release v0.21.10

-----BEGIN PGP SIGNATURE----- iQJEBAABCgAuFiEEA5IzWngIOJSkMBxDI26KWMbbRRIFAlz4JuAQHG1heEBtdXNp Y3BkLm9yZwAKCRAjbopYxttFEq9nD/40/ryDwvgsQnKhYcpPhlV8bf8iTOUSPsrW 2P5m48sfGb3LBHV+U/sHLWH8svODSxloyvyxYSUOEJyqOu42lj0BnxPBDvRwTjcq PxJPHHKVuExys04k4SOKIEci742WEHTVRzO8EeOvIdgkjXCak7tpQk/wmhrGfHF1 +rLfSu6jq90/tELsOyTLGmk3KapY637Qf2Q99Z6VZnAXhIRLK4O1E8oKGOjl2h8I xvjZckVZV1FYeNrC0OYdNQX0A+JhkFwLFAeWP3ksBmKfs+Csf8X0JTCofnYph46t 5SmhTd9I6NEVnNoZyOplV7QVawGPK1p69ORB052d/9QUhMqcPmwnHrhcrWtrYl5I 6QtUwf8nJz/TnUc7/a3BBIPHLB/PD0fGsmdDoElikkPz76sGYNor+UZIdQke1HQL m3zmNDxjU++sRfrSjAPOK2mxD0Km8tYIcrQBMZcyxoc7GCHaw1pIa2cxxs1aB5QZ gFxYICL7LJ+g5Q19JhTiWlwfdOS7jGH7mVUjhLDA/mcxGf6ln6FkDx58GqPJV+es UcWVbOjb3T448TVNH0Jj+FrtWK5uBmOFNTk102BbTnfDT8muedbRmRCxn0NyKkFQ dS8/FdU7ffw2II49ZI6BfmeLucfoTwuQ1Ky297K/62NrM67/1dKKkBLAE3/aGxwh xzIDTT3Mkg== =SELi -----END PGP SIGNATURE----- Merge tag 'v0.21.10' release v0.21.10
2019-06-05 22:38:54 +02:00 · 2019-06-05 22:38:54 +02:00 · adffbba2a5
commit adffbba2a5
parent 120e570da7 e239009295
5 changed files with 57 additions and 21 deletions
--- a/6
+++ b/6
@ -12,7 +12,11 @@ ver 0.22 (not yet released)
  - ffmpeg: new plugin based on FFmpeg's libavfilter library
  - hdcd: new plugin based on FFmpeg's "af_hdcd" for HDCD playback
-ver 0.21.10 (not yet released)
+ver 0.21.10 (2019/06/05)
 * decoder
  - opus: fix duplicate tags
 * output
  - httpd: reject some well-known URIs
 * fix crash bug (0.21.9 regression)
 ver 0.21.9 (2019/05/20)
--- a/src/decoder/plugins/OpusReader.hxx
+++ b/src/decoder/plugins/OpusReader.hxx
@ -1,5 +1,5 @@
 /*
- * Copyright 2003-2018 The Music Player Daemon Project
+ * Copyright 2003-2019 The Music Player Daemon Project
 * http://www.musicpd.org
 *
 * This program is free software; you can redistribute it and/or modify
@ -20,6 +20,8 @@
 #ifndef MPD_OPUS_READER_HXX
 #define MPD_OPUS_READER_HXX
 #include "util/StringView.hxx"
 #include <algorithm>
 #include <stdint.h>
@ -81,18 +83,16 @@ public:
 		return ReadWord(length) && Skip(length);
 	}
-	char *ReadString() {
+	StringView ReadString() {
 		uint32_t length;
-		if (!ReadWord(length) || length >= 65536)
+		if (!ReadWord(length))
 			return nullptr;
 		const char *src = (const char *)Read(length);
 		if (src == nullptr)
 			return nullptr;
-		char *dest = new char[length + 1];
+		return {src, length};
 		*std::copy_n(src, length, dest) = 0;
 		return dest;
 	}
 };
--- a/src/decoder/plugins/OpusTags.cxx
+++ b/src/decoder/plugins/OpusTags.cxx
@ -24,6 +24,8 @@
 #include "tag/ParseName.hxx"
 #include "ReplayGainInfo.hxx"
 #include <string>
 #include <stdint.h>
 #include <string.h>
 #include <stdlib.h>
@ -91,18 +93,25 @@ ScanOpusTags(const void *data, size_t size,
 		return false;
 	while (n-- > 0) {
-		char *p = r.ReadString();
+		const auto s = r.ReadString();
-		if (p == nullptr)
+		if (s == nullptr)
 			return false;
-		char *eq = strchr(p, '=');
+		if (s.size >= 4096)
