]>
Commit | Line | Data |
---|---|---|
d4b7be1d JB |
1 | --- libxml-1.8.17.orig/nanoftp.c |
2 | +++ libxml-1.8.17/nanoftp.c | |
3 | @@ -65,6 +65,8 @@ | |
4 | #define FTP_GET_PASSWD 331 | |
5 | #define FTP_BUF_SIZE 512 | |
6 | ||
7 | +#define XML_NANO_MAX_URLBUF 4096 | |
8 | + | |
9 | typedef struct xmlNanoFTPCtxt { | |
10 | char *protocol; /* the protocol name */ | |
11 | char *hostname; /* the host name */ | |
12 | @@ -203,7 +205,7 @@ | |
13 | xmlNanoFTPScanURL(void *ctx, const char *URL) { | |
14 | xmlNanoFTPCtxtPtr ctxt = (xmlNanoFTPCtxtPtr) ctx; | |
15 | const char *cur = URL; | |
16 | - char buf[4096]; | |
17 | + char buf[XML_NANO_MAX_URLBUF]; | |
18 | int index = 0; | |
19 | int port = 0; | |
20 | ||
21 | @@ -221,7 +223,7 @@ | |
22 | } | |
23 | if (URL == NULL) return; | |
24 | buf[index] = 0; | |
25 | - while (*cur != 0) { | |
26 | + while ((*cur != 0) && (index < XML_NANO_MAX_URLBUF - 1)) { | |
27 | if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) { | |
28 | buf[index] = 0; | |
29 | ctxt->protocol = xmlMemStrdup(buf); | |
e9841eca JB |
30 | @@ -236,7 +236,7 @@ |
31 | if (*cur == 0) return; | |
32 | ||
33 | buf[index] = 0; | |
34 | - while (1) { | |
35 | + while (index < (XML_NANO_MAX_URLBUF - 1)) { | |
36 | if (cur[0] == ':') { | |
37 | buf[index] = 0; | |
38 | ctxt->hostname = xmlMemStrdup(buf); | |
d4b7be1d JB |
39 | @@ -263,7 +265,7 @@ |
40 | else { | |
41 | index = 0; | |
42 | buf[index] = 0; | |
43 | - while (*cur != 0) | |
44 | + while ((*cur != 0) && (index < XML_NANO_MAX_URLBUF-1)) | |
45 | buf[index++] = *cur++; | |
46 | buf[index] = 0; | |
47 | ctxt->path = xmlMemStrdup(buf); | |
48 | @@ -288,7 +290,7 @@ | |
49 | xmlNanoFTPUpdateURL(void *ctx, const char *URL) { | |
50 | xmlNanoFTPCtxtPtr ctxt = (xmlNanoFTPCtxtPtr) ctx; | |
51 | const char *cur = URL; | |
52 | - char buf[4096]; | |
53 | + char buf[XML_NANO_MAX_URLBUF]; | |
54 | int index = 0; | |
55 | int port = 0; | |
56 | ||
57 | @@ -301,7 +303,7 @@ | |
58 | if (ctxt->hostname == NULL) | |
59 | return(-1); | |
60 | buf[index] = 0; | |
61 | - while (*cur != 0) { | |
62 | + while ((*cur != 0) && (index < XML_NANO_MAX_URLBUF-1)) { | |
63 | if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) { | |
64 | buf[index] = 0; | |
65 | if (strcmp(ctxt->protocol, buf)) | |
e9841eca JB |
66 | @@ -318,7 +318,7 @@ |
67 | return(-1); | |
68 | ||
69 | buf[index] = 0; | |
70 | - while (1) { | |
71 | + while (index < (XML_NANO_MAX_URLBUF - 1)) { | |
72 | if (cur[0] == ':') { | |
73 | buf[index] = 0; | |
74 | if (strcmp(ctxt->hostname, buf)) | |
d4b7be1d JB |
75 | @@ -353,7 +355,7 @@ |
76 | else { | |
77 | index = 0; | |
78 | buf[index] = 0; | |
79 | - while (*cur != 0) | |
80 | + while ((*cur != 0) && (index < XML_NANO_MAX_URLBUF-1)) | |
81 | buf[index++] = *cur++; | |
82 | buf[index] = 0; | |
83 | ctxt->path = xmlMemStrdup(buf); | |
