morgan/UxPlay
1
0
Fork 0
mirror of https://github.com/morgan9e/UxPlay synced 2026-04-14 00:04:13 +09:00
Code Issues Packages Projects Releases Wiki Activity

check content_type exists (to avoid DOS risk, thanks @0pepsi)

Browse Source
This commit is contained in:
F. Duncanh
2025-04-28 03:00:10 -04:00
parent 7f380af655
commit 5a6252dd8d
2 changed files with 11 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/raop.c
View File

@@ -198,8 +198,9 @@ conn_request(void *ptr, http_request_t *request, http_response_t **response) {
*/
const char *method = http_request_get_method(request);
const char *url = http_request_get_url(request);
if (!method) {
if (!method || !url) {
return;
}
@@ -211,7 +212,6 @@ conn_request(void *ptr, http_request_t *request, http_response_t **response) {
return;
}
const char *url = http_request_get_url(request);
const char *client_session_id = http_request_get_header(request, "X-Apple-Session-ID");
const char *host = http_request_get_header(request, "Host");
hls_request = (host && !cseq && !client_session_id);

9
lib/raop_handlers.h
View File

@@ -1012,6 +1012,11 @@ raop_handler_get_parameter(raop_conn_t *conn,
int datalen;
content_type = http_request_get_header(request, "Content-Type");
if (!content_type) {
http_response_init(response, "RTSP/1.0", 451, "Parameter not understood");
return;
}
data = http_request_get_data(request, &datalen);
if (!strcmp(content_type, "text/parameters")) {
const char *current = data;
@@ -1060,6 +1065,10 @@ raop_handler_set_parameter(raop_conn_t *conn,
int datalen;
content_type = http_request_get_header(request, "Content-Type");
if (!content_type) {
http_response_init(response, "RTSP/1.0", 451, "Parameter not understood");
return;
}
data = http_request_get_data(request, &datalen);
if (!strcmp(content_type, "text/parameters")) {
char *datastr;