Autres/Rivendellaudio
1
0
Fork 0
mirror of https://github.com/ElvishArtisan/rivendell.git synced 2026-01-12 23:55:56 +01:00
Code Issues Projects Releases Wiki Activity

2018-11-07 Fred Gleason <fredg@paravelsystems.com>

Browse Source 
* Fixed buffer overflow bugs in the rd_export(7) rivcwebapi call.
	* Fixed buffer overflow bugs in the rd_listservices(7) rivcwebapi call.
	* Fixed buffer overflow bugs in the rd_trimaudio(7) rivcwebapi call.
This commit is contained in:
Fred Gleason
2018-11-07 14:13:11 -05:00
parent 767654a751
commit e05d707ed5
6 changed files with 22 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -3,6 +3,7 @@
*.5 *.5
*.8 *.8
*.cgi *.cgi
*.dll
*.exe *.exe
*.la *.la
*.lib *.lib

4
ChangeLog
View File

@@ -17984,3 +17984,7 @@
2018-11-05 Patrick Linstruth <patrick@deltecent.com> 2018-11-05 Patrick Linstruth <patrick@deltecent.com>
* Update macro editor in rdlibrary(1) to fix display of * Update macro editor in rdlibrary(1) to fix display of
"--- End of cart ---" item and improve buttons and permissions. "--- End of cart ---" item and improve buttons and permissions.
2018-11-07 Fred Gleason <fredg@paravelsystems.com>
* Fixed buffer overflow bugs in the rd_export(7) rivcwebapi call.
* Fixed buffer overflow bugs in the rd_listservices(7) rivcwebapi call.
* Fixed buffer overflow bugs in the rd_trimaudio(7) rivcwebapi call.

