diff options
| author | Xavier Roche <xroche@users.noreply.github.com> | 2014-05-17 12:31:37 +0000 |
|---|---|---|
| committer | Xavier Roche <xroche@users.noreply.github.com> | 2014-05-17 12:31:37 +0000 |
| commit | ac779cb6a082fe524e80054328b5463575ba7502 (patch) | |
| tree | 79ffb16c04e330142f7e79f64072552afa030635 | |
| parent | 0073d3ad05229317e093cbb3d8e4bafd7b6a6e1b (diff) | |
Fixed potentiel overrun if the user injects a buggy user-defined structure with a non-terminated %[]
| -rw-r--r-- | src/htsname.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/src/htsname.c b/src/htsname.c index 1a3ee47..892324e 100644 --- a/src/htsname.c +++ b/src/htsname.c @@ -812,7 +812,7 @@ int url_savename(char *adr_complete, char *fil_complete, char *save, name[pos][0] = '\0'; } pos = 0; - while(*a != ']') { + while(*a != '\0' && *a != ']') { if (pos < 5) { if (*a == ':') { // next token c = name[++pos]; @@ -823,7 +823,9 @@ int url_savename(char *adr_complete, char *fil_complete, char *save, } } } - a++; + if (*a == ']') { + a++; + } strcatbuff(name[0], "="); /* param=.. */ c = strchr(fil_complete, '?'); /* parameters exists */ |