]>
Commit | Line | Data |
---|---|---|
1 | diff -urN cvs-nserver-1.11.1.52.org/src/server.c cvs-nserver-1.11.1.52/src/server.c | |
2 | --- cvs-nserver-1.11.1.52.org/src/server.c 2004-06-11 15:06:44.381011584 +0200 | |
3 | +++ cvs-nserver-1.11.1.52/src/server.c 2004-06-11 15:11:06.136218744 +0200 | |
4 | @@ -1619,8 +1619,7 @@ | |
5 | char *cp; | |
6 | char *timefield; | |
7 | ||
8 | - if (error_pending ()) | |
9 | - return; | |
10 | + if (error_pending ()) return; | |
11 | ||
12 | if (outside_dir (arg)) | |
13 | return; | |
14 | @@ -1634,7 +1633,16 @@ | |
15 | && strlen (arg) == cp - name | |
16 | && strncmp (arg, name, cp - name) == 0) | |
17 | { | |
18 | - timefield = strchr (cp + 1, '/') + 1; | |
19 | + if (!(timefield = strchr (cp + 1, '/')) || *++timefield == '\0') | |
20 | + { | |
21 | + /* We didn't find the record separator or it is followed by | |
22 | + * the end of the string, so just exit. | |
23 | + */ | |
24 | + if (alloc_pending (80)) | |
25 | + sprintf (pending_error_text, | |
26 | + "E Malformed Entry encountered."); | |
27 | + return; | |
28 | + } | |
29 | /* If the time field is not currently empty, then one of | |
30 | * serve_modified, serve_is_modified, & serve_unchanged were | |
31 | * already called for this file. We would like to ignore the | |
32 | @@ -1681,8 +1689,7 @@ | |
33 | /* Have we found this file in "entries" yet. */ | |
34 | int found; | |
35 | ||
36 | - if (error_pending ()) | |
37 | - return; | |
38 | + if (error_pending ()) return; | |
39 | ||
40 | if (outside_dir (arg)) | |
41 | return; | |
42 | @@ -1697,7 +1704,16 @@ | |
43 | && strlen (arg) == cp - name | |
44 | && strncmp (arg, name, cp - name) == 0) | |
45 | { | |
46 | - timefield = strchr (cp + 1, '/') + 1; | |
47 | + if (!(timefield = strchr (cp + 1, '/')) || *++timefield == '\0') | |
48 | + { | |
49 | + /* We didn't find the record separator or it is followed by | |
50 | + * the end of the string, so just exit. | |
51 | + */ | |
52 | + if (alloc_pending (80)) | |
53 | + sprintf (pending_error_text, | |
54 | + "E Malformed Entry encountered."); | |
55 | + return; | |
56 | + } | |
57 | /* If the time field is not currently empty, then one of | |
58 | * serve_modified, serve_is_modified, & serve_unchanged were | |
59 | * already called for this file. We would like to ignore the | |
60 | @@ -1782,8 +1798,30 @@ | |
61 | { | |
62 | struct an_entry *p; | |
63 | char *cp; | |
64 | + int i = 0; | |
65 | if (error_pending()) return; | |
66 | - p = (struct an_entry *) malloc (sizeof (struct an_entry)); | |
67 | + | |
68 | + /* Verify that the entry is well-formed. This can avoid problems later. | |
69 | + * At the moment we only check that the Entry contains five slashes in | |
70 | + * approximately the correct locations since some of the code makes | |
71 | + * assumptions about this. | |
72 | + */ | |
73 | + | |
74 | + cp = arg; | |
75 | + if (*cp == 'D') cp++; | |
76 | + while (i++ < 5) | |
77 | + { | |
78 | + if (!cp || *cp != '/') | |
79 | + { | |
80 | + if (alloc_pending (80)) | |
81 | + sprintf (pending_error_text, | |
82 | + "E protocol error: Malformed Entry"); | |
83 | + return; | |
84 | + } | |
85 | + cp = strchr (cp + 1, '/'); | |
86 | + } | |
87 | + | |
88 | + p = (struct an_entry *) xmalloc (sizeof (struct an_entry)); | |
89 | if (p == NULL) | |
90 | { | |
91 | pending_error = ENOMEM; |