--- mpg123-orig/httpget.c	2000-10-30 18:45:12.000000000 +0100
+++ mpg123-myfix/httpget.c	2006-05-22 02:45:59.000000000 +0200
@@ -3,6 +3,11 @@
  *
  *   Oliver Fromme  <oliver.fromme@heim3.tu-clausthal.de>
  *   Wed Apr  9 20:57:47 MET DST 1997
+ *
+ *   Modified by Jeremy Huddleston <eradicator@gentoo.org> 2004.10.21 per 
+ *   http://bugs.gentoo.org/show_bug.cgi?id=68343
+ *   http://www.barrossecurity.com/advisories/mpg123_getauthfromurl_bof_advisory.txt
+ *
  */
 
 #undef ALSA
@@ -221,12 +226,12 @@ unsigned char *proxyport;
 #define ACCEPT_HEAD "Accept: audio/mpeg, audio/x-mpegurl, */*\r\n"
 
 char *httpauth = NULL;
-char httpauth1[256];
+char *httpauth1 = NULL;
 
 int http_open (char *url)
 {
 	char *purl, *host, *request, *sptr;
-	int linelength;
+	unsigned int linelength, linelengthbase, purl_length;
 	unsigned long myip;
 	unsigned char *myport;
 	int sock;
@@ -270,53 +275,80 @@ int http_open (char *url)
                        exit(1);
                }
 
-	
-	if ((linelength = strlen(url)+200) < 1024)
-		linelength = 1024;
-	if (!(request = malloc(linelength)) || !(purl = malloc(1024))) {
+	/*
+	 * The length of purl is upper bound by 3*strlen(url) + 1 if everything
+	 * in it is a space. For HTTP redirections, we need something longer;
+	 * 1024 bytes were arbitrarily chosen.
+	 */
+	purl_length = strlen(url) * 3 + 1;
+	if (purl_length < 1024) purl_length = 1024;
+	purl = (char *)malloc(sizeof(char) * purl_length);
+	if (!purl) {
 		fprintf (stderr, "malloc() failed, out of memory.\n");
 		exit (1);
 	}
-       /*
-        * 2000-10-21:
-        * We would like spaces to be automatically converted to %20's when
-        * fetching via HTTP.
-        * -- Martin Sjögren <md9ms@mdstud.chalmers.se>
-        */
-       if ((sptr = strchr(url, ' ')) == NULL) {
-               strncpy (purl, url, 1023);
-               purl[1023] = '\0';
-       }
-       else {
-               int purllength = 0;
-               char *urlptr = url;
-               purl[0] = '\0';
-               do {
-                       purllength += sptr-urlptr + 3;
-                       if (purllength >= 1023)
-                               break;
-                       strncat (purl, urlptr, sptr-urlptr);
-                       //purl[sptr-url] = '\0';
-                       strcat (purl, "%20");
-                       urlptr = sptr + 1;
-               }
-               while ((sptr = strchr (urlptr, ' ')) != NULL);
-               strcat (purl, urlptr);
-       }
 
+	/*
+	 * 2000-10-21:
+	 * We would like spaces to be automatically converted to %20's when
+	 * fetching via HTTP.
+	 * -- Martin Sjögren <md9ms@mdstud.chalmers.se>
+	 */
+	if ((sptr = strchr(url, ' ')) == NULL) {
+		strcpy (purl, url);
+	} else {
+		char *urlptr = url;
+		purl[0] = '\0';
+		do {
+			strncat (purl, urlptr, sptr - urlptr);
+			strcat (purl, "%20");
+			urlptr = sptr + 1;
+		}
+		while ((sptr = strchr (urlptr, ' ')) != NULL);
+		strcat (purl, urlptr);
+	}
+
+	httpauth1 = (char *)malloc((strlen(purl) + 1) * sizeof(char));
+	if(!httpauth1) {
+		fprintf(stderr, "malloc() failed, out of memory.\n");
+		exit(1);
+	}
+	getauthfromURL(purl,httpauth1);
+
+	/* "GET http://" +               11
+	 * " HTTP/1.0\r\nUser-Agent: <prgName>/<prgVersion>\r\n"  26 + prgName + prgVersion
+	 * ACCEPT_HEAD               strlen(ACCEPT_HEAD)
+	 * "Authorization: Basic \r\n"   23
+	 * "\r\n"                         2
+	 */
+	linelengthbase = 62 + strlen(prgName) + strlen(prgVersion) + strlen(ACCEPT_HEAD);
+
+	if(httpauth)
+		linelengthbase += (strlen(httpauth) + 1) * 4;
 
