Commit b1801217 authored by Marvin Scholz's avatar Marvin Scholz Committed by Jean-Baptiste Kempf

access/http: Fix off-by-one in ICY parser

This fixes a off-by-one issue in the ICY parser that would happen in the
case the ICY metadata is unquoted. (StreamTitle=test;).
With empty metadata without ; (StreamTitle=) this would lead to a buffer
over-read.

Credit to Filip Roséen who discovered this issue.
Signed-off-by: Jean-Baptiste Kempf's avatarJean-Baptiste Kempf <jb@videolan.org>
parent cb751409
...@@ -525,18 +525,19 @@ static int ReadICYMeta( stream_t *p_access ) ...@@ -525,18 +525,19 @@ static int ReadICYMeta( stream_t *p_access )
psz = strchr( &p[1], ';' ); psz = strchr( &p[1], ';' );
if( psz ) *psz = '\0'; if( psz ) *psz = '\0';
p++;
} }
else else
{ {
char *psz = strchr( &p[1], ';' ); char *psz = strchr( p, ';' );
if( psz ) *psz = '\0'; if( psz ) *psz = '\0';
} }
if( !p_sys->psz_icy_title || if( !p_sys->psz_icy_title ||
strcmp( p_sys->psz_icy_title, &p[1] ) ) strcmp( p_sys->psz_icy_title, p ) )
{ {
free( p_sys->psz_icy_title ); free( p_sys->psz_icy_title );
char *psz_tmp = strdup( &p[1] ); char *psz_tmp = strdup( p );
p_sys->psz_icy_title = EnsureUTF8( psz_tmp ); p_sys->psz_icy_title = EnsureUTF8( psz_tmp );
if( !p_sys->psz_icy_title ) if( !p_sys->psz_icy_title )
free( psz_tmp ); free( psz_tmp );
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment