On Sat Sep 27, 2003 at 07:07:55PM +0200, Götz Waschk wrote: > > I just read this on the mplayer site, there's a security hole in almost all > > recent versions of mplayer. A fix-release 0.92 has been made to fix this... > > http://www.mplayerhq.hu/homepage/design6/news.html > > Attached is the diff against the 0.91 version.
This is all that is required to fix the problem?
> --- MPlayer-0.91/libmpdemux/asf_streaming.c 2003-01-06 17:42:20.000000000 +0100
> +++ MPlayer-0.92/libmpdemux/asf_streaming.c 2003-09-25 12:29:59.000000000 +0200
> @@ -495,11 +495,11 @@
> return NULL;
> }
> http_set_uri( http_hdr, server_url->url );
> - sprintf( str, "Host: %s:%d", server_url->hostname, server_url->port );
> + sprintf( str, "Host: %.220s:%d", server_url->hostname,
> server_url->port );
> url_free( server_url );
> } else {
> http_set_uri( http_hdr, url->file );
> - sprintf( str, "Host: %s:%d", url->hostname, url->port );
> + sprintf( str, "Host: %.220s:%d", url->hostname, url->port );
> }
>
> http_set_field( http_hdr, str );
--
MandrakeSoft Security; http://www.mandrakesecure.net/
Online Security Resource Book; http://linsec.ca/
"lynx -source http://linsec.ca/vdanen.asc | gpg --import"
{FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
pgp00000.pgp
Description: PGP signature
