[packages/libxml.git] / libxml-urlbound.patch

--- libxml-1.8.17.orig/nanoftp.c
+++ libxml-1.8.17/nanoftp.c
@@ -65,6 +65,8 @@
 #define FTP_GET_PASSWD		331
 #define FTP_BUF_SIZE		512
 
+#define XML_NANO_MAX_URLBUF	4096
+
 typedef struct xmlNanoFTPCtxt {
     char *protocol;	/* the protocol name */
     char *hostname;	/* the host name */
@@ -203,7 +205,7 @@
 xmlNanoFTPScanURL(void *ctx, const char *URL) {
     xmlNanoFTPCtxtPtr ctxt = (xmlNanoFTPCtxtPtr) ctx;
     const char *cur = URL;
-    char buf[4096];
+    char buf[XML_NANO_MAX_URLBUF];
     int index = 0;
     int port = 0;
 
@@ -221,7 +223,7 @@
     }
     if (URL == NULL) return;
     buf[index] = 0;
-    while (*cur != 0) {
+    while ((*cur != 0) && (index < XML_NANO_MAX_URLBUF - 1)) {
         if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) {
 	    buf[index] = 0;
 	    ctxt->protocol = xmlMemStrdup(buf);
@@ -236,7 +236,7 @@
     if (*cur == 0) return;
 
     buf[index] = 0;
-    while (1) {
+    while (index < (XML_NANO_MAX_URLBUF - 1)) {
         if (cur[0] == ':') {
 	    buf[index] = 0;
 	    ctxt->hostname = xmlMemStrdup(buf);
@@ -263,7 +265,7 @@
     else {
         index = 0;
         buf[index] = 0;
-	while (*cur != 0)
+	while ((*cur != 0) && (index < XML_NANO_MAX_URLBUF-1))
 	    buf[index++] = *cur++;
 	buf[index] = 0;
 	ctxt->path = xmlMemStrdup(buf);
@@ -288,7 +290,7 @@
 xmlNanoFTPUpdateURL(void *ctx, const char *URL) {
     xmlNanoFTPCtxtPtr ctxt = (xmlNanoFTPCtxtPtr) ctx;
     const char *cur = URL;
-    char buf[4096];
+    char buf[XML_NANO_MAX_URLBUF];
     int index = 0;
     int port = 0;
 
@@ -301,7 +303,7 @@
     if (ctxt->hostname == NULL)
 	return(-1);
     buf[index] = 0;
-    while (*cur != 0) {
+    while ((*cur != 0) && (index < XML_NANO_MAX_URLBUF-1)) {
         if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) {
 	    buf[index] = 0;
 	    if (strcmp(ctxt->protocol, buf))
@@ -318,7 +318,7 @@
 	return(-1);
 
     buf[index] = 0;
-    while (1) {
+    while (index < (XML_NANO_MAX_URLBUF - 1)) {
         if (cur[0] == ':') {
 	    buf[index] = 0;
 	    if (strcmp(ctxt->hostname, buf))
@@ -353,7 +355,7 @@
     else {
         index = 0;
         buf[index] = 0;
-	while (*cur != 0)
+	while ((*cur != 0) && (index < XML_NANO_MAX_URLBUF-1))
 	    buf[index++] = *cur++;
 	buf[index] = 0;
 	ctxt->path = xmlMemStrdup(buf);
@@ -374,7 +376,7 @@
 void
 xmlNanoFTPScanProxy(const char *URL) {
     const char *cur = URL;
-    char buf[4096];
+    char buf[XML_NANO_MAX_URLBUF];
     int index = 0;
     int port = 0;
 
@@ -393,7 +395,7 @@
 #endif
     if (URL == NULL) return;
     buf[index] = 0;
-    while (*cur != 0) {
+    while ((*cur != 0) && (index < XML_NANO_MAX_URLBUF-1)) {
         if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) {
 	    buf[index] = 0;
 	    index = 0;
@@ -407,7 +407,7 @@
     if (*cur == 0) return;
 
     buf[index] = 0;
-    while (1) {
+    while (index < (XML_NANO_MAX_URLBUF - 1)) {
         if (cur[0] == ':') {
 	    buf[index] = 0;
 	    proxy = xmlMemStrdup(buf);
--- libxml-1.8.17.orig/nanohttp.c
+++ libxml-1.8.17/nanohttp.c
@@ -161,6 +161,7 @@
     const char *cur = URL;
     char buf[4096];
     int index = 0;
+    const int indexMax = 4096 - 1;
     int port = 0;
 
