diff options
| author | Lars-Dominik Braun <PromyLOPh@lavabit.com> | 2009-12-15 20:05:57 +0100 | 
|---|---|---|
| committer | Lars-Dominik Braun <PromyLOPh@lavabit.com> | 2009-12-15 20:06:36 +0100 | 
| commit | fac7d0d211ab56d8a1357d7837dae789aa3cbf64 (patch) | |
| tree | 98cd956c8d53535366792fce6c518745387ff5de | |
| parent | 6a62ae4231c2ce10b6623e32198f40f0a2a8e777 (diff) | |
| parent | e51da0e0fb8c55cb874d87dafc7eec93bee6beb3 (diff) | |
| download | pianobar-fac7d0d211ab56d8a1357d7837dae789aa3cbf64.tar.gz pianobar-fac7d0d211ab56d8a1357d7837dae789aa3cbf64.tar.bz2 pianobar-fac7d0d211ab56d8a1357d7837dae789aa3cbf64.zip | |
Merge branch 'fuzzing'
Fixes NULL-pointer dereferences and invalid memory reads.
| -rw-r--r-- | libpiano/src/http.c | 6 | ||||
| -rw-r--r-- | libpiano/src/xml.c | 5 | ||||
| -rw-r--r-- | src/main.c | 55 | 
3 files changed, 38 insertions, 28 deletions
| diff --git a/libpiano/src/http.c b/libpiano/src/http.c index 98b5e11..4af5ccc 100644 --- a/libpiano/src/http.c +++ b/libpiano/src/http.c @@ -51,7 +51,8 @@ PianoReturn_t PianoHttpPost (WaitressHandle_t *waith, const char *postData,  	waith->postData = reqPostData;  	waith->method = WAITRESS_METHOD_POST; -	if (WaitressFetchBuf (waith, retData) == WAITRESS_RET_OK) { +	if (WaitressFetchBuf (waith, retData) == WAITRESS_RET_OK && +			*retData != NULL) {  		pRet = PIANO_RET_OK;  	} @@ -71,7 +72,8 @@ PianoReturn_t PianoHttpGet (WaitressHandle_t *waith, char **retData) {  	waith->postData = NULL;  	waith->method = WAITRESS_METHOD_GET; -	if (WaitressFetchBuf (waith, retData) == WAITRESS_RET_OK) { +	if (WaitressFetchBuf (waith, retData) == WAITRESS_RET_OK && +			*retData != NULL) {  		return PIANO_RET_OK;  	}  	return PIANO_RET_NET_ERROR; diff --git a/libpiano/src/xml.c b/libpiano/src/xml.c index 8d34a32..ad0cf7d 100644 --- a/libpiano/src/xml.c +++ b/libpiano/src/xml.c @@ -240,7 +240,10 @@ static void PianoXmlParsePlaylistCb (const char *key, const ezxml_t value,  		char *urlTail = NULL,  				*urlTailCrypted = &valueStr[valueStrN - urlTailN]; -		if ((urlTail = PianoDecryptString (urlTailCrypted)) != NULL) { +		/* don't try to decrypt if string is too short (=> invalid memory +		 * reads/writes) */ +		if (valueStrN > urlTailN && +				(urlTail = PianoDecryptString (urlTailCrypted)) != NULL) {  			if ((song->audioUrl = calloc (valueStrN + 1,  					sizeof (*song->audioUrl))) != NULL) {  				memcpy (song->audioUrl, valueStr, valueStrN - urlTailN); @@ -258,31 +258,36 @@ int main (int argc, char **argv) {  					BarUiPrintSong (playlist, curStation->isQuickMix ?  							PianoFindStationById (ph.stations,  							playlist->stationId) : NULL); -					/* setup artist and song name for scrobbling (playlist -					 * may be NULL later) */ -					WardrobeSongInit (&scrobbleSong); -					scrobbleSong.artist = strdup (playlist->artist); -					scrobbleSong.title = strdup (playlist->title); -					scrobbleSong.album = strdup (playlist->album); -					scrobbleSong.started = time (NULL); - -					/* setup player */ -					memset (&player, 0, sizeof (player)); - -					WaitressInit (&player.waith); -					WaitressSetUrl (&player.waith, playlist->audioUrl); - -					player.gain = playlist->fileGain; -					player.audioFormat = playlist->audioFormat; -		 -					/* throw event */ -					BarUiStartEventCmd (&settings, "songstart", curStation, -							playlist, PIANO_RET_OK); - -					/* start player */ -					pthread_create (&playerThread, NULL, BarPlayerThread, -							&player); -				} + +					if (playlist->audioUrl == NULL) { +						BarUiMsg (MSG_ERR, "Invalid song url.\n"); +					} else { +						/* setup artist and song name for scrobbling (playlist +						 * may be NULL later) */ +						WardrobeSongInit (&scrobbleSong); +						scrobbleSong.artist = strdup (playlist->artist); +						scrobbleSong.title = strdup (playlist->title); +						scrobbleSong.album = strdup (playlist->album); +						scrobbleSong.started = time (NULL); + +						/* setup player */ +						memset (&player, 0, sizeof (player)); + +						WaitressInit (&player.waith); +						WaitressSetUrl (&player.waith, playlist->audioUrl); + +						player.gain = playlist->fileGain; +						player.audioFormat = playlist->audioFormat; +			 +						/* throw event */ +						BarUiStartEventCmd (&settings, "songstart", curStation, +								playlist, PIANO_RET_OK); + +						/* start player */ +						pthread_create (&playerThread, NULL, BarPlayerThread, +								&player); +					} /* end if audioUrl == NULL */ +				} /* end if playlist != NULL */  			} /* end if curStation != NULL */  		} | 