-		if (eq != nullptr && eq > p) {
+			continue;
 			*eq = 0;
-			ScanOneOpusTag(p, eq + 1, rgi, handler);
+		const auto eq = s.Find('=');
-		}
+		if (eq == nullptr || eq == s.data)
 			continue;
-		delete[] p;
+		auto name = s, value = s;
 		name.SetEnd(eq);
 		value.MoveFront(eq + 1);
 		const std::string name2(name.data, name.size);
 		const std::string value2(value.data, value.size);
 		ScanOneOpusTag(name2.c_str(), value2.c_str(), rgi, handler);
 	}
 	return true;
--- a/src/output/plugins/httpd/HttpdClient.cxx
+++ b/src/output/plugins/httpd/HttpdClient.cxx
@ -71,10 +71,10 @@ HttpdClient::HandleLine(const char *line) noexcept
 	assert(state != State::RESPONSE);
 	if (state == State::REQUEST) {
-		if (memcmp(line, "HEAD /", 6) == 0) {
+		if (strncmp(line, "HEAD /", 6) == 0) {
 			line += 6;
 			head_method = true;
-		} else if (memcmp(line, "GET /", 5) == 0) {
+		} else if (strncmp(line, "GET /", 5) == 0) {
 			line += 5;
 		} else {
 			/* only GET is supported */
@ -83,8 +83,19 @@ HttpdClient::HandleLine(const char *line) noexcept
 			return false;
 		}
 		/* blacklist some well-known request paths */
 		if ((strncmp(line, "favicon.ico", 11) == 0 &&
 		     (line[11] == '\0' || line[11] == ' ')) ||
 		    (strncmp(line, "robots.txt", 10) == 0 &&
 		     (line[10] == '\0' || line[10] == ' ')) ||
 		    (strncmp(line, "sitemap.xml", 11) == 0 &&
 		     (line[11] == '\0' || line[11] == ' ')) ||
 		    (strncmp(line, ".well-known/", 12) == 0)) {
 			should_reject = true;
 		}
 		line = strchr(line, ' ');
-		if (line == nullptr || memcmp(line + 1, "HTTP/", 5) != 0) {
+		if (line == nullptr || strncmp(line + 1, "HTTP/", 5) != 0) {
 			/* HTTP/0.9 without request headers */
 			if (head_method)
@ -129,14 +140,21 @@ HttpdClient::SendResponse() noexcept
 	assert(state == State::RESPONSE);
-	if (metadata_requested) {
+	if (should_reject) {
 		response =
 			"HTTP/1.1 404 not found\r\n"
 			"Content-Type: text/plain\r\n"
 			"Connection: close\r\n"
 			"\r\n"
 			"404 not found";
 	} else if (metadata_requested) {
 		allocated =
 			icy_server_metadata_header(httpd.name, httpd.genre,
 						   httpd.website,
 						   httpd.content_type,
 						   metaint);
 		response = allocated.c_str();
-       } else { /* revert to a normal HTTP request */
+	} else { /* revert to a normal HTTP request */
 		snprintf(buffer, sizeof(buffer),
 			 "HTTP/1.1 200 OK\r\n"
 			 "Content-Type: %s\r\n"
@ -415,7 +433,7 @@ HttpdClient::OnSocketInput(void *data, size_t length) noexcept
 		if (!SendResponse())
 			return InputResult::CLOSED;
-		if (head_method) {
+		if (head_method || should_reject) {
 			LockClose();
 			return InputResult::CLOSED;
 		}
--- a/src/output/plugins/httpd/HttpdClient.hxx
+++ b/src/output/plugins/httpd/HttpdClient.hxx
@ -83,6 +83,11 @@ class HttpdClient final
 	 */
 	bool head_method = false;
 	/**
 	 * Should we reject this request?
 	 */
 	bool should_reject = false;
 	/* ICY */
 	/**