1 diff -urN cvs-nserver-1.11.1.52.org/src/server.c cvs-nserver-1.11.1.52/src/server.c
2 --- cvs-nserver-1.11.1.52.org/src/server.c 2004-06-11 15:06:44.381011584 +0200
3 +++ cvs-nserver-1.11.1.52/src/server.c 2004-06-11 15:11:06.136218744 +0200
8 - if (error_pending ())
10 + if (error_pending ()) return;
12 if (outside_dir (arg))
14 @@ -1634,7 +1633,16 @@
15 && strlen (arg) == cp - name
16 && strncmp (arg, name, cp - name) == 0)
18 - timefield = strchr (cp + 1, '/') + 1;
19 + if (!(timefield = strchr (cp + 1, '/')) || *++timefield == '\0')
21 + /* We didn't find the record separator or it is followed by
22 + * the end of the string, so just exit.
24 + if (alloc_pending (80))
25 + sprintf (pending_error_text,
26 + "E Malformed Entry encountered.");
29 /* If the time field is not currently empty, then one of
30 * serve_modified, serve_is_modified, & serve_unchanged were
31 * already called for this file. We would like to ignore the
33 /* Have we found this file in "entries" yet. */
36 - if (error_pending ())
38 + if (error_pending ()) return;
40 if (outside_dir (arg))
42 @@ -1697,7 +1704,16 @@
43 && strlen (arg) == cp - name
44 && strncmp (arg, name, cp - name) == 0)
46 - timefield = strchr (cp + 1, '/') + 1;
47 + if (!(timefield = strchr (cp + 1, '/')) || *++timefield == '\0')
49 + /* We didn't find the record separator or it is followed by
50 + * the end of the string, so just exit.
52 + if (alloc_pending (80))
53 + sprintf (pending_error_text,
54 + "E Malformed Entry encountered.");
57 /* If the time field is not currently empty, then one of
58 * serve_modified, serve_is_modified, & serve_unchanged were
59 * already called for this file. We would like to ignore the
60 @@ -1782,8 +1798,30 @@
65 if (error_pending()) return;
66 - p = (struct an_entry *) malloc (sizeof (struct an_entry));
68 + /* Verify that the entry is well-formed. This can avoid problems later.
69 + * At the moment we only check that the Entry contains five slashes in
70 + * approximately the correct locations since some of the code makes
71 + * assumptions about this.
75 + if (*cp == 'D') cp++;
78 + if (!cp || *cp != '/')
80 + if (alloc_pending (80))
81 + sprintf (pending_error_text,
82 + "E protocol error: Malformed Entry");
85 + cp = strchr (cp + 1, '/');
88 + p = (struct an_entry *) xmalloc (sizeof (struct an_entry));
91 pending_error = ENOMEM;