summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLars-Dominik Braun <PromyLOPh@lavabit.com>2009-12-15 20:05:57 +0100
committerLars-Dominik Braun <PromyLOPh@lavabit.com>2009-12-15 20:06:36 +0100
commitfac7d0d211ab56d8a1357d7837dae789aa3cbf64 (patch)
tree98cd956c8d53535366792fce6c518745387ff5de
parent6a62ae4231c2ce10b6623e32198f40f0a2a8e777 (diff)
parente51da0e0fb8c55cb874d87dafc7eec93bee6beb3 (diff)
downloadpianobar-windows-fac7d0d211ab56d8a1357d7837dae789aa3cbf64.tar.gz
pianobar-windows-fac7d0d211ab56d8a1357d7837dae789aa3cbf64.tar.bz2
pianobar-windows-fac7d0d211ab56d8a1357d7837dae789aa3cbf64.zip
Merge branch 'fuzzing'
Fixes NULL-pointer dereferences and invalid memory reads.
-rw-r--r--libpiano/src/http.c6
-rw-r--r--libpiano/src/xml.c5
-rw-r--r--src/main.c55
3 files changed, 38 insertions, 28 deletions
diff --git a/libpiano/src/http.c b/libpiano/src/http.c
index 98b5e11..4af5ccc 100644
--- a/libpiano/src/http.c
+++ b/libpiano/src/http.c
@@ -51,7 +51,8 @@ PianoReturn_t PianoHttpPost (WaitressHandle_t *waith, const char *postData,
waith->postData = reqPostData;
waith->method = WAITRESS_METHOD_POST;
- if (WaitressFetchBuf (waith, retData) == WAITRESS_RET_OK) {
+ if (WaitressFetchBuf (waith, retData) == WAITRESS_RET_OK &&
+ *retData != NULL) {
pRet = PIANO_RET_OK;
}
@@ -71,7 +72,8 @@ PianoReturn_t PianoHttpGet (WaitressHandle_t *waith, char **retData) {
waith->postData = NULL;
waith->method = WAITRESS_METHOD_GET;
- if (WaitressFetchBuf (waith, retData) == WAITRESS_RET_OK) {
+ if (WaitressFetchBuf (waith, retData) == WAITRESS_RET_OK &&
+ *retData != NULL) {
return PIANO_RET_OK;
}
return PIANO_RET_NET_ERROR;
diff --git a/libpiano/src/xml.c b/libpiano/src/xml.c
index 8d34a32..ad0cf7d 100644
--- a/libpiano/src/xml.c
+++ b/libpiano/src/xml.c
@@ -240,7 +240,10 @@ static void PianoXmlParsePlaylistCb (const char *key, const ezxml_t value,
char *urlTail = NULL,
*urlTailCrypted = &valueStr[valueStrN - urlTailN];
- if ((urlTail = PianoDecryptString (urlTailCrypted)) != NULL) {
+ /* don't try to decrypt if string is too short (=> invalid memory
+ * reads/writes) */
+ if (valueStrN > urlTailN &&
+ (urlTail = PianoDecryptString (urlTailCrypted)) != NULL) {
if ((song->audioUrl = calloc (valueStrN + 1,
sizeof (*song->audioUrl))) != NULL) {
memcpy (song->audioUrl, valueStr, valueStrN - urlTailN);
diff --git a/src/main.c b/src/main.c
index fc6fc76..bfe4965 100644
--- a/src/main.c
+++ b/src/main.c
@@ -258,31 +258,36 @@ int main (int argc, char **argv) {
BarUiPrintSong (playlist, curStation->isQuickMix ?
PianoFindStationById (ph.stations,
playlist->stationId) : NULL);
- /* setup artist and song name for scrobbling (playlist
- * may be NULL later) */
- WardrobeSongInit (&scrobbleSong);
- scrobbleSong.artist = strdup (playlist->artist);
- scrobbleSong.title = strdup (playlist->title);
- scrobbleSong.album = strdup (playlist->album);
- scrobbleSong.started = time (NULL);
-
- /* setup player */
- memset (&player, 0, sizeof (player));
-
- WaitressInit (&player.waith);
- WaitressSetUrl (&player.waith, playlist->audioUrl);
-
- player.gain = playlist->fileGain;
- player.audioFormat = playlist->audioFormat;
-
- /* throw event */
- BarUiStartEventCmd (&settings, "songstart", curStation,
- playlist, PIANO_RET_OK);
-
- /* start player */
- pthread_create (&playerThread, NULL, BarPlayerThread,
- &player);
- }
+
+ if (playlist->audioUrl == NULL) {
+ BarUiMsg (MSG_ERR, "Invalid song url.\n");
+ } else {
+ /* setup artist and song name for scrobbling (playlist
+ * may be NULL later) */
+ WardrobeSongInit (&scrobbleSong);
+ scrobbleSong.artist = strdup (playlist->artist);
+ scrobbleSong.title = strdup (playlist->title);
+ scrobbleSong.album = strdup (playlist->album);
+ scrobbleSong.started = time (NULL);
+
+ /* setup player */
+ memset (&player, 0, sizeof (player));
+
+ WaitressInit (&player.waith);
+ WaitressSetUrl (&player.waith, playlist->audioUrl);
+
+ player.gain = playlist->fileGain;
+ player.audioFormat = playlist->audioFormat;
+
+ /* throw event */
+ BarUiStartEventCmd (&settings, "songstart", curStation,
+ playlist, PIANO_RET_OK);
+
+ /* start player */
+ pthread_create (&playerThread, NULL, BarPlayerThread,
+ &player);
+ } /* end if audioUrl == NULL */
+ } /* end if playlist != NULL */
} /* end if curStation != NULL */
}