Context Navigation

← Previous Change
Next Change →

Changeset 5145:c1a3ca765154 in roaraudio for libroar/stream.c

Timestamp:

10/11/11 13:47:59 (13 years ago)

Author:

phi

Branch:

default

Phase:

public

Message:

Fixed invalid pointer aliasing in filter code (pr0)
Fixed remote a local buffer overflow in client to message converter code as well as a remote attackable overflow in message to client converter code (pr0)
Updated error handling (pr0)

File:

: 1 edited

libroar/stream.c (modified) (40 diffs)

Legend:

: Unmodified
: Added
: Removed

libroar/stream.c

-                      r5072
+                      r5145
                      unsigned int channels, unsigned int bits, unsigned int codec) {
+ if ( s == NULL )
+  return -1;
+ if ( s == NULL ) {
+  roar_err_set(ROAR_ERROR_FAULT);
+  return -1;
+ }
  s->fh         = -1;
 …
 int roar_stream_set_rel_id(struct roar_stream * s, int id) {
+ if ( s == NULL )
+  return -1;
+ if ( s == NULL ) {
+  roar_err_set(ROAR_ERROR_FAULT);
+  return -1;
+ }
  s->pos_rel_id = id;
 …
 int roar_stream_get_rel_id(struct roar_stream * s) {
+ if ( s == NULL )
+  return -1;
+ if ( s == NULL ) {
+  roar_err_set(ROAR_ERROR_FAULT);
+  return -1;
+ }
  return s->pos_rel_id;
 …
 int roar_stream_new_by_id(struct roar_stream * s, int id) {
+ if ( s == NULL )
+  return -1;
+ if ( s == NULL ) {
+  roar_err_set(ROAR_ERROR_FAULT);
+  return -1;
+ }
  if ( roar_stream_new_empty(s) == -1 )
 …
 int roar_stream_new_empty(struct roar_stream * s) {
+ if ( s == NULL )
+  return -1;
+ if ( s == NULL ) {
+  roar_err_set(ROAR_ERROR_FAULT);
+  return -1;
+ }
  return roar_stream_new(s, 0, 0, 0, 0);
 …
 int roar_stream_set_id (struct roar_stream * s, int id) {
+ if ( s == NULL )
+  return -1;
+ if ( s == NULL ) {
+  roar_err_set(ROAR_ERROR_FAULT);
+  return -1;
+ }
  s->id = id;
 …
 int roar_stream_get_id (struct roar_stream * s) {
+ if ( s == NULL )
+  return -1;
+ if ( s == NULL ) {
+  roar_err_set(ROAR_ERROR_FAULT);
+  return -1;
+ }
  return s->id;
 …
 int roar_stream_set_fh (struct roar_stream * s, int fh) {
+ if ( s == NULL )
+  return -1;
+ if ( s == NULL ) {
+  roar_err_set(ROAR_ERROR_FAULT);
+  return -1;
+ }
  s->fh = fh;
 …
 int roar_stream_get_fh (struct roar_stream * s) {
+ if ( s == NULL )
+  return -1;
+ if ( s == NULL ) {
+  roar_err_set(ROAR_ERROR_FAULT);
+  return -1;
+ }
  return s->fh;
 …
 int roar_stream_set_dir (struct roar_stream * s, int dir) {
+ if ( s == NULL )
+  return -1;
+ if ( s == NULL ) {
+  roar_err_set(ROAR_ERROR_FAULT);
+  return -1;
+ }
  s->dir = dir;
 …
 int roar_stream_get_dir (struct roar_stream * s) {
+ if ( s == NULL )
+  return -1;
+ if ( s == NULL ) {
+  roar_err_set(ROAR_ERROR_FAULT);
+  return -1;
+ }
  return s->dir;
 …
  int len = 0;
+ if ( host == NULL )
+  return -1;
+ if ( host == NULL ) {
+  roar_err_set(ROAR_ERROR_FAULT);
+  return -1;
+ }
  ROAR_DBG("roar_stream_connect_to_ask(*): Ask the server to connect to: %s:%i", host, port);
 …
  len = strlen(host);
+ if ( len > 76 )
+  return -1;
+ if ( len > 76 ) {
+  roar_err_set(ROAR_ERROR_NAMETOOLONG);
+  return -1;
+ }
  strncpy(&(m.data[4]), host, len);
 …
  struct roar_message m;
  int confh;
