[Mplayerxp-cvslog] CVS: mplayerxp/mplayerxp/libmpdemux asf_streaming.c,1.10,1.11
Brought to you by:
olov
From: Olov G. <ol...@us...> - 2003-10-01 21:15:00
|
Update of /cvsroot/mplayerxp/mplayerxp/mplayerxp/libmpdemux In directory sc8-pr-cvs1:/tmp/cvs-serv15253 Modified Files: asf_streaming.c Log Message: Update from mplayer: simple fix for buffer overflow (remotely exploitable). feel free to commit a better fix if you don't like it. Index: asf_streaming.c =================================================================== RCS file: /cvsroot/mplayerxp/mplayerxp/mplayerxp/libmpdemux/asf_streaming.c,v retrieving revision 1.10 retrieving revision 1.11 diff -p -u -d -r1.10 -r1.11 --- asf_streaming.c 15 Jan 2003 08:55:53 -0000 1.10 +++ asf_streaming.c 1 Oct 2003 21:14:55 -0000 1.11 @@ -502,11 +502,11 @@ asf_http_request(streaming_ctrl_t *strea return NULL; } http_set_uri( http_hdr, server_url->url ); - sprintf( str, "Host: %s:%d", server_url->hostname, server_url->port ); + sprintf( str, "Host: %.220s:%d", server_url->hostname, server_url->port ); url_free( server_url ); } else { http_set_uri( http_hdr, url->file ); - sprintf( str, "Host: %s:%d", url->hostname, url->port ); + sprintf( str, "Host: %.220s:%d", url->hostname, url->port ); } http_set_field( http_hdr, str ); |