Return Styles: Pseud0ch, Terminal, Valhalla, NES, Geocities, Blue Moon.

Pages: 1-

fixing the icecast unicode bug

Name: Anonymous 2010-07-09 23:17

Icecast has an issue in how it parses http queries containing unicode. The query is escaped twice, so instead of having appear as it's converted to あ.

I am very new to sepples, but I need this patched within 4 days from now, and seeing how the icecast forums won't let me register I have decided to try fixing it myself.

const char *httpp_get_query_param(http_parser_t *parser, const char *name)
{
    http_var_t var;
    http_var_t *found;
    void *fp;

    fp = &found;
    var.name = (char *)name;
    var.value = NULL;

    if (avl_get_by_key(parser->queryvars, (void *)&var, fp) == 0)
        //return found->value;
       
        // ED PRETENDING HE KNOWS SEPPLES
        int durr = 0;
        char* derp, hurr;
        derp = found->value;
        for (int a = 0; derp[a]!=0; a++) {
            hurr[durr] = derp[a];
            if (derp[a+0]=='&' &&
                derp[a+1]=='a' &&
                derp[a+1]=='m' &&
                derp[a+1]=='p' &&
                derp[a+1]==';' &&
                derp[a+1]=='#') {
                a += 4;
            }
            durr++;
        }
        return hurr;
        // END OF PATCH
    else
        return NULL;
}

My question to you, dear /prog/riders, is whether this is completely pantsu-on-head retarded bullshit or if it'll actually work. I can't compile anything right now, so I'll let you be my interpreter.

Name: Anonymous 2010-07-09 23:25

Well of course it's retarded. The problem is in the parser, not the get function.

I realize that you're just trying to temporarily patch something but that's not what real programmers do. Real programmers, when they find themselves pissed off about a problem like this, go and fix it themselves.

Name: ed 2010-07-09 23:31

LOL I LOVE SUCKING DICK LOLOL

Name: Anonymous 2010-07-09 23:37

You missed some brakets there in that if, the comparison is broken and will never work since you're checking if something has different values at the same time, pointer variables don't work that way ( char *derp, *hurr; would be correct), and there's probably some other nonsense in there that I can't know of without looking at icecast sources, which I can't be bothered to do.

Name: Anonymous 2010-07-10 1:03

>>1
I have a much better solution for you: Speak English

Name: Anonymous 2010-07-10 1:05

>>4
You missed the bit where the entire changes can be replaced with a call to strstr().

Name: Anonymous 2010-07-10 1:07

>>3
The Standard Editor, is that really you?

Name: Anonymous 2010-07-10 5:44

derp[a+1]
derp[a+1]
derp[a+1]
derp[a+1]
derp[a+1]
Um... no. Also not all Unicode escapes are 4 chars long.

Name: Anonymous 2010-07-10 9:34

First of all, what I'm actually trying to do is replacing all instances of "&#" with "&#".

>>6
Thanks for telling me that my code is overly verbose and not really fit for the job; I already knew that.

>>7
I'm just Edward. Sorry if I disappointed you.

>>8
Well shit, that was supposed to be a+0, a+1, a+2, a+3... I know that unicorn escapes vary in length, I just want to skip each "amp;".

Name: Anonymous 2010-07-10 9:37

>>2,4
Thanks for your help anyhow. I wish I had the skills and time to do a proper job, 2-san.

Name: Anonymous 2010-07-10 10:11

Why don't you patch it to not escape twice?

Name: HARMONY 2010-07-10 11:31

>>9
YOU CAN'T ESCAPE THE UNICORNS

Name: Anonymous 2010-07-10 11:50

>>12
No lie this is the best post on the front page right now.

Name: Anonymous 2010-07-10 12:24

>>13
That is depressingly easy to believe. Okay, it is kinda funny.

Name: Anonymous 2010-07-10 14:46

char* derp, hurr;
hurr[durr] = derp[a];

Hurr, derp indeed.

Name: Anonymous 2010-07-10 17:12

The check for &# that you've written will never pass, and you need to encase the shit you've written in brackets.  It will not do what you want it to.

Name: Anonymous 2010-07-10 17:24

>>16
Maybe if you read more than just the first post, you'd actually have something to contribute to the thread.

Name: Anonymous 2010-07-10 17:37

>>17
Thanks for that, friend.

Name: Anonymous 2010-07-13 21:19

BREAKING NEWS!

Turns out the error isn't in the parser at all. It's somewhere else in the code. The plot thickens.

After fumbling about for a while, it turns out that it all comes down to commenting out the following two lines in format_mp3.c:

    //value = util_conv_string (in_value, charset, plugin->charset);
    //if (value == NULL)
        value = strdup (in_value);

The only thing remaining is to add a charset=UTF8 header to websites, but anyone should be able to figure that out.

Name: Anonymous 2010-07-13 22:32

Open Source QUALITY

Name: Anonymous 2010-07-14 2:12

>>19
I don't know shit and haven't seen the rest of the code, but this looks like an XSS coming.

Name: Anonymous 2010-07-14 2:13

>>21
What the fuck. I meant an exploit, not XSS.

Name: FrozenVoid 2010-07-14 3:15

>>21
Resigian slip.


__________________
Orbis terrarum delenda est

Name: Anonymous 2010-07-14 22:10

http://code.google.com/p/foorunes/

With this, we may consider this thread finished.
Thanks for inspiring me to code better.

Name: Anonymous 2011-02-03 4:08

Name: Anonymous 2011-02-04 14:48

Name: Anonymous 2011-02-04 18:32

Name: !L33tUKZj5I 2013-12-08 4:11

Icecast is wodnerful, but they really need to fix handling of song names. Example.

Now playing: ÿþN - ÿþT

Now playing what? alluh akbar?

Name: Anonymous 2013-12-09 13:37

it will work and compile just fine but you should make a dictionary with all the keys and values, putting everything in a for-loop will take up so much memory
Don't change these.
Name: Email:
Entire Thread Thread List
All trademarks and copyrights on this site are owned by their respective parties. All comments and posts are the responsibility of their own posters.
- Tinychan + 2ch Mode -