From 3e347fd3e8e7e20afc562268f27fd3c2b79f4d0e Mon Sep 17 00:00:00 2001
From: Bastien Nocera <hadess@hadess.net>
Date: Tue, 29 Oct 2013 11:37:15 +0100
Subject: [PATCH 2/3] Avoid OOB read with buggy servers

If the server doesn't start the Content-Range field with "bytes="
we would have an out-of-bounds read trying to parse the content
of that field. Fall back to a 0 offset when a parsing error occurs.

See https://bugzilla.redhat.com/show_bug.cgi?id=1024020

https://bugzilla.gnome.org/show_bug.cgi?id=711063
---
 libdmapsharing/daap-share.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/libdmapsharing/daap-share.c b/libdmapsharing/daap-share.c
index 66cdfe6..e182055 100644
--- a/libdmapsharing/daap-share.c
+++ b/libdmapsharing/daap-share.c
@@ -922,8 +922,13 @@ databases_items_xxx (DMAPShare * share,
 		const gchar *s;
 		gchar *content_range;
 
-		s = range_header + strlen ("bytes=");	/* bytes= */
-		offset = atoll (s);
+		if (!g_ascii_strncasecmp (range_header, "bytes=", strlen("bytes="))) {
+			/* Not starting with "bytes=" ? */
+			offset = 0;
+		} else {
+			s = range_header + strlen ("bytes=");	/* bytes= */
+			offset = atoll (s);
+		}
 
 		content_range =
 			g_strdup_printf ("bytes %" G_GUINT64_FORMAT "-%"
-- 
1.8.3.1