From ac779cb6a082fe524e80054328b5463575ba7502 Mon Sep 17 00:00:00 2001
From: Xavier Roche <xroche@users.noreply.github.com>
Date: Sat, 17 May 2014 12:31:37 +0000
Subject: Fixed potentiel overrun if the user injects a buggy user-defined
 structure with a non-terminated %[]

---
 src/htsname.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/htsname.c b/src/htsname.c
index 1a3ee47..892324e 100644
--- a/src/htsname.c
+++ b/src/htsname.c
@@ -812,7 +812,7 @@ int url_savename(char *adr_complete, char *fil_complete, char *save,
               name[pos][0] = '\0';
             }
             pos = 0;
-            while(*a != ']') {
+            while(*a != '\0' && *a != ']') {
               if (pos < 5) {
                 if (*a == ':') {        // next token
                   c = name[++pos];
@@ -823,7 +823,9 @@ int url_savename(char *adr_complete, char *fil_complete, char *save,
                 }
               }
             }
-            a++;
+            if (*a == ']') {
+              a++;
+            }
             strcatbuff(name[0], "=");   /* param=.. */
             c = strchr(fil_complete, '?');
             /* parameters exists */
-- 
cgit v1.2.3