Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 151859 Details for
Bug 220281
media-sound/peercast <10.218-r1 HTTP::getAuthUserPass stack based buffer overflow (CVE-2008-2040)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
CVE-2008-2040.patch
CVE-2008-2040.patch (text/plain), 4.44 KB, created by
Robert Buchholz (RETIRED)
on 2008-05-04 22:04:24 UTC
(
hide
)
Description:
CVE-2008-2040.patch
Filename:
MIME Type:
Creator:
Robert Buchholz (RETIRED)
Created:
2008-05-04 22:04:24 UTC
Size:
4.44 KB
patch
obsolete
>diff -Nurad peercast-0.1218+svn20080104/core/common/channel.cpp peercast-0.1218+svn20080104.new/core/common/channel.cpp >--- peercast-0.1218+svn20080104/core/common/channel.cpp 2008-04-01 13:59:52.000000000 +0200 >+++ peercast-0.1218+svn20080104.new/core/common/channel.cpp 2008-04-30 17:45:28.000000000 +0200 >@@ -440,7 +440,7 @@ > if (http.isHeader(PCX_HS_POS)) > streamPos = atoi(arg); > else >- Servent::readICYHeader(http, info, NULL); >+ Servent::readICYHeader(http, info, NULL, 0); > > LOG_CHANNEL("Channel fetch: %s",http.cmdLine); > } >diff -Nurad peercast-0.1218+svn20080104/core/common/http.cpp peercast-0.1218+svn20080104.new/core/common/http.cpp >--- peercast-0.1218+svn20080104/core/common/http.cpp 2008-04-01 13:59:52.000000000 +0200 >+++ peercast-0.1218+svn20080104.new/core/common/http.cpp 2008-04-30 17:45:28.000000000 +0200 >@@ -102,7 +102,7 @@ > return 0; > } > //----------------------------------------- >-void HTTP::getAuthUserPass(char *user, char *pass) >+void HTTP::getAuthUserPass(char *user, char *pass, size_t ulen, size_t plen) > { > if (arg) > { >@@ -119,10 +119,14 @@ > if (s) > { > *s = 0; >- if (user) >- strcpy(user,str.cstr()); >- if (pass) >- strcpy(pass,s+1); >+ if (user){ >+ strncpy(user,str.cstr(), ulen); >+ user[ulen - 1] = 0; >+ } >+ if (pass){ >+ strncpy(pass,s+1, plen); >+ pass[plen - 1] = 0; >+ } > } > } > } >diff -Nurad peercast-0.1218+svn20080104/core/common/http.h peercast-0.1218+svn20080104.new/core/common/http.h >--- peercast-0.1218+svn20080104/core/common/http.h 2008-04-01 13:59:52.000000000 +0200 >+++ peercast-0.1218+svn20080104.new/core/common/http.h 2008-04-30 17:45:28.000000000 +0200 >@@ -176,7 +176,7 @@ > char *getArgStr(); > int getArgInt(); > >- void getAuthUserPass(char *, char *); >+ void getAuthUserPass(char *, char *, size_t, size_t); > > char cmdLine[8192],*arg; > >diff -Nurad peercast-0.1218+svn20080104/core/common/servent.h peercast-0.1218+svn20080104.new/core/common/servent.h >--- peercast-0.1218+svn20080104/core/common/servent.h 2008-04-01 13:59:52.000000000 +0200 >+++ peercast-0.1218+svn20080104.new/core/common/servent.h 2008-04-30 17:45:28.000000000 +0200 >@@ -206,7 +206,7 @@ > void sendPCPChannel(); > void checkPCPComms(Channel *, AtomStream &); > >- static void readICYHeader(HTTP &, ChanInfo &, char *); >+ static void readICYHeader(HTTP &, ChanInfo &, char *, size_t); > bool canStream(Channel *); > > bool isConnected() {return status == S_CONNECTED;} >diff -Nurad peercast-0.1218+svn20080104/core/common/servhs.cpp peercast-0.1218+svn20080104.new/core/common/servhs.cpp >--- peercast-0.1218+svn20080104/core/common/servhs.cpp 2008-04-01 13:59:52.000000000 +0200 >+++ peercast-0.1218+svn20080104.new/core/common/servhs.cpp 2008-04-30 17:45:28.000000000 +0200 >@@ -587,7 +587,7 @@ > { > case ServMgr::AUTH_HTTPBASIC: > if (http.isHeader("Authorization")) >- http.getAuthUserPass(user,pass); >+ http.getAuthUserPass(user,pass, sizeof(user), sizeof(pass)); > break; > case ServMgr::AUTH_COOKIE: > if (http.isHeader("Cookie")) >@@ -1405,7 +1405,7 @@ > > } > // ----------------------------------- >-void Servent::readICYHeader(HTTP &http, ChanInfo &info, char *pwd) >+void Servent::readICYHeader(HTTP &http, ChanInfo &info, char *pwd, size_t plen) > { > char *arg = http.getArgStr(); > if (!arg) return; >@@ -1429,8 +1429,10 @@ > info.desc.set(arg,String::T_ASCII); > info.desc.convertTo(String::T_UNICODE); > >- }else if (http.isHeader("Authorization")) >- http.getAuthUserPass(NULL,pwd); >+ }else if (http.isHeader("Authorization")){ >+ if(pwd) >+ http.getAuthUserPass(NULL,pwd, 0, plen); >+ } > else if (http.isHeader(PCX_HS_CHANNELID)) > info.id.fromStr(arg); > else if (http.isHeader("ice-password")) >@@ -1501,7 +1503,7 @@ > while (http.nextHeader()) > { > LOG_DEBUG("ICY %s",http.cmdLine); >- readICYHeader(http,info,loginPassword.cstr()); >+ readICYHeader(http,info,loginPassword.cstr(), String::MAX_LEN); > } > > >diff -Nurad peercast-0.1218+svn20080104/core/common/url.cpp peercast-0.1218+svn20080104.new/core/common/url.cpp >--- peercast-0.1218+svn20080104/core/common/url.cpp 2008-04-01 13:59:52.000000000 +0200 >+++ peercast-0.1218+svn20080104.new/core/common/url.cpp 2008-04-30 17:45:28.000000000 +0200 >@@ -171,7 +171,7 @@ > LOG_CHANNEL("Fetch HTTP: %s",http.cmdLine); > > ChanInfo tmpInfo = ch->info; >- Servent::readICYHeader(http,ch->info,NULL); >+ Servent::readICYHeader(http,ch->info,NULL, 0); > > if (!tmpInfo.name.isEmpty()) > ch->info.name = tmpInfo.name;
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=151859">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 220281
: 151859
