Hi,
are you sure this is fixed in unstable?
Looking at the code it seems to be partly fixed.
The checks for MAX_CGI_LEN are included but:
- strcpy(loginPassword,in+7);
+ loginPassword.set(in+7);
- LOG_DEBUG("ICY client: %s
%s",loginPassword,mount?mount:"unknown");
+ LOG_DEBUG("ICY client: %s
%s",loginPassword.cstr(),mount?mount:"unknown");
}
if (mount)
- strcpy(loginMount,mount);
+ loginMount.set(mount);
handshakeICY(Channel::SRC_ICECAST,isHTTP);
sock = NULL; // socket is taken over by channel, so don`t
close it
@@ -318,7 +329,7 @@
if (!isAllowed(ALLOW_BROADCAST))
throw HTTPException(HTTP_SC_UNAVAILABLE,503);
- strcpy(loginPassword,servMgr->password); // pwd already
checked
+ loginPassword.set(servMgr->password); // pwd already checked
-is not included which is bad because loginPassword is declared as char loginPassword[64]; while #define MAX_CGI_LEN 512. So it looks to me that the code is still affected. I did not try to exploit it though. Comments? Cheers Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpBUXdrwfqOw.pgp
Description: PGP signature
