Am Samstag, 27. September 2003, 09:35:39 Uhr MET, schrieb Simon Oosthoek:
> I just read this on the mplayer site, there's a security hole in almost all
> recent versions of mplayer. A fix-release 0.92 has been made to fix this...
> http://www.mplayerhq.hu/homepage/design6/news.html
Attached is the diff against the 0.91 version.
--
What difference does it make to the dead, the orphans and the
homeless, whether the mad destruction is wrought under the name of
totalitarianism or the holy name of liberty or democracy?
Mahatma Gandhi (1869 - 1948), "Non-Violence in Peace and War"
--- MPlayer-0.91/libmpdemux/asf_streaming.c 2003-01-06 17:42:20.000000000 +0100
+++ MPlayer-0.92/libmpdemux/asf_streaming.c 2003-09-25 12:29:59.000000000 +0200
@@ -495,11 +495,11 @@
return NULL;
}
http_set_uri( http_hdr, server_url->url );
- sprintf( str, "Host: %s:%d", server_url->hostname, server_url->port );
+ sprintf( str, "Host: %.220s:%d", server_url->hostname,
server_url->port );
url_free( server_url );
} else {
http_set_uri( http_hdr, url->file );
- sprintf( str, "Host: %s:%d", url->hostname, url->port );
+ sprintf( str, "Host: %.220s:%d", url->hostname, url->port );
}
http_set_field( http_hdr, str );
