--- mpg123-0.59r/httpget.c.cve-2007-0578	2007-02-02 08:55:00.000000000 -0700
+++ mpg123-0.59r/httpget.c	2007-02-02 09:12:22.000000000 -0700
@@ -53,7 +53,7 @@ void writestring (int fd, char *string)
 	}
 }
 
-void readstring (char *string, int maxlen, FILE *f)
+int readstring (char *string, int maxlen, FILE *f)
 {
 #if 0
 	char *result;
@@ -74,6 +74,8 @@ void readstring (char *string, int maxle
 		}
 	}
 	string[pos] = 0;
+
+	return pos;
 #if 0
 	do {
 		result = fgets(string, maxlen, f);
@@ -197,6 +199,7 @@ int http_open (char *url)
 	unsigned int myport;
 	int sock;
 	int relocate, numrelocs = 0;
+	int ret = 0; /* return value from readstring */
 	struct sockaddr_in server;
 	FILE *myfile;
 
@@ -307,7 +310,23 @@ int http_open (char *url)
 		};
 		relocate = FALSE;
 		purl[0] = '\0';
-		readstring (request, linelength-1, myfile);
+		#define safe_readstring \
+		ret = readstring(request, linelength-1, myfile); \
+		if(ret == linelength-1) \
+		{ \
+			fprintf(stderr, "%s\n", "HTTP response line exceeds max. length"); \
+			close(sock); \
+			sock = -1; \
+			goto exit; \
+		} \
+		else if(ret < 0) \
+		{ \
+			fprintf(stderr, "%s\n", "readstring failed"); \
+			close(sock); \
+			sock = -1; \
+			goto exit; \
+		}
+		safe_readstring;			
 		if ((sptr = strchr(request, ' '))) {
 			switch (sptr[1]) {
 				case '3':
@@ -321,7 +340,7 @@ int http_open (char *url)
 			}
 		}
 		do {
-			readstring (request, linelength-1, myfile);
+			safe_readstring;
 			if (!strncmp(request, "Location:", 9))
 				strncpy (purl, request+10, 1023);
 		} while (request[0] != '\r' && request[0] != '\n');
@@ -330,8 +349,9 @@ int http_open (char *url)
 		fprintf (stderr, "Too many HTTP relocations.\n");
 		exit (1);
 	}
-	free (purl);
-	free (request);
+exit:
+	if(purl != NULL) free(purl);
+	if(request != NULL) free(request);
 
 	return sock;
 }
@@ -349,7 +369,7 @@ void writestring (int fd, char *string)
 {
 }
 
-void readstring (char *string, int maxlen, FILE *f)
+int readstring (char *string, int maxlen, FILE *f)
 {
 }