28
apis/rivwebcapi/rivwebcapi/rd_export.c
View File

@@ -27,10 +27,11 @@
#include "rd_getuseragent.h" #include "rd_getuseragent.h"
#include "rd_export.h" #include "rd_export.h"
size_t write_data( void *ptr, size_t size, size_t nmemb, FILE *stream) size_t write_data( void *ptr, size_t size, size_t nmemb, void *userdata)
{ {
size_t written; size_t written;
written = fwrite(ptr,size,nmemb,stream);
written = fwrite(ptr,size,nmemb,(FILE *)userdata);
return written; return written;
} }
@@ -66,6 +67,7 @@ int RD_ExportCart( const char hostname[],
CURLcode res; CURLcode res;
char user_agent_string[255]; char user_agent_string[255];
char cart_buffer[7]; char cart_buffer[7];
char point[14];
struct curl_httppost *first=NULL; struct curl_httppost *first=NULL;
struct curl_httppost *last=NULL; struct curl_httppost *last=NULL;
@@ -140,7 +142,7 @@ int RD_ExportCart( const char hostname[],
cart_buffer, cart_buffer,
CURLFORM_END); CURLFORM_END);
snprintf(cart_buffer,7,"%u",format); snprintf(cart_buffer,7,"%d",format);
curl_formadd(&first, curl_formadd(&first,
&last, &last,
CURLFORM_PTRNAME, CURLFORM_PTRNAME,
@@ -149,7 +151,7 @@ int RD_ExportCart( const char hostname[],
cart_buffer, cart_buffer,
CURLFORM_END); CURLFORM_END);
snprintf(cart_buffer,7,"%u",channels); snprintf(cart_buffer,7,"%d",channels);
curl_formadd(&first, curl_formadd(&first,
&last, &last,
CURLFORM_PTRNAME, CURLFORM_PTRNAME,
@@ -158,7 +160,7 @@ int RD_ExportCart( const char hostname[],
cart_buffer, cart_buffer,
CURLFORM_END); CURLFORM_END);
snprintf(cart_buffer,7,"%u",sample_rate); snprintf(cart_buffer,7,"%d",sample_rate);
curl_formadd(&first, curl_formadd(&first,
&last, &last,
CURLFORM_PTRNAME, CURLFORM_PTRNAME,
@@ -167,7 +169,7 @@ int RD_ExportCart( const char hostname[],
cart_buffer, cart_buffer,
CURLFORM_END); CURLFORM_END);
snprintf(cart_buffer,7,"%u",bit_rate); snprintf(cart_buffer,7,"%d",bit_rate);
curl_formadd(&first, curl_formadd(&first,
&last, &last,
CURLFORM_PTRNAME, CURLFORM_PTRNAME,
@@ -176,7 +178,7 @@ int RD_ExportCart( const char hostname[],
cart_buffer, cart_buffer,
CURLFORM_END); CURLFORM_END);
snprintf(cart_buffer,7,"%u",quality); snprintf(cart_buffer,7,"%d",quality);
curl_formadd(&first, curl_formadd(&first,
&last, &last,
CURLFORM_PTRNAME, CURLFORM_PTRNAME,
@@ -185,25 +187,25 @@ int RD_ExportCart( const char hostname[],
cart_buffer, cart_buffer,
CURLFORM_END); CURLFORM_END);
snprintf(cart_buffer,7,"%u",start_point); snprintf(point,13,"%d",start_point);
curl_formadd(&first, curl_formadd(&first,
&last, &last,
CURLFORM_PTRNAME, CURLFORM_PTRNAME,
"START_POINT", "START_POINT",
CURLFORM_COPYCONTENTS, CURLFORM_COPYCONTENTS,
cart_buffer, point,
CURLFORM_END); CURLFORM_END);
snprintf(cart_buffer,7,"%u",end_point); snprintf(point,13,"%d",end_point);
curl_formadd(&first, curl_formadd(&first,
&last, &last,
CURLFORM_PTRNAME, CURLFORM_PTRNAME,
"END_POINT", "END_POINT",
CURLFORM_COPYCONTENTS, CURLFORM_COPYCONTENTS,
cart_buffer, point,
CURLFORM_END); CURLFORM_END);
snprintf(cart_buffer,7,"%u",normalization_level); snprintf(cart_buffer,7,"%d",normalization_level);
curl_formadd(&first, curl_formadd(&first,
&last, &last,
CURLFORM_PTRNAME, CURLFORM_PTRNAME,
@@ -212,7 +214,7 @@ int RD_ExportCart( const char hostname[],
cart_buffer, cart_buffer,
CURLFORM_END); CURLFORM_END);
snprintf(cart_buffer,7,"%u",enable_metadata); snprintf(cart_buffer,7,"%d",enable_metadata);
curl_formadd(&first, curl_formadd(&first,
&last, &last,
CURLFORM_PTRNAME, CURLFORM_PTRNAME,

2
apis/rivwebcapi/rivwebcapi/rd_listservices.c
View File

@@ -157,7 +157,7 @@ int RD_ListServices(struct rd_service *services[],
ticket, ticket,
CURLFORM_END); CURLFORM_END);
snprintf(cart_buffer,7,"%u",trackable); snprintf(cart_buffer,7,"%d",trackable);
curl_formadd(&first, curl_formadd(&first,
&last, &last,
CURLFORM_PTRNAME, CURLFORM_PTRNAME,

2
apis/rivwebcapi/rivwebcapi/rd_trimaudio.c
View File

@@ -183,7 +183,7 @@ int RD_TrimAudio(struct rd_trimaudio *trimaudio[],
buffer, buffer,
CURLFORM_END); CURLFORM_END);
snprintf(buffer,1024,"%u",trimlevel); snprintf(buffer,1024,"%d",trimlevel);
curl_formadd(&first, curl_formadd(&first,
&last, &last,
CURLFORM_PTRNAME, CURLFORM_PTRNAME,

2
apis/rivwebcapi/tests/exportcart_test.c
View File

@@ -101,7 +101,6 @@ int main(int argc,char *argv[])
// //
// Call the function // Call the function
// //
int result=RD_ExportCart( host, int result=RD_ExportCart( host,
user, user,
passwd, passwd,
@@ -119,7 +118,6 @@ int main(int argc,char *argv[])
0, 0,
filename, filename,
user_agent); user_agent);
if(result<0) { if(result<0) {
fprintf(stderr,"Something went wrong! Result Code = %d\n",result); fprintf(stderr,"Something went wrong! Result Code = %d\n",result);
exit(256); exit(256);