Description: Icecast before 2.4.1 transmits the output of the on-connect script, which
             might allow remote attackers to obtain sensitive information, related to
             shared file descriptors.
Source: http://bugs.debian.org/770222
Bug: http://bugs.debian.org/770222
CVE: CVE-2014-9018

Index: icecast2-2.3.3/src/source.c
===================================================================
--- icecast2-2.3.3.orig/src/source.c
+++ icecast2-2.3.3/src/source.c
@@ -33,6 +33,12 @@
 #define snprintf _snprintf
 #endif
 
+#ifndef _WIN32
+/* for __setup_empty_script_environment() */
+#include <sys/stat.h>
+#include <fcntl.h>
+#endif
+
 #include "thread/thread.h"
 #include "avl/avl.h"
 #include "httpp/httpp.h"
@@ -1277,6 +1283,34 @@ void source_client_callback (client_t *c
 
 
 #ifndef _WIN32
+/* this sets up the new environment for script execution.
+ * We ignore most failtures as we can not handle them anyway.
+ */
+static inline void __setup_empty_script_environment(void) {
+    int i;
+
+    /* close at least the first 1024 handles */
+    for (i = 0; i < 1024; i++)
+        close(i);
+
+    /* open null device */
+    i = open("/dev/null", O_RDWR);
+    if (i != -1) {
+        /* attach null device to stdin, stdout and stderr */
+        if (i != 0)
+            dup2(i, 0);
+        if (i != 1)
+            dup2(i, 1);
+        if (i != 2)
+            dup2(i, 2);
+
+        /* close null device */
+        if (i > 2)
+            close(i);
+    }
+}
+#endif
+
 static void source_run_script (char *command, char *mountpoint)
 {
     pid_t pid, external_pid;
@@ -1292,10 +1326,15 @@ static void source_run_script (char *com
                     ERROR2 ("Unable to fork %s (%s)", command, strerror (errno));
                     break;
                 case 0:  /* child */
+                    if (access(command, R_OK|X_OK) != 0) {
+                        ERROR2 ("Unable to run command %s (%s)", command, strerror(errno));
+                        exit(1);
+                    }
                     DEBUG1 ("Starting command %s", command);
-                    execl (command, command, mountpoint, (char *)NULL);
-                    ERROR2 ("Unable to run command %s (%s)", command, strerror (errno));
-                    exit(0);
+                    __setup_empty_script_environment();
+                    /* consider to add action here as well */
+                    execl(command, command, mountpoint, (char *)NULL);
+                    exit(1);
                 default: /* parent */
                     break;
             }
@@ -1308,8 +1347,6 @@ static void source_run_script (char *com
             break;
     }
 }
-#endif
-
 
 static void *source_fallback_file (void *arg)
 {
