[sword-svn] r2853 - trunk/src/mgr
scribe at crosswire.org
scribe at crosswire.org
Fri Jul 5 18:43:10 MST 2013
Author: scribe
Date: 2013-07-05 18:43:10 -0700 (Fri, 05 Jul 2013)
New Revision: 2853
Modified:
trunk/src/mgr/curlhttpt.cpp
Log:
Fix for buffer overrun in non-standard Apache dir list output. Applied modified patch from Jaak Ristioja <jaak at ristioja.ee>
Modified: trunk/src/mgr/curlhttpt.cpp
===================================================================
--- trunk/src/mgr/curlhttpt.cpp 2013-07-03 18:22:57 UTC (rev 2852)
+++ trunk/src/mgr/curlhttpt.cpp 2013-07-06 01:43:10 UTC (rev 2853)
@@ -209,7 +209,7 @@
SWBuf dirBuf;
const char *pBuf;
char *pBufRes;
- char possibleName[400];
+ SWBuf possibleName;
double fSize;
int possibleNameLength = 0;
@@ -218,10 +218,12 @@
while (pBuf != NULL) {
pBuf += 9;//move to the start of the actual name.
pBufRes = (char *)strchr(pBuf, '\"');//Find the end of the possible file name
+ if (!pBufRes)
+ break;
possibleNameLength = pBufRes - pBuf;
- sprintf(possibleName, "%.*s", possibleNameLength, pBuf);
+ possibleName.setFormatted("%.*s", possibleNameLength, pBuf);
if (isalnum(possibleName[0])) {
- SWLog::getSystemLog()->logDebug("getDirListHTTP: Found a file: %s", possibleName);
+ SWLog::getSystemLog()->logDebug("getDirListHTTP: Found a file: %s", possibleName.c_str());
pBuf = pBufRes;
pBufRes = (char *)findSizeStart(pBuf);
fSize = 0;
@@ -232,13 +234,13 @@
fSize *= 1024;
else if (pBufRes[0] == 'M')
fSize *= 1048576;
+ pBuf = pBufRes;
}
struct DirEntry i;
i.name = possibleName;
i.size = (long unsigned int)fSize;
- i.isDirectory = (possibleName[possibleNameLength-1] == '/');
+ i.isDirectory = possibleName.endsWith("/");
dirList.push_back(i);
- pBuf = pBufRes;
} else {
pBuf += possibleNameLength;
}
More information about the sword-cvs
mailing list