[libdmapsharing] Avoid OOB read with buggy servers
- From: W. Michael Petullo <wmpetullo src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [libdmapsharing] Avoid OOB read with buggy servers
- Date: Wed, 30 Oct 2013 01:47:49 +0000 (UTC)
commit 3e347fd3e8e7e20afc562268f27fd3c2b79f4d0e
Author: Bastien Nocera <hadess hadess net>
Date: Tue Oct 29 11:37:15 2013 +0100
Avoid OOB read with buggy servers
If the server doesn't start the Content-Range field with "bytes="
we would have an out-of-bounds read trying to parse the content
of that field. Fall back to a 0 offset when a parsing error occurs.
See https://bugzilla.redhat.com/show_bug.cgi?id=1024020
https://bugzilla.gnome.org/show_bug.cgi?id=711063
libdmapsharing/daap-share.c | 9 +++++++--
1 files changed, 7 insertions(+), 2 deletions(-)
---
diff --git a/libdmapsharing/daap-share.c b/libdmapsharing/daap-share.c
index 66cdfe6..e182055 100644
--- a/libdmapsharing/daap-share.c
+++ b/libdmapsharing/daap-share.c
@@ -922,8 +922,13 @@ databases_items_xxx (DMAPShare * share,
const gchar *s;
gchar *content_range;
- s = range_header + strlen ("bytes="); /* bytes= */
- offset = atoll (s);
+ if (!g_ascii_strncasecmp (range_header, "bytes=", strlen("bytes="))) {
+ /* Not starting with "bytes=" ? */
+ offset = 0;
+ } else {
+ s = range_header + strlen ("bytes="); /* bytes= */
+ offset = atoll (s);
+ }
content_range =
g_strdup_printf ("bytes %" G_GUINT64_FORMAT "-%"
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
