| @@ -1,17 +1,42 @@ | | | @@ -1,17 +1,42 @@ |
1 | $NetBSD: patch-ab,v 1.1 2007/08/14 21:41:06 drochner Exp $ | | 1 | $NetBSD: patch-ab,v 1.2 2009/01/07 18:45:54 drochner Exp $ |
2 | | | 2 | |
3 | --- lib/http.c.orig 2006-08-25 04:01:49.000000000 +0200 | | 3 | --- lib/http.c.orig 2009-01-07 18:27:06.000000000 +0100 |
4 | +++ lib/http.c | | 4 | +++ lib/http.c |
| | | 5 | @@ -115,7 +115,7 @@ httplib_parse_url(const char *url, URLIN |
| | | 6 | |
| | | 7 | /* search for a login '@' token */ |
| | | 8 | if (strchr(url, '@') != NULL) { |
| | | 9 | - ret = sscanf(url, "%[^:]:%[^@]", urlinfo->username, urlinfo->password); |
| | | 10 | + ret = sscanf(url, "%1023[^:]:%1023[^@]", urlinfo->username, urlinfo->password); |
| | | 11 | #if defined (commentout) |
| | | 12 | if (ret < 2) return SR_ERROR_PARSE_FAILURE; |
| | | 13 | #endif |
| | | 14 | @@ -132,13 +132,13 @@ httplib_parse_url(const char *url, URLIN |
| | | 15 | |
| | | 16 | /* search for a port seperator */ |
| | | 17 | if (strchr(url, ':') != NULL) { |
| | | 18 | - ret = sscanf(url, "%[^:]:%hu/%s", urlinfo->host, |
| | | 19 | + ret = sscanf(url, "%511[^:]:%hu/%252s", urlinfo->host, |
| | | 20 | (short unsigned int*)&urlinfo->port, urlinfo->path+1); |
| | | 21 | if (urlinfo->port < 1) return SR_ERROR_PARSE_FAILURE; |
| | | 22 | ret -= 1; |
| | | 23 | } else { |
| | | 24 | urlinfo->port = 80; |
| | | 25 | - ret = sscanf(url, "%[^/]/%s", urlinfo->host, urlinfo->path+1); |
| | | 26 | + ret = sscanf(url, "%511[^/]/%252s", urlinfo->host, urlinfo->path+1); |
| | | 27 | } |
| | | 28 | if (ret < 1) return SR_ERROR_INVALID_URL; |
| | | 29 | |
5 | @@ -258,11 +258,11 @@ httplib_construct_page_request (const ch | | 30 | @@ -258,11 +258,11 @@ httplib_construct_page_request (const ch |
6 | | | 31 | |
7 | /* Return 1 if a match was found, 0 if not found */ | | 32 | /* Return 1 if a match was found, 0 if not found */ |
8 | int | | 33 | int |
9 | -extract_header_value (char *header, char *dest, char *match) | | 34 | -extract_header_value (char *header, char *dest, char *match) |
10 | +extract_header_value (char *header, char *dest, char *match, int maxlen) | | 35 | +extract_header_value (char *header, char *dest, char *match, int maxlen) |
11 | { | | 36 | { |
12 | char* start = (char *)strstr(header, match); | | 37 | char* start = (char *)strstr(header, match); |
13 | if (start) { | | 38 | if (start) { |
14 | - subnstr_until(start+strlen(match), "\n", dest, MAX_ICY_STRING); | | 39 | - subnstr_until(start+strlen(match), "\n", dest, MAX_ICY_STRING); |
15 | + subnstr_until(start+strlen(match), "\n", dest, maxlen); | | 40 | + subnstr_until(start+strlen(match), "\n", dest, maxlen); |
16 | return 1; | | 41 | return 1; |
17 | } else { | | 42 | } else { |
| @@ -47,52 +72,94 @@ $NetBSD: patch-ab,v 1.1 2007/08/14 21:41 | | | @@ -47,52 +72,94 @@ $NetBSD: patch-ab,v 1.1 2007/08/14 21:41 |
47 | } | | 72 | } |
48 | | | 73 | |
49 | /* interpret the content type from http header */ | | 74 | /* interpret the content type from http header */ |
