 +0200 @@ -206,7 +206,7 @@ void sendPCPChannel(); void checkPCPComms(Channel *, AtomStream &); - static void readICYHeader(HTTP &, ChanInfo &, char *); + static void readICYHeader(HTTP &, ChanInfo &, char *, size_t); bool canStream(Channel *); bool isConnected() {return status == S_CONNECTED;} --- peercast-0.1218+svn20080104/core/common/servhs.cpp 2008-04-01 13:59:52.000000000 +0200 +++ peercast-0.1218+svn20080104/core/common/servhs.cpp 2008-04-30 17:45:28.000000000 +0200 @@ -587,7 +587,7 @@ { case ServMgr::AUTH_HTTPBASIC: if (http.isHeader("Authorization")) - http.getAuthUserPass(user,pass); + http.getAuthUserPass(user,pass, sizeof(user), sizeof(pass)); break; case ServMgr::AUTH_COOKIE: if (http.isHeader("Cookie")) @@ -1405,7 +1405,7 @@ } // ----------------------------------- -void Servent::readICYHeader(HTTP &http, ChanInfo &info, char *pwd) +void Servent::readICYHeader(HTTP &http, ChanInfo &info, char *pwd, size_t plen) { char *arg = http.getArgStr(); if (!arg) return; @@ -1429,8 +1429,10 @@ info.desc.set(arg,String::T_ASCII); info.desc.convertTo(String::T_UNICODE); - }else if (http.isHeader("Authorization")) - http.getAuthUserPass(NULL,pwd); + }else if (http.isHeader("Authorization")){ + if(pwd) + http.getAuthUserPass(NULL,pwd, 0, plen); + } else if (http.isHeader(PCX_HS_CHANNELID)) info.id.fromStr(arg); else if (http.isHeader("ice-password")) @@ -1501,7 +1503,7 @@ while (http.nextHeader()) { LOG_DEBUG("ICY %s",http.cmdLine); - readICYHeader(http,info,loginPassword.cstr()); + readICYHeader(http,info,loginPassword.cstr(), String::MAX_LEN); } --- peercast-0.1218+svn20080104/core/common/url.cpp 2008-04-01 13:59:52.000000000 +0200 +++ peercast-0.1218+svn20080104/core/common/url.cpp 2008-04-30 17:45:28.000000000 +0200 @@ -171,7 +171,7 @@ LOG_CHANNEL("Fetch HTTP: %s",http.cmdLine); ChanInfo tmpInfo = ch->info; - Servent::readICYHeader(http,ch->info,NULL); + Servent::readICYHeader(http,ch->info,NULL, 0); if (!tmpInfo.name.isEmpty()) ch->info.name = tmpInfo.name;