84 | @@ -374,7 +376,7 @@ | |
85 | void | |
86 | xmlNanoFTPScanProxy(const char *URL) { | |
87 | const char *cur = URL; | |
88 | - char buf[4096]; | |
89 | + char buf[XML_NANO_MAX_URLBUF]; | |
90 | int index = 0; | |
91 | int port = 0; | |
92 | ||
93 | @@ -393,7 +395,7 @@ | |
94 | #endif | |
95 | if (URL == NULL) return; | |
96 | buf[index] = 0; | |
97 | - while (*cur != 0) { | |
98 | + while ((*cur != 0) && (index < XML_NANO_MAX_URLBUF-1)) { | |
99 | if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) { | |
100 | buf[index] = 0; | |
101 | index = 0; | |
e9841eca JB |
102 | @@ -407,7 +407,7 @@ |
103 | if (*cur == 0) return; | |
104 | ||
105 | buf[index] = 0; | |
106 | - while (1) { | |
107 | + while (index < (XML_NANO_MAX_URLBUF - 1)) { | |
108 | if (cur[0] == ':') { | |
109 | buf[index] = 0; | |
110 | proxy = xmlMemStrdup(buf); | |
d4b7be1d JB |
111 | --- libxml-1.8.17.orig/nanohttp.c |
112 | +++ libxml-1.8.17/nanohttp.c | |
113 | @@ -161,6 +161,7 @@ | |
114 | const char *cur = URL; | |
115 | char buf[4096]; | |
116 | int index = 0; | |
117 | + const int indexMax = 4096 - 1; | |
118 | int port = 0; | |
119 | ||
120 | if (ctxt->protocol != NULL) { | |
121 | @@ -177,7 +178,7 @@ | |
122 | } | |
123 | if (URL == NULL) return; | |
124 | buf[index] = 0; | |
125 | - while (*cur != 0) { | |
126 | + while ((*cur != 0) && (index < indexMax)) { | |
127 | if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) { | |
128 | buf[index] = 0; | |
129 | ctxt->protocol = xmlMemStrdup(buf); | |
e9841eca JB |
130 | @@ -191,7 +191,7 @@ |
131 | if (*cur == 0) return; | |
132 | ||
133 | buf[index] = 0; | |
134 | - while (1) { | |
135 | + while (index < indexMax) { | |
136 | if (cur[0] == ':') { | |
137 | buf[index] = 0; | |
138 | ctxt->hostname = xmlMemStrdup(buf); | |
d4b7be1d JB |
139 | @@ -219,7 +220,7 @@ |
140 | else { | |
141 | index = 0; | |
142 | buf[index] = 0; | |
143 | - while (*cur != 0) | |
144 | + while ((*cur != 0) && (index < indexMax)) | |
145 | buf[index++] = *cur++; | |
146 | buf[index] = 0; | |
147 | ctxt->path = xmlMemStrdup(buf); | |
148 | @@ -241,6 +242,7 @@ | |
149 | const char *cur = URL; | |
150 | char buf[4096]; | |
151 | int index = 0; | |
152 | + const int indexMax = 4096 - 1; | |
153 | int port = 0; | |
154 | ||
155 | if (proxy != NULL) { | |
156 | @@ -258,7 +260,7 @@ | |
157 | #endif | |
158 | if (URL == NULL) return; | |
159 | buf[index] = 0; | |
160 | - while (*cur != 0) { | |
161 | + while ((*cur != 0) && (index < indexMax)) { | |
162 | if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) { | |
163 | buf[index] = 0; | |
164 | index = 0; | |
e9841eca JB |
165 | @@ -272,7 +272,7 @@ |
166 | if (*cur == 0) return; | |
167 | ||
168 | buf[index] = 0; | |
169 | - while (1) { | |
170 | + while (index < indexMax) { | |
171 | if (cur[0] == ':') { | |
172 | buf[index] = 0; | |
173 | proxy = xmlMemStrdup(buf); |