Commit 37704356 authored by Igor Zlatkovic's avatar Igor Zlatkovic

fixed buffer overflow reported by Yuuich Teranishi

parent b3377955
Mon Feb 9 15:31:24 CET 2004 Igor Zlatkovic <igor@zlatkovic.com>
* nanohttp.c: fixed buffer overflow reported by Yuuichi Teranishi
Mon Feb 9 13:45:59 CET 2004 Daniel Veillard <daniel@veillard.com>
* xpath.c: small patch from Philip Ludlam to avoid warnings.
......
......@@ -288,7 +288,7 @@ xmlNanoHTTPScanURL(xmlNanoHTTPCtxtPtr ctxt, const char *URL) {
}
if (URL == NULL) return;
buf[indx] = 0;
while (*cur != 0) {
while ((*cur != 0) && (indx < 4096)) {
if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) {
buf[indx] = 0;
ctxt->protocol = xmlMemStrdup(buf);
......@@ -301,7 +301,7 @@ xmlNanoHTTPScanURL(xmlNanoHTTPCtxtPtr ctxt, const char *URL) {
if (*cur == 0) return;
buf[indx] = 0;
while (1) {
while (indx < 4096) {
if ((strchr (cur, '[') && !strchr (cur, ']')) ||
(!strchr (cur, '[') && strchr (cur, ']'))) {
__xmlIOErr(XML_FROM_HTTP, XML_HTTP_URL_SYNTAX,
......@@ -311,7 +311,7 @@ xmlNanoHTTPScanURL(xmlNanoHTTPCtxtPtr ctxt, const char *URL) {
if (cur[0] == '[') {
cur++;
while (cur[0] != ']')
while ((cur[0] != ']') && (indx < 4096))
buf[indx++] = *cur++;
if (!strchr (buf, ':')) {
......@@ -368,7 +368,7 @@ xmlNanoHTTPScanURL(xmlNanoHTTPCtxtPtr ctxt, const char *URL) {
else {
indx = 0;
buf[indx] = 0;
while (*cur != 0)
while ((*cur != 0) && (indx < 4096))
buf[indx++] = *cur++;
buf[indx] = 0;
ctxt->path = xmlMemStrdup(buf);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment