avformat/icecast: reject CR/LF in metadata header values
authorFranciszek Kalinowski <franek.kalinowski@isec.pl>
Tue, 19 May 2026 07:43:54 +0000 (09:43 +0200)
committerMichael Niedermayer <michael@niedermayer.cc>
Thu, 18 Jun 2026 02:03:04 +0000 (04:03 +0200)
Reported by Franciszek Kalinowski (isec.pl / striga.ai) and Bartosz Smigielski.

(cherry picked from commit 99e1ecca36455689c0c417a02ca36cd5b6e2346d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
libavformat/icecast.c

index 3146d7f38426679b9cdb23ece1aca03536c44d0b..323d330e422955089abfe859e0bf5e5d1cb20d22 100644 (file)
@@ -70,8 +70,14 @@ static const AVOption options[] = {
 
 static void cat_header(AVBPrint *bp, const char key[], const char value[])
 {
-    if (NOT_EMPTY(value))
+    if (NOT_EMPTY(value)) {
+        if (strpbrk(value, "\r\n")) {
+            av_log(NULL, AV_LOG_ERROR,
+                   "Refusing to send '%s' header: value contains CR/LF\n", key);
+            return;
+        }
         av_bprintf(bp, "%s: %s\r\n", key, value);
+    }
 }
 
 static int icecast_close(URLContext *h)