+ if ( con == NULL || s == NULL ) {
+  roar_err_set(ROAR_ERROR_FAULT);
+  return -1;
+ }
+ if ( fh < 0 ) {
+  roar_err_set(ROAR_ERROR_INVAL);
+  return -1;
+ }
  memset(&m,  0, sizeof(m));
 …
  int i;
+ if ( con == NULL || s == NULL ) {
+  roar_err_set(ROAR_ERROR_FAULT);
+  return -1;
+ }
+ if ( client < 0 ) {
+  roar_err_set(ROAR_ERROR_INVAL);
+  return -1;
+ }
  memset(&m,  0, sizeof(m));
 …
  struct roar_message m;
+ if ( con == NULL || s == NULL || data == NULL ) {
+  roar_err_set(ROAR_ERROR_FAULT);
+  return -1;
+ }
  memset(&m,  0, sizeof(m));
 …
  roar_debug_warn_obsolete("roar_stream_send_data", "roar_vio_write", NULL);
+ if ( s == NULL )
+  return -1;
+ if ( s == NULL ) {
+  roar_err_set(ROAR_ERROR_FAULT);
+  return -1;
+ }
  if ( s->fh == -1 ) {
+  if ( con == NULL )
+  if ( con == NULL ) {
+   roar_err_set(ROAR_ERROR_NOTSUP);
    return -1;
+  }
   if ( roar_stream_add_data(con, s, data, len) == -1 )
 …
 #ifdef ROAR_HAVE_IO_POSIX
  return write(s->fh, data, len);
+ return ROAR_NETWORK_WRITE(s->fh, data, len);
 #endif
+ roar_err_set(ROAR_ERROR_NOTSUP);
  return -1;
+}
 …
  uint16_t * data = (uint16_t *) m.data;
  int i;
+ if ( con == NULL || s == NULL || info == NULL ) {
+  roar_err_set(ROAR_ERROR_FAULT);
+  return -1;
+ }
  memset(&m,  0, sizeof(m));
 …
+ }
+ if ( m.datalen < 7*2 )
+  return -1;
+ if ( data[0] != 0 || data[1] != 1 )
+  return -1;
+ if ( m.datalen < 7*2 ) {
+  roar_err_set(ROAR_ERROR_MSGSIZE);
+  return -1;
+ }
+ if ( data[0] != 0 || data[1] != 1 ) {
+  roar_err_set(ROAR_ERROR_NSVERSION);
+  return -1;
+ }
  memset(info, 0, sizeof(struct roar_stream_info));
 …
  uint16_t * data = (uint16_t *) m.data;
+ if ( con == NULL || s == NULL || name == NULL || len == 0 )
+  return -1;
+ if ( con == NULL || s == NULL || name == NULL || len == 0 ) {
+  roar_err_set(ROAR_ERROR_FAULT);
+  return -1;
+ }
  name[0] = 0; // just in case...
 …
  ROAR_DBG("roar_stream_get_name(*) = ?");
+ if ( m.datalen < 4 )
+  return -1;
+ if ( m.datalen < 4 ) {
+  roar_err_set(ROAR_ERROR_MSGSIZE);
+  return -1;
+ }
  data[0] = ROAR_NET2HOST16(data[0]);
 …
  ROAR_DBG("roar_stream_get_name(*) = ?");
+ if ( data[0] != 0 || data[1] != ROAR_STREAM_PARA_NAME )
+  return -1;
+ if ( data[0] != 0 ) {
+  roar_err_set(ROAR_ERROR_NSVERSION);
+  return -1;
+ }
+ if ( data[1] != ROAR_STREAM_PARA_NAME ) {
+  roar_err_set(ROAR_ERROR_TYPEMM);
+  return -1;
+ }
  m.datalen -= 4;
 …
  ROAR_DBG("roar_stream_get_chanmap(con=%p, s=%p, map=%p, len=%p) = ?", con, s, map, len);
+ if ( con == NULL || s == NULL || map == NULL || len == NULL )
+  return -1;
+ if ( *len == 0 )
+  return -1;
+ if ( con == NULL || s == NULL || map == NULL || len == NULL ) {
+  roar_err_set(ROAR_ERROR_FAULT);
+  return -1;
+ }
+ if ( *len == 0 ) {
+  roar_err_set(ROAR_ERROR_INVAL);
+  return -1;
+ }
  memset(&m, 0, sizeof(m));
 …
  ROAR_DBG("roar_stream_get_chanmap(con=%p, s=%p{.id=%i}, map=%p, len=%p) = ?", con, s, s->id, map, len);
+ if ( m.datalen < 4 )
+  return -1;
+ if ( m.datalen < 4 ) {
+  roar_err_set(ROAR_ERROR_MSGSIZE);
+  return -1;
+ }
  data[0] = ROAR_NET2HOST16(data[0]);
 …
  ROAR_DBG("roar_stream_get_chanmap(con=%p, s=%p{.id=%i}, map=%p, len=%p) = ?", con, s, s->id, map, len);
