--- mpg123-0.60/src/httpget.c.cve-2007-0578 2006-08-21 06:54:31.000000000 -0600 +++ mpg123-0.60/src/httpget.c 2007-02-02 08:10:48.000000000 -0700 @@ -244,6 +244,7 @@ int http_open (char* url, char** content unsigned int myport = 0; int sock; int relocate, numrelocs = 0; + int ret = 0; /* return value from readstring */ struct sockaddr_in server; FILE *myfile; /* @@ -541,13 +542,23 @@ int http_open (char* url, char** content } relocate = FALSE; purl[0] = '\0'; - if (readstring (response, linelength-1, myfile) - == linelength-1) { - fprintf(stderr, "Command exceeds max. length\n"); - close(sock); - sock = -1; - goto exit; + #define safe_readstring \ + ret = readstring(response, linelength-1, myfile); \ + if(ret == linelength-1) \ + { \ + error("HTTP response line exceeds max. length"); \ + close(sock); \ + sock = -1; \ + goto exit; \ + } \ + else if(ret < 0) \ + { \ + error("readstring failed"); \ + close(sock); \ + sock = -1; \ + goto exit; \ } + safe_readstring; debug1("<response>\n%s</response>",response); if ((sptr = strchr(response, ' '))) { switch (sptr[1]) { @@ -565,13 +576,7 @@ int http_open (char* url, char** content } } do { - if (readstring (response, linelength-1, myfile) - == linelength-1) { - fprintf(stderr, "URL exceeds max. length\n"); - close(sock); - sock = -1; - goto exit; - } + safe_readstring; if (!strncmp(response, "Location: ", 10)) { size_t needed_length;