--- xine-lib-1.1.0/src/input/input_http.c.cve-2006-2802 2005-05-21 10:16:35.000000000 -0600 +++ xine-lib-1.1.0/src/input/input_http.c 2006-06-14 04:43:30.313356033 -0600 @@ -895,6 +895,12 @@ static int http_plugin_open (input_plugi len = 0; } else len ++; + if ( len >= buflen ) { + _x_message(this->stream, XINE_MSG_PERMISSION_ERROR, this->mrl, NULL); + xine_log (this->stream->xine, XINE_LOG_MSG, + _("input_http: buffer exahuested after %d bytes."), buflen); + return 0; + } } lprintf ("end of headers\n");