From 27535a7f781d7fbc87b2c6f9ec217cf7daca3323 Mon Sep 17 00:00:00 2001 From: Max Kellermann Date: Mon, 3 Sep 2012 22:41:04 +0200 Subject: [PATCH 1/5] update_walk: fix unsafe readlink() usage --- NEWS | 1 + src/update_walk.c | 12 ++++++++++-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/NEWS b/NEWS index c23739d7a..22f42b775 100644 --- a/NEWS +++ b/NEWS @@ -17,6 +17,7 @@ ver 0.17.2 (2012/??/??) * playlist: fix memory leak * state_file: save song priorities * player: disable cross-fading in "single" mode +* update: fix unsafe readlink() usage ver 0.17.1 (2012/07/31) diff --git a/src/update_walk.c b/src/update_walk.c index 615bf41a8..8554e8f3c 100644 --- a/src/update_walk.c +++ b/src/update_walk.c @@ -283,12 +283,20 @@ skip_symlink(const struct directory *directory, const char *utf8_name) return true; char buffer[MPD_PATH_MAX]; - ssize_t ret = readlink(path_fs, buffer, sizeof(buffer)); + ssize_t length = readlink(path_fs, buffer, sizeof(buffer)); g_free(path_fs); - if (ret < 0) + if (length < 0) /* don't skip if this is not a symlink */ return errno != EINVAL; + if ((size_t)length >= sizeof(buffer)) + /* skip symlinks when the buffer is too small for the + link target */ + return true; + + /* null-terminate the buffer, because readlink() will not */ + buffer[length] = 0; + if (!follow_inside_symlinks && !follow_outside_symlinks) { /* ignore all symlinks */ return true; From 013e8479afce485bec1c93b8b58fb558abaac6ed Mon Sep 17 00:00:00 2001 From: Max Kellermann Date: Mon, 3 Sep 2012 22:45:33 +0200 Subject: [PATCH 2/5] AudioCompress: abort on out-of-memory This library crashes on out-of-memory (NULL pointer dereference). There's not much useful MPD can do in such a situation, so let's explicitly abort instead, just like GLib does. --- src/AudioCompress/compress.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/AudioCompress/compress.c b/src/AudioCompress/compress.c index 36cdfd8dd..fd51ac3a3 100644 --- a/src/AudioCompress/compress.c +++ b/src/AudioCompress/compress.c @@ -33,6 +33,9 @@ struct Compressor { struct Compressor *Compressor_new(unsigned int history) { struct Compressor *obj = malloc(sizeof(struct Compressor)); + if (obj == NULL) + /* out of memory, not much we can do */ + abort(); obj->prefs.target = TARGET; obj->prefs.maxgain = GAINMAX; @@ -61,6 +64,10 @@ void Compressor_delete(struct Compressor *obj) static int *resizeArray(int *data, int newsz, int oldsz) { data = realloc(data, newsz*sizeof(int)); + if (data == NULL) + /* out of memory, not much we can do */ + abort(); + if (newsz > oldsz) memset(data + oldsz, 0, sizeof(int)*(newsz - oldsz)); return data; From 2050e2f886b772102fe99c29a1ac24867ffbcdbf Mon Sep 17 00:00:00 2001 From: Wieland Hoffmann Date: Wed, 29 Aug 2012 19:38:11 +0200 Subject: [PATCH 3/5] mpd.conf(5): Use the correct default value for max_playlist_length --- doc/mpd.conf.5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/mpd.conf.5 b/doc/mpd.conf.5 index d502e0564..33049bf3c 100644 --- a/doc/mpd.conf.5 +++ b/doc/mpd.conf.5 @@ -216,7 +216,7 @@ default is 5. .TP .B max_playlist_length This specifies the maximum number of songs that can be in the playlist. The -default is 4096. +default is 16384. .TP .B max_command_list_size This specifies the maximum size a command list can be. The default is 2048. From 0d24250aa702eb94289890466aba9fd959df2e22 Mon Sep 17 00:00:00 2001 From: Max Kellermann Date: Tue, 4 Sep 2012 11:22:05 +0200 Subject: [PATCH 4/5] decoder/_ogg_common: simplify the large "if" expression --- src/decoder/_ogg_common.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/src/decoder/_ogg_common.c b/src/decoder/_ogg_common.c index bedd3de61..8df97eef8 100644 --- a/src/decoder/_ogg_common.c +++ b/src/decoder/_ogg_common.c @@ -33,12 +33,14 @@ ogg_stream_type ogg_stream_type_detect(struct input_stream *inStream) size_t r; r = decoder_read(NULL, inStream, buf, sizeof(buf)); - if (r >= 32 && memcmp(buf, "OggS", 4) == 0 && ( - (memcmp(buf+29, "FLAC", 4) == 0 - && memcmp(buf+37, "fLaC", 4) == 0) - || (memcmp(buf+28, "FLAC", 4) == 0) - || (memcmp(buf+28, "fLaC", 4) == 0))) { + if (r < 32 || memcmp(buf, "OggS", 4) != 0) + return VORBIS; + + if ((memcmp(buf + 29, "FLAC", 4) == 0 && + memcmp(buf + 37, "fLaC", 4) == 0) || + memcmp(buf + 28, "FLAC", 4) == 0 || + memcmp(buf + 28, "fLaC", 4) == 0) return FLAC; - } + return VORBIS; } From 41487426f5fb19c963e5f94e8c4f791637e2da03 Mon Sep 17 00:00:00 2001 From: Max Kellermann Date: Tue, 4 Sep 2012 11:22:15 +0200 Subject: [PATCH 5/5] decoder/_ogg_common: fix buffer size check Fixes potential access to uninitialised memory. --- src/decoder/_ogg_common.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/decoder/_ogg_common.c b/src/decoder/_ogg_common.c index 8df97eef8..09d2712da 100644 --- a/src/decoder/_ogg_common.c +++ b/src/decoder/_ogg_common.c @@ -33,7 +33,7 @@ ogg_stream_type ogg_stream_type_detect(struct input_stream *inStream) size_t r; r = decoder_read(NULL, inStream, buf, sizeof(buf)); - if (r < 32 || memcmp(buf, "OggS", 4) != 0) + if (r < sizeof(buf) || memcmp(buf, "OggS", 4) != 0) return VORBIS; if ((memcmp(buf + 29, "FLAC", 4) == 0 &&