release v0.21.10

-----BEGIN PGP SIGNATURE-----
 
 iQJEBAABCgAuFiEEA5IzWngIOJSkMBxDI26KWMbbRRIFAlz4JuAQHG1heEBtdXNp
 Y3BkLm9yZwAKCRAjbopYxttFEq9nD/40/ryDwvgsQnKhYcpPhlV8bf8iTOUSPsrW
 2P5m48sfGb3LBHV+U/sHLWH8svODSxloyvyxYSUOEJyqOu42lj0BnxPBDvRwTjcq
 PxJPHHKVuExys04k4SOKIEci742WEHTVRzO8EeOvIdgkjXCak7tpQk/wmhrGfHF1
 +rLfSu6jq90/tELsOyTLGmk3KapY637Qf2Q99Z6VZnAXhIRLK4O1E8oKGOjl2h8I
 xvjZckVZV1FYeNrC0OYdNQX0A+JhkFwLFAeWP3ksBmKfs+Csf8X0JTCofnYph46t
 5SmhTd9I6NEVnNoZyOplV7QVawGPK1p69ORB052d/9QUhMqcPmwnHrhcrWtrYl5I
 6QtUwf8nJz/TnUc7/a3BBIPHLB/PD0fGsmdDoElikkPz76sGYNor+UZIdQke1HQL
 m3zmNDxjU++sRfrSjAPOK2mxD0Km8tYIcrQBMZcyxoc7GCHaw1pIa2cxxs1aB5QZ
 gFxYICL7LJ+g5Q19JhTiWlwfdOS7jGH7mVUjhLDA/mcxGf6ln6FkDx58GqPJV+es
 UcWVbOjb3T448TVNH0Jj+FrtWK5uBmOFNTk102BbTnfDT8muedbRmRCxn0NyKkFQ
 dS8/FdU7ffw2II49ZI6BfmeLucfoTwuQ1Ky297K/62NrM67/1dKKkBLAE3/aGxwh
 xzIDTT3Mkg==
 =SELi
 -----END PGP SIGNATURE-----

Merge tag 'v0.21.10'

release v0.21.10
This commit is contained in:
Max Kellermann 2019-06-05 22:38:54 +02:00
commit adffbba2a5
5 changed files with 57 additions and 21 deletions

6
NEWS
View File

@ -12,7 +12,11 @@ ver 0.22 (not yet released)
- ffmpeg: new plugin based on FFmpeg's libavfilter library
- hdcd: new plugin based on FFmpeg's "af_hdcd" for HDCD playback
ver 0.21.10 (not yet released)
ver 0.21.10 (2019/06/05)
* decoder
- opus: fix duplicate tags
* output
- httpd: reject some well-known URIs
* fix crash bug (0.21.9 regression)
ver 0.21.9 (2019/05/20)

View File

@ -1,5 +1,5 @@
/*
* Copyright 2003-2018 The Music Player Daemon Project
* Copyright 2003-2019 The Music Player Daemon Project
* http://www.musicpd.org
*
* This program is free software; you can redistribute it and/or modify
@ -20,6 +20,8 @@
#ifndef MPD_OPUS_READER_HXX
#define MPD_OPUS_READER_HXX
#include "util/StringView.hxx"
#include <algorithm>
#include <stdint.h>
@ -81,18 +83,16 @@ public:
return ReadWord(length) && Skip(length);
}
char *ReadString() {
StringView ReadString() {
uint32_t length;
if (!ReadWord(length) || length >= 65536)
if (!ReadWord(length))
return nullptr;
const char *src = (const char *)Read(length);
if (src == nullptr)
return nullptr;
char *dest = new char[length + 1];
*std::copy_n(src, length, dest) = 0;
return dest;
return {src, length};
}
};

View File

@ -24,6 +24,8 @@
#include "tag/ParseName.hxx"
#include "ReplayGainInfo.hxx"
#include <string>
#include <stdint.h>
#include <string.h>
#include <stdlib.h>
@ -91,18 +93,25 @@ ScanOpusTags(const void *data, size_t size,
return false;
while (n-- > 0) {
char *p = r.ReadString();
if (p == nullptr)
const auto s = r.ReadString();
if (s == nullptr)
return false;
char *eq = strchr(p, '=');
if (eq != nullptr && eq > p) {
*eq = 0;
if (s.size >= 4096)
continue;
ScanOneOpusTag(p, eq + 1, rgi, handler);
}
const auto eq = s.Find('=');
if (eq == nullptr || eq == s.data)
continue;
delete[] p;
auto name = s, value = s;
name.SetEnd(eq);
value.MoveFront(eq + 1);
const std::string name2(name.data, name.size);
const std::string value2(value.data, value.size);
ScanOneOpusTag(name2.c_str(), value2.c_str(), rgi, handler);
}
return true;

View File

@ -71,10 +71,10 @@ HttpdClient::HandleLine(const char *line) noexcept
assert(state != State::RESPONSE);
if (state == State::REQUEST) {
if (memcmp(line, "HEAD /", 6) == 0) {
if (strncmp(line, "HEAD /", 6) == 0) {
line += 6;
head_method = true;
} else if (memcmp(line, "GET /", 5) == 0) {
} else if (strncmp(line, "GET /", 5) == 0) {
line += 5;
} else {
/* only GET is supported */
@ -83,8 +83,19 @@ HttpdClient::HandleLine(const char *line) noexcept
return false;
}
/* blacklist some well-known request paths */
if ((strncmp(line, "favicon.ico", 11) == 0 &&
(line[11] == '\0' || line[11] == ' ')) ||
(strncmp(line, "robots.txt", 10) == 0 &&
(line[10] == '\0' || line[10] == ' ')) ||
(strncmp(line, "sitemap.xml", 11) == 0 &&
(line[11] == '\0' || line[11] == ' ')) ||
(strncmp(line, ".well-known/", 12) == 0)) {
should_reject = true;
}
line = strchr(line, ' ');
if (line == nullptr || memcmp(line + 1, "HTTP/", 5) != 0) {
if (line == nullptr || strncmp(line + 1, "HTTP/", 5) != 0) {
/* HTTP/0.9 without request headers */
if (head_method)
@ -129,7 +140,14 @@ HttpdClient::SendResponse() noexcept
assert(state == State::RESPONSE);
if (metadata_requested) {
if (should_reject) {
response =
"HTTP/1.1 404 not found\r\n"
"Content-Type: text/plain\r\n"
"Connection: close\r\n"
"\r\n"
"404 not found";
} else if (metadata_requested) {
allocated =
icy_server_metadata_header(httpd.name, httpd.genre,
httpd.website,
@ -415,7 +433,7 @@ HttpdClient::OnSocketInput(void *data, size_t length) noexcept
if (!SendResponse())
return InputResult::CLOSED;
if (head_method) {
if (head_method || should_reject) {
LockClose();
return InputResult::CLOSED;
}

View File

@ -83,6 +83,11 @@ class HttpdClient final
*/
bool head_method = false;
/**
* Should we reject this request?
*/
bool should_reject = false;
/* ICY */
/**