-        getauthfromURL(purl,httpauth1);
+	if(httpauth1)
+		linelengthbase += (strlen(httpauth1) + 1) * 4;
 
 	do {
-		strcpy (request, "GET ");
 		if (proxyip != INADDR_NONE) {
-                        if (strncasecmp(url, "http://", 7) != 0 && strncasecmp(url,"ftp://", 6) != 0)
-				strcat (request, "http://");
-			strcat (request, purl);
 			myport = proxyport;
 			myip = proxyip;
-		}
-		else {
+
+			linelength = linelengthbase + strlen(purl);
+			if(host)
+				linelength += 9 + strlen(host) + strlen(myport); /* "Host: <host>:<port>\r\n" */
+
+			request = (char *)malloc((linelength + 1) * sizeof(char));
+			if (!request) {
+				fprintf (stderr, "malloc() failed, out of memory.\n");
+				exit (1);
+			}
+
+			strcpy (request, "GET ");
+			if (strncasecmp(url, "http://", 7) != 0 && strncasecmp(url,"ftp://", 6) != 0)
+				strcat (request, "http://");
+			strcat (request, purl);
+		} else {
 			if (host) {
 				free(host);
 				host=NULL;
@@ -325,19 +357,30 @@ int http_open (char *url)
 				free(proxyport);
 				proxyport=NULL;
 			}
-			if (!(sptr = url2hostport(purl, &host, &myip, &myport))) {
-				fprintf (stderr, "Unknown host \"%s\".\n",
-					host ? host : "");
+			
+			sptr = url2hostport(purl, &host, &myip, &myport);
+			if (!sptr) {
+				fprintf (stderr, "Unknown host \"%s\".\n", host ? host : "");
+				exit (1);
+			}
+
+			linelength = linelengthbase + strlen(sptr);
+			if(host)
+				linelength += 9 + strlen(host) + strlen(myport); /* "Host: <host>:<port>\r\n" */
+
+			request = (char *)malloc((linelength + 1) * sizeof(char));
+			if (!request) {
+				fprintf (stderr, "malloc() failed, out of memory.\n");
 				exit (1);
 			}
+
+			strcpy (request, "GET ");
 			strcat (request, sptr);
 		}
-		sprintf (request + strlen(request),
-			" HTTP/1.0\r\nUser-Agent: %s/%s\r\n",
-			prgName, prgVersion);
+
+		sprintf (request + strlen(request), " HTTP/1.0\r\nUser-Agent: %s/%s\r\n", prgName, prgVersion);
 		if (host) {
-			sprintf(request + strlen(request),
-				"Host: %s:%s\r\n", host, myport);
+			sprintf(request + strlen(request), "Host: %s:%s\r\n", host, myport);
 #if 0
 			free (host);
 #endif
@@ -394,15 +437,29 @@ fail:
 			exit(1);
 		}
 
-		if (strlen(httpauth1) || httpauth) {
-			char buf[1023];
+		if (httpauth1 || httpauth) {
+			char *buf;
 			strcat (request,"Authorization: Basic ");
-                        if(strlen(httpauth1))
-                          encode64(httpauth1,buf);
-                        else
-			  encode64(httpauth,buf);
-			strcat (request,buf);
+			if(httpauth1) {
+				buf=(char *)malloc((strlen(httpauth1) + 1) * 4 * sizeof(char));
+				if(!buf) {
+					fprintf(stderr, "Error allocating sufficient memory for http authentication.  Exiting.");
+					exit(1);
+				}
+				encode64(httpauth1,buf);
+				free(httpauth1);
+			} else {
+				buf=(char *)malloc((strlen(httpauth) + 1) * 4 * sizeof(char));
+				if(!buf) {
+					fprintf(stderr, "Error allocating sufficient memory for http authentication.  Exiting.");
+					exit(1);
+				}
+				encode64(httpauth,buf);
+			}
+
+			strcat (request, buf);
 			strcat (request,"\r\n");
+			free(buf);
 		}
 		strcat (request, "\r\n");
 
@@ -428,16 +485,19 @@ fail:
 		}
 		do {
 			readstring (request, linelength-1, myfile);
-			if (!strncmp(request, "Location:", 9))
-				strncpy (purl, request+10, 1023);
+			if (!strncmp(request, "Location:", 9)) {
+				strncpy (purl, request+10, purl_length);
+				purl[purl_length - 1] = 0;
+			}
 		} while (request[0] != '\r' && request[0] != '\n');
+		
+		free(request);
 	} while (relocate && purl[0] && numrelocs++ < 5);
 	if (relocate) {
 		fprintf (stderr, "Too many HTTP relocations.\n");
 		exit (1);
 	}
-	free (purl);
-	free (request);
+	free(purl);
 	free(host);
 	free(proxyport);
 	free(myport);