50 | - rc = extract_header_value(header, stempbr, "Content-Type:"); | | 75 | - rc = extract_header_value(header, stempbr, "Content-Type:"); |
51 | + rc = extract_header_value(header, stempbr, | | 76 | + rc = extract_header_value(header, stempbr, |
52 | + "Content-Type:", sizeof(stempbr)); | | 77 | + "Content-Type:", sizeof(stempbr)); |
53 | if (rc == 0) { | | 78 | if (rc == 0) { |
54 | - rc = extract_header_value(header, stempbr, "content-type:"); | | 79 | - rc = extract_header_value(header, stempbr, "content-type:"); |
55 | + rc = extract_header_value(header, stempbr, | | 80 | + rc = extract_header_value(header, stempbr, |
56 | + "content-type:", sizeof(stempbr)); | | 81 | + "content-type:", sizeof(stempbr)); |
57 | } | | 82 | } |
58 | if (rc == 0) { | | 83 | if (rc == 0) { |
59 | info->content_type = CONTENT_TYPE_UNKNOWN; | | 84 | info->content_type = CONTENT_TYPE_UNKNOWN; |
60 | @@ -418,11 +426,15 @@ httplib_parse_sc_header (const char *url | | 85 | @@ -407,6 +415,7 @@ httplib_parse_sc_header (const char *url |
| | | 86 | info->content_type = content_type_by_url; |
| | | 87 | } |
| | | 88 | } |
| | | 89 | + |
| | | 90 | // Check for Icecast 1 |
| | | 91 | else if ((start = (char *)strstr(header, "icecast")) != NULL) { |
| | | 92 | if (!info->server[0]) { |
| | | 93 | @@ -418,19 +427,19 @@ httplib_parse_sc_header (const char *url |
61 | } | | 94 | } |
62 | | | 95 | |
63 | // icecast 1.x headers. | | 96 | // icecast 1.x headers. |
64 | - extract_header_value(header, info->icy_url, "x-audiocast-server-url:"); | | 97 | - extract_header_value(header, info->icy_url, "x-audiocast-server-url:"); |
65 | - rc = extract_header_value(header, info->icy_name, "x-audiocast-name:"); | | 98 | - rc = extract_header_value(header, info->icy_name, "x-audiocast-name:"); |
66 | + extract_header_value(header, info->icy_url, "x-audiocast-server-url:", | | 99 | + extract_header_value(header, info->icy_url, "x-audiocast-server-url:", |
67 | + sizeof(info->icy_url)); | | 100 | + sizeof(info->icy_url)); |
68 | + rc = extract_header_value(header, info->icy_name, "x-audiocast-name:", | | 101 | + rc = extract_header_value(header, info->icy_name, "x-audiocast-name:", |
69 | + sizeof(info->icy_name)); | | 102 | + sizeof(info->icy_name)); |
70 | info->have_icy_name |= rc; | | 103 | info->have_icy_name |= rc; |
71 | - extract_header_value(header, info->icy_genre, "x-audiocast-genre:"); | | 104 | - extract_header_value(header, info->icy_genre, "x-audiocast-genre:"); |
72 | - rc = extract_header_value(header, stempbr, "x-audiocast-bitrate:"); | | 105 | - rc = extract_header_value(header, stempbr, "x-audiocast-bitrate:"); |
73 | + extract_header_value(header, info->icy_genre, "x-audiocast-genre:", | | 106 | + extract_header_value(header, info->icy_genre, "x-audiocast-genre:", |
74 | + sizeof(info->icy_genre)); | | 107 | + sizeof(info->icy_genre)); |
75 | + rc = extract_header_value(header, stempbr, "x-audiocast-bitrate:", | | 108 | + rc = extract_header_value(header, stempbr, "x-audiocast-bitrate:", |
76 | + sizeof(stempbr)); | | 109 | + sizeof(stempbr)); |
77 | if (rc) { | | 110 | if (rc) { |
78 | info->icy_bitrate = atoi(stempbr); | | 111 | info->icy_bitrate = atoi(stempbr); |
79 | } | | 112 | } |
80 | @@ -626,7 +638,8 @@ httplib_get_pls (HSOCKET *sock, SR_HTTP_ | | 113 | } |
| | | 114 | - // WTF is Zwitterion? |
| | | 115 | - else if ((start = (char *)strstr(header, "Zwitterion v")) != NULL) { |
| | | 116 | - sscanf(start, "%[^<]<", info->server); |
| | | 117 | - } |
| | | 118 | |
| | | 119 | /* Last chance to deduce content type */ |
| | | 120 | if (info->content_type == CONTENT_TYPE_UNKNOWN) { |
| | | 121 | @@ -626,16 +635,17 @@ httplib_get_pls (HSOCKET *sock, SR_HTTP_ |
81 | int best_open = 0; | | 122 | int best_open = 0; |
82 | | | 123 | |
83 | sprintf (buf1, "File%d=", s); | | 124 | sprintf (buf1, "File%d=", s); |
84 | - if (!extract_header_value (buf, location_buf, buf1)) { | | 125 | - if (!extract_header_value (buf, location_buf, buf1)) { |
85 | + if (!extract_header_value (buf, location_buf, buf1, | | 126 | + if (!extract_header_value (buf, location_buf, buf1, |
86 | + sizeof(location_buf))) { | | 127 | + sizeof(location_buf))) { |
87 | break; | | 128 | break; |
88 | } | | 129 | } |
89 | if (s == 1) { | | 130 | if (s == 1) { |
90 | @@ -635,7 +648,7 @@ httplib_get_pls (HSOCKET *sock, SR_HTTP_ | | 131 | - strcpy (info->http_location, location_buf); |
| | | 132 | + sr_strncpy (info->http_location, location_buf, MAX_HOST_LEN); |
| | | 133 | rc = SR_SUCCESS; |
91 | } | | 134 | } |
92 | | | 135 | |
93 | sprintf (buf1, "Title%d=", s); | | 136 | sprintf (buf1, "Title%d=", s); |
94 | - if (!extract_header_value (buf, title_buf, buf1)) { | | 137 | - if (!extract_header_value (buf, title_buf, buf1)) { |
95 | + if (!extract_header_value (buf, title_buf, buf1, sizeof(title_buf))) { | | 138 | + if (!extract_header_value (buf, title_buf, buf1, sizeof(title_buf))) { |
96 | break; | | 139 | break; |
97 | } | | 140 | } |
98 | num_scanned = sscanf (title_buf, "(#%*[0-9] - %d/%d",&used,&total); | | 141 | num_scanned = sscanf (title_buf, "(#%*[0-9] - %d/%d",&used,&total); |
| | | 142 | @@ -644,12 +654,12 @@ httplib_get_pls (HSOCKET *sock, SR_HTTP_ |
| | | 143 | } |
| | | 144 | open = total - used; |
| | | 145 | if (open > best_open) { |
| | | 146 | - strcpy (info->http_location, location_buf); |
| | | 147 | + sr_strncpy (info->http_location, location_buf, MAX_HOST_LEN); |
| | | 148 | best_open = open; |
| | | 149 | } |
| | | 150 | } |
| | | 151 | |
| | | 152 | - strcpy (info->http_location, location_buf); |
| | | 153 | + sr_strncpy (info->http_location, location_buf, MAX_HOST_LEN); |
| | | 154 | |
| | | 155 | return rc; |
| | | 156 | } |
| | | 157 | @@ -689,7 +699,7 @@ httplib_get_m3u (HSOCKET *sock, SR_HTTP_ |
| | | 158 | if (len > 4 && !strcmp (&p[len-4], ".mp3")) { |
| | | 159 | continue; |
| | | 160 | } |
| | | 161 | - strcpy (info->http_location, p); |
| | | 162 | + sr_strncpy (info->http_location, p, MAX_HOST_LEN); |
| | | 163 | debug_printf ("Redirecting from M3U to: %s\n", p); |
| | | 164 | return SR_SUCCESS; |
| | | 165 | } |