pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/audio/streamripper fix the http header parsing buffer ...
details: https://anonhg.NetBSD.org/pkgsrc/rev/979c4834603d
branches: trunk
changeset: 532244:979c4834603d
user: drochner <drochner%pkgsrc.org@localhost>
date: Tue Aug 14 21:41:06 2007 +0000
description:
fix the http header parsing buffer overflow, the same way as done
in 1.62.2, bump PKGREVISION
The reason I'm not updating to 1.62.2 yet is that it triggers problems
with NetBSD's iconv(3) (WCHAR_T doesn't work), and that it doesn't
create id3v1 tags anymore per default which many programs want.
diffstat:
audio/streamripper/Makefile | 3 +-
audio/streamripper/distinfo | 3 +-
audio/streamripper/patches/patch-ab | 98 +++++++++++++++++++++++++++++++++++++
3 files changed, 102 insertions(+), 2 deletions(-)
diffs (127 lines):
diff -r 40baef824d3e -r 979c4834603d audio/streamripper/Makefile
--- a/audio/streamripper/Makefile Tue Aug 14 21:34:36 2007 +0000
+++ b/audio/streamripper/Makefile Tue Aug 14 21:41:06 2007 +0000
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.4 2006/12/14 08:09:16 minskim Exp $
+# $NetBSD: Makefile,v 1.5 2007/08/14 21:41:06 drochner Exp $
#
DISTNAME= streamripper-1.61.27
+PKGREVISION= 1
CATEGORIES= audio
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=streamripper/}
diff -r 40baef824d3e -r 979c4834603d audio/streamripper/distinfo
--- a/audio/streamripper/distinfo Tue Aug 14 21:34:36 2007 +0000
+++ b/audio/streamripper/distinfo Tue Aug 14 21:41:06 2007 +0000
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.2 2006/12/12 20:27:15 wiz Exp $
+$NetBSD: distinfo,v 1.3 2007/08/14 21:41:06 drochner Exp $
SHA1 (streamripper-1.61.27.tar.gz) = bdbf0e301c3c783e1f13c2977508afd5076328ad
RMD160 (streamripper-1.61.27.tar.gz) = 14b55b91e3b995515d6978383f9fc618fe92bbcb
Size (streamripper-1.61.27.tar.gz) = 1227559 bytes
SHA1 (patch-aa) = 1150430aa345f78c58d7a207433947a4241ecf29
+SHA1 (patch-ab) = d1fc536498e0216eec469da7f89d4b1712082e0f
diff -r 40baef824d3e -r 979c4834603d audio/streamripper/patches/patch-ab
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/audio/streamripper/patches/patch-ab Tue Aug 14 21:41:06 2007 +0000
@@ -0,0 +1,98 @@
+$NetBSD: patch-ab,v 1.1 2007/08/14 21:41:06 drochner Exp $
+
+--- lib/http.c.orig 2006-08-25 04:01:49.000000000 +0200
++++ lib/http.c
+@@ -258,11 +258,11 @@ httplib_construct_page_request (const ch
+
+ /* Return 1 if a match was found, 0 if not found */
+ int
+-extract_header_value (char *header, char *dest, char *match)
++extract_header_value (char *header, char *dest, char *match, int maxlen)
+ {
+ char* start = (char *)strstr(header, match);
+ if (start) {
+- subnstr_until(start+strlen(match), "\n", dest, MAX_ICY_STRING);
++ subnstr_until(start+strlen(match), "\n", dest, maxlen);
+ return 1;
+ } else {
+ return 0;
+@@ -321,24 +321,32 @@ httplib_parse_sc_header (const char *url
+ }
+
+ // read generic headers
+- extract_header_value(header, info->http_location, "Location:");
+- extract_header_value(header, info->server, "Server:");
+- rc = extract_header_value(header, info->icy_name, "icy-name:");
++ extract_header_value(header, info->http_location, "Location:",
++ sizeof(info->http_location));
++ extract_header_value(header, info->server, "Server:",
++ sizeof(info->server));
++ rc = extract_header_value(header, info->icy_name, "icy-name:",
++ sizeof(info->icy_name));
+ if (rc == 0) {
+ /* Icecast 2.0.1 */
+- rc = extract_header_value(header, info->icy_name, "ice-name:");
++ rc = extract_header_value(header, info->icy_name, "ice-name:",
++ sizeof(info->icy_name));
+ }
+ info->have_icy_name = rc;
+- extract_header_value(header, info->icy_url, "icy-url:");
+- rc = extract_header_value(header, stempbr, "icy-br:");
++ extract_header_value(header, info->icy_url, "icy-url:",
++ sizeof(info->icy_url));
++ rc = extract_header_value(header, stempbr,
++ "icy-br:", sizeof(stempbr));
+ if (rc) {
+ info->icy_bitrate = atoi(stempbr);
+ }
+
+ /* interpret the content type from http header */
+- rc = extract_header_value(header, stempbr, "Content-Type:");
++ rc = extract_header_value(header, stempbr,
++ "Content-Type:", sizeof(stempbr));
+ if (rc == 0) {
+- rc = extract_header_value(header, stempbr, "content-type:");
++ rc = extract_header_value(header, stempbr,
++ "content-type:", sizeof(stempbr));
+ }
+ if (rc == 0) {
+ info->content_type = CONTENT_TYPE_UNKNOWN;
+@@ -418,11 +426,15 @@ httplib_parse_sc_header (const char *url
+ }
+
+ // icecast 1.x headers.
+- extract_header_value(header, info->icy_url, "x-audiocast-server-url:");
+- rc = extract_header_value(header, info->icy_name, "x-audiocast-name:");
++ extract_header_value(header, info->icy_url, "x-audiocast-server-url:",
++ sizeof(info->icy_url));
++ rc = extract_header_value(header, info->icy_name, "x-audiocast-name:",
++ sizeof(info->icy_name));
+ info->have_icy_name |= rc;
+- extract_header_value(header, info->icy_genre, "x-audiocast-genre:");
+- rc = extract_header_value(header, stempbr, "x-audiocast-bitrate:");
++ extract_header_value(header, info->icy_genre, "x-audiocast-genre:",
++ sizeof(info->icy_genre));
++ rc = extract_header_value(header, stempbr, "x-audiocast-bitrate:",
++ sizeof(stempbr));
+ if (rc) {
+ info->icy_bitrate = atoi(stempbr);
+ }
+@@ -626,7 +638,8 @@ httplib_get_pls (HSOCKET *sock, SR_HTTP_
+ int best_open = 0;
+
+ sprintf (buf1, "File%d=", s);
+- if (!extract_header_value (buf, location_buf, buf1)) {
++ if (!extract_header_value (buf, location_buf, buf1,
++ sizeof(location_buf))) {
+ break;
+ }
+ if (s == 1) {
+@@ -635,7 +648,7 @@ httplib_get_pls (HSOCKET *sock, SR_HTTP_
+ }
+
+ sprintf (buf1, "Title%d=", s);
+- if (!extract_header_value (buf, title_buf, buf1)) {
++ if (!extract_header_value (buf, title_buf, buf1, sizeof(title_buf))) {
+ break;
+ }
+ num_scanned = sscanf (title_buf, "(#%*[0-9] - %d/%d",&used,&total);
Home |
Main Index |
Thread Index |
Old Index