+ if ( data[0] != 0 || data[1] != ROAR_STREAM_PARA_CHANMAP )
+  return -1;
+ if ( data[0] != 0 ) {
+  roar_err_set(ROAR_ERROR_NSVERSION);
+  return -1;
+ }
+ if ( data[1] != ROAR_STREAM_PARA_CHANMAP ) {
+  roar_err_set(ROAR_ERROR_TYPEMM);
+  return -1;
+ }
  ROAR_DBG("roar_stream_get_chanmap(con=%p, s=%p{.id=%i}, map=%p, len=%p) = ?", con, s, s->id, map, len);
 …
  m.datalen -= 4;
+ if ( m.datalen > *len )
+  return -1;
+ if ( m.datalen > *len ) {
+  roar_err_set(ROAR_ERROR_NOMEM);
+  return -1;
+ }
  ROAR_DBG("roar_stream_get_chanmap(con=%p, s=%p{.id=%i}, map=%p, len=%p) = ?", con, s, s->id, map, len);
 …
  uint16_t * data = (uint16_t *) m.data;
+ if ( con == NULL || s == NULL || map == NULL )
+  return -1;
+ if ( len == 0 )
+ if ( con == NULL || s == NULL || map == NULL ) {
+  roar_err_set(ROAR_ERROR_FAULT);
+  return -1;
+ }
+ if ( len == 0 ) {
+  roar_err_set(ROAR_ERROR_INVAL);
   return 0;
+ }
  memset(&m, 0, sizeof(m));
 …
  uint16_t * data = (uint16_t *) m.data;
  int i;
+ if ( con == NULL || s == NULL ) {
+  roar_err_set(ROAR_ERROR_FAULT);
+  return -1;
+ }
  memset(&m,  0, sizeof(m));
 …
  int i;
+ if ( con == NULL || s == NULL ) {
+  roar_err_set(ROAR_ERROR_FAULT);
+  return -1;
+ }
  memset(&m,  0, sizeof(m));
 …
  int i;
+ if ( !(s && m) )
+  return -1;
+ if ( s == NULL || m == NULL ) {
+  roar_err_set(ROAR_ERROR_FAULT);
+  return -1;
+ }
  m->datalen = _ROAR_STREAM_MESSAGE_LEN;
 …
  int i;
+ if ( !(s && m) )
+  return -1;
+ if ( m->datalen != _ROAR_STREAM_MESSAGE_LEN )
+  return -1;
+ if ( s == NULL || m == NULL ) {
+  roar_err_set(ROAR_ERROR_FAULT);
+  return -1;
+ }
+ if ( m->datalen != _ROAR_STREAM_MESSAGE_LEN ) {
+  roar_err_set(ROAR_ERROR_MSGSIZE);
+  return -1;
+ }
  s->pos = m->pos;
 …
   return guess;
- if ( codec == NULL || *codec == 0 )
-  return ROAR_CODEC_DEFAULT;
  for (i = 0; _libroar_codec[i].codec != -1; i++)
   if ( strcasecmp(_libroar_codec[i].name, codec) == 0 )
    return _libroar_codec[i].codec;
+ roar_err_set(ROAR_ERROR_NOENT);
  return -1;
+}
 …
  int i;
+ if ( mime == NULL || *mime == 0 )
+  return -1;
+ if ( mime == NULL ) {
+  roar_err_set(ROAR_ERROR_FAULT);
+  return -1;
+ }
+ if ( *mime == 0 ) {
+  roar_err_set(ROAR_ERROR_INVAL);
+  return -1;
+ }
  for (i = 0; _libroar_codec[i].codec != -1; i++)
 …
     return _libroar_codec[i].codec;
+ roar_err_set(ROAR_ERROR_NOENT);
  return -1;
+}
 …
    return _libroar_codec[i].mime;
+ roar_err_set(ROAR_ERROR_NOENT);
  return NULL;
+}
 …
  if ( ret == 0 && rate[0] != '0' ) {
+  roar_err_set(ROAR_ERROR_NOENT);
   return -1;
+ }
 …
  if ( ret == 0 && bits[0] != '0' ) {
+  roar_err_set(ROAR_ERROR_NOENT);
   return -1;
+ }
 …
  if ( ret == 0 && channels[0] != '0' ) {
+  roar_err_set(ROAR_ERROR_NOENT);
   return -1;
+ }
 …
  int i;
+ roar_err_clear();
  for (i = 0; _libroar_role[i].name != NULL; i++)
   if ( !strcasecmp(_libroar_role[i].name, role) )
    return _libroar_role[i].role;
+ roar_err_set(ROAR_ERROR_NOENT);
  return ROAR_ROLE_UNKNOWN;
+}

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 5145:c1a3ca765154 in roaraudio for libroar/stream.c

Legend:

libroar/stream.c

Download in other formats: