diff options
author | drochner <drochner@pkgsrc.org> | 2007-08-14 21:41:06 +0000 |
---|---|---|
committer | drochner <drochner@pkgsrc.org> | 2007-08-14 21:41:06 +0000 |
commit | 176169c0d10e0c5f3983a7f1a5d14ba6aaa0a822 (patch) | |
tree | 41878eb3765a101cbf5757ea43578cdb1f84c215 /audio/streamripper | |
parent | 895678fe23e0ad145d8e79e68f58aa4c89184a11 (diff) | |
download | pkgsrc-176169c0d10e0c5f3983a7f1a5d14ba6aaa0a822.tar.gz |
fix the http header parsing buffer overflow, the same way as done
in 1.62.2, bump PKGREVISION
The reason I'm not updating to 1.62.2 yet is that it triggers problems
with NetBSD's iconv(3) (WCHAR_T doesn't work), and that it doesn't
create id3v1 tags anymore per default which many programs want.
Diffstat (limited to 'audio/streamripper')
-rw-r--r-- | audio/streamripper/Makefile | 3 | ||||
-rw-r--r-- | audio/streamripper/distinfo | 3 | ||||
-rw-r--r-- | audio/streamripper/patches/patch-ab | 98 |
3 files changed, 102 insertions, 2 deletions
diff --git a/audio/streamripper/Makefile b/audio/streamripper/Makefile index 204012d8fa5..688c3b0bdc1 100644 --- a/audio/streamripper/Makefile +++ b/audio/streamripper/Makefile @@ -1,7 +1,8 @@ -# $NetBSD: Makefile,v 1.4 2006/12/14 08:09:16 minskim Exp $ +# $NetBSD: Makefile,v 1.5 2007/08/14 21:41:06 drochner Exp $ # DISTNAME= streamripper-1.61.27 +PKGREVISION= 1 CATEGORIES= audio MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=streamripper/} diff --git a/audio/streamripper/distinfo b/audio/streamripper/distinfo index 26b2130eaee..43c036edd7b 100644 --- a/audio/streamripper/distinfo +++ b/audio/streamripper/distinfo @@ -1,6 +1,7 @@ -$NetBSD: distinfo,v 1.2 2006/12/12 20:27:15 wiz Exp $ +$NetBSD: distinfo,v 1.3 2007/08/14 21:41:06 drochner Exp $ SHA1 (streamripper-1.61.27.tar.gz) = bdbf0e301c3c783e1f13c2977508afd5076328ad RMD160 (streamripper-1.61.27.tar.gz) = 14b55b91e3b995515d6978383f9fc618fe92bbcb Size (streamripper-1.61.27.tar.gz) = 1227559 bytes SHA1 (patch-aa) = 1150430aa345f78c58d7a207433947a4241ecf29 +SHA1 (patch-ab) = d1fc536498e0216eec469da7f89d4b1712082e0f diff --git a/audio/streamripper/patches/patch-ab b/audio/streamripper/patches/patch-ab new file mode 100644 index 00000000000..7ebb04e1878 --- /dev/null +++ b/audio/streamripper/patches/patch-ab @@ -0,0 +1,98 @@ +$NetBSD: patch-ab,v 1.1 2007/08/14 21:41:06 drochner Exp $ + +--- lib/http.c.orig 2006-08-25 04:01:49.000000000 +0200 ++++ lib/http.c +@@ -258,11 +258,11 @@ httplib_construct_page_request (const ch + + /* Return 1 if a match was found, 0 if not found */ + int +-extract_header_value (char *header, char *dest, char *match) ++extract_header_value (char *header, char *dest, char *match, int maxlen) + { + char* start = (char *)strstr(header, match); + if (start) { +- subnstr_until(start+strlen(match), "\n", dest, MAX_ICY_STRING); ++ subnstr_until(start+strlen(match), "\n", dest, maxlen); + return 1; + } else { + return 0; +@@ -321,24 +321,32 @@ httplib_parse_sc_header (const char *url + } + + // read generic headers +- extract_header_value(header, info->http_location, "Location:"); +- extract_header_value(header, info->server, "Server:"); +- rc = extract_header_value(header, info->icy_name, "icy-name:"); ++ extract_header_value(header, info->http_location, "Location:", ++ sizeof(info->http_location)); ++ extract_header_value(header, info->server, "Server:", ++ sizeof(info->server)); ++ rc = extract_header_value(header, info->icy_name, "icy-name:", ++ sizeof(info->icy_name)); + if (rc == 0) { + /* Icecast 2.0.1 */ +- rc = extract_header_value(header, info->icy_name, "ice-name:"); ++ rc = extract_header_value(header, info->icy_name, "ice-name:", ++ sizeof(info->icy_name)); + } + info->have_icy_name = rc; +- extract_header_value(header, info->icy_url, "icy-url:"); +- rc = extract_header_value(header, stempbr, "icy-br:"); ++ extract_header_value(header, info->icy_url, "icy-url:", ++ sizeof(info->icy_url)); ++ rc = extract_header_value(header, stempbr, ++ "icy-br:", sizeof(stempbr)); + if (rc) { + info->icy_bitrate = atoi(stempbr); + } + + /* interpret the content type from http header */ +- rc = extract_header_value(header, stempbr, "Content-Type:"); ++ rc = extract_header_value(header, stempbr, ++ "Content-Type:", sizeof(stempbr)); + if (rc == 0) { +- rc = extract_header_value(header, stempbr, "content-type:"); ++ rc = extract_header_value(header, stempbr, ++ "content-type:", sizeof(stempbr)); + } + if (rc == 0) { + info->content_type = CONTENT_TYPE_UNKNOWN; +@@ -418,11 +426,15 @@ httplib_parse_sc_header (const char *url + } + + // icecast 1.x headers. +- extract_header_value(header, info->icy_url, "x-audiocast-server-url:"); +- rc = extract_header_value(header, info->icy_name, "x-audiocast-name:"); ++ extract_header_value(header, info->icy_url, "x-audiocast-server-url:", ++ sizeof(info->icy_url)); ++ rc = extract_header_value(header, info->icy_name, "x-audiocast-name:", ++ sizeof(info->icy_name)); + info->have_icy_name |= rc; +- extract_header_value(header, info->icy_genre, "x-audiocast-genre:"); +- rc = extract_header_value(header, stempbr, "x-audiocast-bitrate:"); ++ extract_header_value(header, info->icy_genre, "x-audiocast-genre:", ++ sizeof(info->icy_genre)); ++ rc = extract_header_value(header, stempbr, "x-audiocast-bitrate:", ++ sizeof(stempbr)); + if (rc) { + info->icy_bitrate = atoi(stempbr); + } +@@ -626,7 +638,8 @@ httplib_get_pls (HSOCKET *sock, SR_HTTP_ + int best_open = 0; + + sprintf (buf1, "File%d=", s); +- if (!extract_header_value (buf, location_buf, buf1)) { ++ if (!extract_header_value (buf, location_buf, buf1, ++ sizeof(location_buf))) { + break; + } + if (s == 1) { +@@ -635,7 +648,7 @@ httplib_get_pls (HSOCKET *sock, SR_HTTP_ + } + + sprintf (buf1, "Title%d=", s); +- if (!extract_header_value (buf, title_buf, buf1)) { ++ if (!extract_header_value (buf, title_buf, buf1, sizeof(title_buf))) { + break; + } + num_scanned = sscanf (title_buf, "(#%*[0-9] - %d/%d",&used,&total); |