     if (ctxt->protocol != NULL) { 
@@ -177,7 +178,7 @@
     }
     if (URL == NULL) return;
     buf[index] = 0;
-    while (*cur != 0) {
+    while ((*cur != 0) && (index < indexMax)) {
         if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) {
 	    buf[index] = 0;
 	    ctxt->protocol = xmlMemStrdup(buf);
@@ -191,7 +191,7 @@
     if (*cur == 0) return;
 
     buf[index] = 0;
-    while (1) {
+    while (index < indexMax) {
         if (cur[0] == ':') {
 	    buf[index] = 0;
 	    ctxt->hostname = xmlMemStrdup(buf);
@@ -219,7 +220,7 @@
     else {
         index = 0;
         buf[index] = 0;
-	while (*cur != 0)
+	while ((*cur != 0) && (index < indexMax))
 	    buf[index++] = *cur++;
 	buf[index] = 0;
 	ctxt->path = xmlMemStrdup(buf);
@@ -241,6 +242,7 @@
     const char *cur = URL;
     char buf[4096];
     int index = 0;
+    const int indexMax = 4096 - 1;
     int port = 0;
 
     if (proxy != NULL) { 
@@ -258,7 +260,7 @@
 #endif
     if (URL == NULL) return;
     buf[index] = 0;
-    while (*cur != 0) {
+    while ((*cur != 0) && (index < indexMax)) {
         if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) {
 	    buf[index] = 0;
 	    index = 0;
@@ -272,7 +272,7 @@
     if (*cur == 0) return;
 
