diff --git a/NEWS b/NEWS index 873c91762..9cde9bce3 100644 --- a/NEWS +++ b/NEWS @@ -20,6 +20,7 @@ ver 0.17.2 (2012/??/??) * playlist: fix memory leak * state_file: save song priorities * player: disable cross-fading in "single" mode +* update: fix unsafe readlink() usage ver 0.17.1 (2012/07/31) diff --git a/doc/mpd.conf.5 b/doc/mpd.conf.5 index d502e0564..33049bf3c 100644 --- a/doc/mpd.conf.5 +++ b/doc/mpd.conf.5 @@ -216,7 +216,7 @@ default is 5. .TP .B max_playlist_length This specifies the maximum number of songs that can be in the playlist. The -default is 4096. +default is 16384. .TP .B max_command_list_size This specifies the maximum size a command list can be. The default is 2048. diff --git a/src/AudioCompress/compress.c b/src/AudioCompress/compress.c index 36cdfd8dd..fd51ac3a3 100644 --- a/src/AudioCompress/compress.c +++ b/src/AudioCompress/compress.c @@ -33,6 +33,9 @@ struct Compressor { struct Compressor *Compressor_new(unsigned int history) { struct Compressor *obj = malloc(sizeof(struct Compressor)); + if (obj == NULL) + /* out of memory, not much we can do */ + abort(); obj->prefs.target = TARGET; obj->prefs.maxgain = GAINMAX; @@ -61,6 +64,10 @@ void Compressor_delete(struct Compressor *obj) static int *resizeArray(int *data, int newsz, int oldsz) { data = realloc(data, newsz*sizeof(int)); + if (data == NULL) + /* out of memory, not much we can do */ + abort(); + if (newsz > oldsz) memset(data + oldsz, 0, sizeof(int)*(newsz - oldsz)); return data; diff --git a/src/decoder/_ogg_common.c b/src/decoder/_ogg_common.c index bedd3de61..09d2712da 100644 --- a/src/decoder/_ogg_common.c +++ b/src/decoder/_ogg_common.c @@ -33,12 +33,14 @@ ogg_stream_type ogg_stream_type_detect(struct input_stream *inStream) size_t r; r = decoder_read(NULL, inStream, buf, sizeof(buf)); - if (r >= 32 && memcmp(buf, "OggS", 4) == 0 && ( - (memcmp(buf+29, "FLAC", 4) == 0 - && memcmp(buf+37, "fLaC", 4) == 0) - || (memcmp(buf+28, "FLAC", 4) == 0) - || (memcmp(buf+28, "fLaC", 4) == 0))) { + if (r < sizeof(buf) || memcmp(buf, "OggS", 4) != 0) + return VORBIS; + + if ((memcmp(buf + 29, "FLAC", 4) == 0 && + memcmp(buf + 37, "fLaC", 4) == 0) || + memcmp(buf + 28, "FLAC", 4) == 0 || + memcmp(buf + 28, "fLaC", 4) == 0) return FLAC; - } + return VORBIS; } diff --git a/src/update_walk.c b/src/update_walk.c index 615bf41a8..8554e8f3c 100644 --- a/src/update_walk.c +++ b/src/update_walk.c @@ -283,12 +283,20 @@ skip_symlink(const struct directory *directory, const char *utf8_name) return true; char buffer[MPD_PATH_MAX]; - ssize_t ret = readlink(path_fs, buffer, sizeof(buffer)); + ssize_t length = readlink(path_fs, buffer, sizeof(buffer)); g_free(path_fs); - if (ret < 0) + if (length < 0) /* don't skip if this is not a symlink */ return errno != EINVAL; + if ((size_t)length >= sizeof(buffer)) + /* skip symlinks when the buffer is too small for the + link target */ + return true; + + /* null-terminate the buffer, because readlink() will not */ + buffer[length] = 0; + if (!follow_inside_symlinks && !follow_outside_symlinks) { /* ignore all symlinks */ return true;