From 5a6252dd8dd47c1e60f2fa7dd4a46878f9bc5ea5 Mon Sep 17 00:00:00 2001
From: "F. Duncanh" <fduncanh@gmail.com>
Date: Mon, 28 Apr 2025 03:00:10 -0400
Subject: [PATCH] check content_type exists (to avoid DOS risk, thanks @0pepsi)

---
 lib/raop.c          | 4 ++--
 lib/raop_handlers.h | 9 +++++++++
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/lib/raop.c b/lib/raop.c
index 55aedd7..bb7cfa9 100644
--- a/lib/raop.c
+++ b/lib/raop.c
@@ -198,8 +198,9 @@ conn_request(void *ptr, http_request_t *request, http_response_t **response) {
      */
 
     const char *method = http_request_get_method(request);
+    const char *url = http_request_get_url(request);
 
-    if (!method) {
+    if (!method  || !url) {
         return;
     }
 
@@ -211,7 +212,6 @@ conn_request(void *ptr, http_request_t *request, http_response_t **response) {
         return;
     }
 
-    const char *url = http_request_get_url(request);
     const char *client_session_id = http_request_get_header(request, "X-Apple-Session-ID");
     const char *host = http_request_get_header(request, "Host");
     hls_request =  (host && !cseq && !client_session_id);
diff --git a/lib/raop_handlers.h b/lib/raop_handlers.h
index 5133521..5dc42dc 100644
--- a/lib/raop_handlers.h
+++ b/lib/raop_handlers.h
@@ -1012,6 +1012,11 @@ raop_handler_get_parameter(raop_conn_t *conn,
     int datalen;
 
     content_type = http_request_get_header(request, "Content-Type");
+    if (!content_type) {
+        http_response_init(response, "RTSP/1.0", 451, "Parameter not understood");
+        return;
+    }
+
     data = http_request_get_data(request, &datalen);
     if (!strcmp(content_type, "text/parameters")) {
         const char *current = data;
@@ -1060,6 +1065,10 @@ raop_handler_set_parameter(raop_conn_t *conn,
     int datalen;
 
     content_type = http_request_get_header(request, "Content-Type");
+    if (!content_type) {
+        http_response_init(response, "RTSP/1.0", 451, "Parameter not understood");
+        return;
+    }
     data = http_request_get_data(request, &datalen);
     if (!strcmp(content_type, "text/parameters")) {
         char *datastr;