piano: Don't decrypt too short urls

Avoids invalid memory reads/writes
author: Lars-Dominik Braun <PromyLOPh@lavabit.com> 2009-11-28 12:23:45 +0100
committer: Lars-Dominik Braun <PromyLOPh@lavabit.com> 2009-11-28 12:23:45 +0100
commit: 7dff801f34a76dd7950fc1751ce5ee2978e9b32d (patch)
tree: ff8122281a8caffb8091aaf89604925224a27052 /libpiano/src
parent: e033ae190e67674064a2e089874b5a4185f8a654 (diff)
download: pianobar-7dff801f34a76dd7950fc1751ce5ee2978e9b32d.tar.gz
pianobar-7dff801f34a76dd7950fc1751ce5ee2978e9b32d.tar.bz2
pianobar-7dff801f34a76dd7950fc1751ce5ee2978e9b32d.zip
1 files changed, 4 insertions, 1 deletions
diff --git a/libpiano/src/xml.c b/libpiano/src/xml.c
index 8e8fb2a..185002d 100644
--- a/libpiano/src/xml.c
+++ b/libpiano/src/xml.c
@@ -240,7 +240,10 @@ static void PianoXmlParsePlaylistCb (const char *key, const ezxml_t value,
 		char *urlTail = NULL,
 				*urlTailCrypted = &valueStr[valueStrN - urlTailN];
 
-		if ((urlTail = PianoDecryptString (urlTailCrypted)) != NULL) {
+		/* don't try to decrypt if string is too short (=> invalid memory
+		 * reads/writes) */
+		if (valueStrN > urlTailN &&
+				(urlTail = PianoDecryptString (urlTailCrypted)) != NULL) {
 			if ((song->audioUrl = calloc (valueStrN + 1,
 					sizeof (*song->audioUrl))) != NULL) {
 				memcpy (song->audioUrl, valueStr, valueStrN - urlTailN);
author	Lars-Dominik Braun <PromyLOPh@lavabit.com>	2009-11-28 12:23:45 +0100
committer	Lars-Dominik Braun <PromyLOPh@lavabit.com>	2009-11-28 12:23:45 +0100
commit	7dff801f34a76dd7950fc1751ce5ee2978e9b32d (patch)
tree	ff8122281a8caffb8091aaf89604925224a27052 /libpiano/src
parent	e033ae190e67674064a2e089874b5a4185f8a654 (diff)
download	pianobar-7dff801f34a76dd7950fc1751ce5ee2978e9b32d.tar.gz pianobar-7dff801f34a76dd7950fc1751ce5ee2978e9b32d.tar.bz2 pianobar-7dff801f34a76dd7950fc1751ce5ee2978e9b32d.zip