     buf[index] = 0;
-    while (1) {
+    while (index < indexMax) {
         if (cur[0] == ':') {
 	    buf[index] = 0;
 	    proxy = xmlMemStrdup(buf);
Commit	Line	Data
d4b7be1d JB	1	--- libxml-1.8.17.orig/nanoftp.c
	2	+++ libxml-1.8.17/nanoftp.c
	3	@@ -65,6 +65,8 @@
	4	#define FTP_GET_PASSWD 331
	5	#define FTP_BUF_SIZE 512
	6
	7	+#define XML_NANO_MAX_URLBUF 4096
	8	+
	9	typedef struct xmlNanoFTPCtxt {
	10	char protocol; / the protocol name */
	11	char hostname; / the host name */
	12	@@ -203,7 +205,7 @@
	13	xmlNanoFTPScanURL(void ctx, const char URL) {
	14	xmlNanoFTPCtxtPtr ctxt = (xmlNanoFTPCtxtPtr) ctx;
	15	const char *cur = URL;
	16	- char buf[4096];
	17	+ char buf[XML_NANO_MAX_URLBUF];
	18	int index = 0;
	19	int port = 0;
	20
	21	@@ -221,7 +223,7 @@
	22	}
	23	if (URL == NULL) return;
	24	buf[index] = 0;
	25	- while (*cur != 0) {
	26	+ while ((*cur != 0) && (index < XML_NANO_MAX_URLBUF - 1)) {
	27	if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) {
	28	buf[index] = 0;
	29	ctxt->protocol = xmlMemStrdup(buf);
e9841eca JB	30	@@ -236,7 +236,7 @@
	31	if (*cur == 0) return;
	32
	33	buf[index] = 0;
	34	- while (1) {
	35	+ while (index < (XML_NANO_MAX_URLBUF - 1)) {
	36	if (cur[0] == ':') {
	37	buf[index] = 0;
	38	ctxt->hostname = xmlMemStrdup(buf);
d4b7be1d JB	39	@@ -263,7 +265,7 @@
	40	else {
	41	index = 0;
	42	buf[index] = 0;
	43	- while (*cur != 0)
	44	+ while ((*cur != 0) && (index < XML_NANO_MAX_URLBUF-1))
	45	buf[index++] = *cur++;
	46	buf[index] = 0;
	47	ctxt->path = xmlMemStrdup(buf);
	48	@@ -288,7 +290,7 @@
	49	xmlNanoFTPUpdateURL(void ctx, const char URL) {
	50	xmlNanoFTPCtxtPtr ctxt = (xmlNanoFTPCtxtPtr) ctx;
	51	const char *cur = URL;
	52	- char buf[4096];
	53	+ char buf[XML_NANO_MAX_URLBUF];
	54	int index = 0;
	55	int port = 0;
	56
	57	@@ -301,7 +303,7 @@
	58	if (ctxt->hostname == NULL)
	59	return(-1);
	60	buf[index] = 0;
	61	- while (*cur != 0) {
	62	+ while ((*cur != 0) && (index < XML_NANO_MAX_URLBUF-1)) {
	63	if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) {
	64	buf[index] = 0;
	65	if (strcmp(ctxt->protocol, buf))
e9841eca JB	66	@@ -318,7 +318,7 @@
	67	return(-1);
	68
	69	buf[index] = 0;
	70	- while (1) {
	71	+ while (index < (XML_NANO_MAX_URLBUF - 1)) {
	72	if (cur[0] == ':') {
	73	buf[index] = 0;
	74	if (strcmp(ctxt->hostname, buf))
d4b7be1d JB	75	@@ -353,7 +355,7 @@
	76	else {
	77	index = 0;
	78	buf[index] = 0;
	79	- while (*cur != 0)
	80	+ while ((*cur != 0) && (index < XML_NANO_MAX_URLBUF-1))
	81	buf[index++] = *cur++;
	82	buf[index] = 0;
	83	ctxt->path = xmlMemStrdup(buf);
	84	@@ -374,7 +376,7 @@
	85	void
	86	xmlNanoFTPScanProxy(const char *URL) {
	87	const char *cur = URL;
	88	- char buf[4096];
	89	+ char buf[XML_NANO_MAX_URLBUF];
	90	int index = 0;
	91	int port = 0;
	92
	93	@@ -393,7 +395,7 @@
	94	#endif
	95	if (URL == NULL) return;
	96	buf[index] = 0;
	97	- while (*cur != 0) {
	98	+ while ((*cur != 0) && (index < XML_NANO_MAX_URLBUF-1)) {
	99	if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) {
	100	buf[index] = 0;
	101	index = 0;
e9841eca JB	102	@@ -407,7 +407,7 @@
	103	if (*cur == 0) return;
	104
	105	buf[index] = 0;
	106	- while (1) {
	107	+ while (index < (XML_NANO_MAX_URLBUF - 1)) {
	108	if (cur[0] == ':') {
	109	buf[index] = 0;
	110	proxy = xmlMemStrdup(buf);
d4b7be1d JB	111	--- libxml-1.8.17.orig/nanohttp.c
	112	+++ libxml-1.8.17/nanohttp.c
	113	@@ -161,6 +161,7 @@
	114	const char *cur = URL;
	115	char buf[4096];
	116	int index = 0;
	117	+ const int indexMax = 4096 - 1;
	118	int port = 0;
	119
	120	if (ctxt->protocol != NULL) {
	121	@@ -177,7 +178,7 @@
	122	}
	123	if (URL == NULL) return;
	124	buf[index] = 0;
	125	- while (*cur != 0) {
	126	+ while ((*cur != 0) && (index < indexMax)) {
	127	if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) {
	128	buf[index] = 0;
	129	ctxt->protocol = xmlMemStrdup(buf);
e9841eca JB	130	@@ -191,7 +191,7 @@
	131	if (*cur == 0) return;
	132
	133	buf[index] = 0;
	134	- while (1) {
	135	+ while (index < indexMax) {
	136	if (cur[0] == ':') {
	137	buf[index] = 0;
	138	ctxt->hostname = xmlMemStrdup(buf);
d4b7be1d JB	139	@@ -219,7 +220,7 @@
	140	else {
	141	index = 0;
	142	buf[index] = 0;
	143	- while (*cur != 0)
	144	+ while ((*cur != 0) && (index < indexMax))
	145	buf[index++] = *cur++;
	146	buf[index] = 0;
	147	ctxt->path = xmlMemStrdup(buf);
	148	@@ -241,6 +242,7 @@
	149	const char *cur = URL;
	150	char buf[4096];
	151	int index = 0;
	152	+ const int indexMax = 4096 - 1;
	153	int port = 0;
	154
	155	if (proxy != NULL) {
	156	@@ -258,7 +260,7 @@
	157	#endif
	158	if (URL == NULL) return;
	159	buf[index] = 0;
	160	- while (*cur != 0) {
	161	+ while ((*cur != 0) && (index < indexMax)) {
	162	if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) {
	163	buf[index] = 0;
	164	index = 0;
e9841eca JB	165	@@ -272,7 +272,7 @@
	166	if (*cur == 0) return;
	167
	168	buf[index] = 0;
	169	- while (1) {
	170	+ while (index < indexMax) {
	171	if (cur[0] == ':') {
	172	buf[index] = 0;
	173	proxy = xmlMemStrdup(buf);