Description: This fixes a crash (NULL reference) in case URL Auth is used
             and stream_auth is trigged with no credentials passed by the client.
             Username and password is now set to empty strings and transmited to
             the backend server this way.

Source: http://git.xiph.org/?p=icecast-server.git;a=commitdiff;h=27abfbbd688df3e3077b535997330aa06603250f
CVE: CVE-2015-3026

Index: icecast2-2.3.3/src/auth_url.c
===================================================================
--- icecast2-2.3.3.orig/src/auth_url.c
+++ icecast2-2.3.3/src/auth_url.c
@@ -485,10 +485,20 @@ static void url_stream_auth (auth_client
     host = util_url_escape (config->hostname);
     port = config->port;
     config_release_config ();
-    user = util_url_escape (client->username);
-    pass = util_url_escape (client->password);
     ipaddr = util_url_escape (client->con->ip);
 
+    if (client->username) {
+        user = util_url_escape(client->username);
+    } else {
+        user = strdup("");
+    }
+
+    if (client->password) {
+        pass = util_url_escape(client->password);
+    } else {
+        pass = strdup("");
+    }
+
     snprintf (post, sizeof (post),
             "action=stream_auth&mount=%s&ip=%s&server=%s&port=%d&user=%s&pass=%s%s",
             mount, ipaddr, host, port, user, pass, admin);
