[Mplayer-cvslog] CVS: main/libmpdemux asf_streaming.c,1.40,1.41

Richard Felker CVS rfelker at mplayerhq.hu
Thu Sep 25 02:36:36 CEST 2003


Update of /cvsroot/mplayer/main/libmpdemux
In directory mail:/var/tmp.root/cvs-serv19707/libmpdemux

Modified Files:
	asf_streaming.c 
Log Message:
simple fix for buffer overflow (remotely exploitable). feel free to
commit a better fix if you don't like it.


Index: asf_streaming.c
===================================================================
RCS file: /cvsroot/mplayer/main/libmpdemux/asf_streaming.c,v
retrieving revision 1.40
retrieving revision 1.41
diff -u -r1.40 -r1.41
--- asf_streaming.c	15 Aug 2003 19:13:23 -0000	1.40
+++ asf_streaming.c	25 Sep 2003 00:36:04 -0000	1.41
@@ -502,11 +502,11 @@
 			return NULL;
 		}
 		http_set_uri( http_hdr, server_url->url );
-		sprintf( str, "Host: %s:%d", server_url->hostname, server_url->port );
+		sprintf( str, "Host: %.220s:%d", server_url->hostname, server_url->port );
 		url_free( server_url );
 	} else {
 		http_set_uri( http_hdr, url->file );
-		sprintf( str, "Host: %s:%d", url->hostname, url->port );
+		sprintf( str, "Host: %.220s:%d", url->hostname, url->port );
 	}
 	
 	http_set_field( http_hdr, str );



More information about the MPlayer-cvslog mailing list