diff options
author | Lars-Dominik Braun <PromyLOPh@lavabit.com> | 2009-12-15 20:05:57 +0100 |
---|---|---|
committer | Lars-Dominik Braun <PromyLOPh@lavabit.com> | 2009-12-15 20:06:36 +0100 |
commit | fac7d0d211ab56d8a1357d7837dae789aa3cbf64 (patch) | |
tree | 98cd956c8d53535366792fce6c518745387ff5de /libpiano/src | |
parent | 6a62ae4231c2ce10b6623e32198f40f0a2a8e777 (diff) | |
parent | e51da0e0fb8c55cb874d87dafc7eec93bee6beb3 (diff) | |
download | pianobar-windows-fac7d0d211ab56d8a1357d7837dae789aa3cbf64.tar.gz pianobar-windows-fac7d0d211ab56d8a1357d7837dae789aa3cbf64.tar.bz2 pianobar-windows-fac7d0d211ab56d8a1357d7837dae789aa3cbf64.zip |
Merge branch 'fuzzing'
Fixes NULL-pointer dereferences and invalid memory reads.
Diffstat (limited to 'libpiano/src')
-rw-r--r-- | libpiano/src/http.c | 6 | ||||
-rw-r--r-- | libpiano/src/xml.c | 5 |
2 files changed, 8 insertions, 3 deletions
diff --git a/libpiano/src/http.c b/libpiano/src/http.c index 98b5e11..4af5ccc 100644 --- a/libpiano/src/http.c +++ b/libpiano/src/http.c @@ -51,7 +51,8 @@ PianoReturn_t PianoHttpPost (WaitressHandle_t *waith, const char *postData, waith->postData = reqPostData; waith->method = WAITRESS_METHOD_POST; - if (WaitressFetchBuf (waith, retData) == WAITRESS_RET_OK) { + if (WaitressFetchBuf (waith, retData) == WAITRESS_RET_OK && + *retData != NULL) { pRet = PIANO_RET_OK; } @@ -71,7 +72,8 @@ PianoReturn_t PianoHttpGet (WaitressHandle_t *waith, char **retData) { waith->postData = NULL; waith->method = WAITRESS_METHOD_GET; - if (WaitressFetchBuf (waith, retData) == WAITRESS_RET_OK) { + if (WaitressFetchBuf (waith, retData) == WAITRESS_RET_OK && + *retData != NULL) { return PIANO_RET_OK; } return PIANO_RET_NET_ERROR; diff --git a/libpiano/src/xml.c b/libpiano/src/xml.c index 8d34a32..ad0cf7d 100644 --- a/libpiano/src/xml.c +++ b/libpiano/src/xml.c @@ -240,7 +240,10 @@ static void PianoXmlParsePlaylistCb (const char *key, const ezxml_t value, char *urlTail = NULL, *urlTailCrypted = &valueStr[valueStrN - urlTailN]; - if ((urlTail = PianoDecryptString (urlTailCrypted)) != NULL) { + /* don't try to decrypt if string is too short (=> invalid memory + * reads/writes) */ + if (valueStrN > urlTailN && + (urlTail = PianoDecryptString (urlTailCrypted)) != NULL) { if ((song->audioUrl = calloc (valueStrN + 1, sizeof (*song->audioUrl))) != NULL) { memcpy (song->audioUrl, valueStr, valueStrN - urlTailN); |