freebsd-ports/textproc/libxml/files/patch-nanohttp.c
Joe Marcus Clarke 85a0e5f5b1 Backport patch from libxml2-2.6.15 to fix buffer overflows [nanoftp.c,
nanohttp.c, CAN-2004-0989]

Obtained from:	Debian Woody libxml source RPM
Reported by:	simon
2004-11-10 20:22:41 +00:00

45 lines
1.2 KiB
C

--- nanohttp.c.orig Wed Nov 10 15:15:05 2004
+++ nanohttp.c Wed Nov 10 15:16:44 2004
@@ -161,6 +161,7 @@
const char *cur = URL;
char buf[4096];
int index = 0;
+ const int indexMax = 4096 - 1;
int port = 0;
if (ctxt->protocol != NULL) {
@@ -177,7 +178,7 @@
}
if (URL == NULL) return;
buf[index] = 0;
- while (*cur != 0) {
+ while ((*cur != 0) && (index < indexMax)) {
if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) {
buf[index] = 0;
ctxt->protocol = xmlMemStrdup(buf);
@@ -219,7 +220,7 @@
else {
index = 0;
buf[index] = 0;
- while (*cur != 0)
+ while ((*cur != 0) && (index < indexMax))
buf[index++] = *cur++;
buf[index] = 0;
ctxt->path = xmlMemStrdup(buf);
@@ -241,6 +242,7 @@
const char *cur = URL;
char buf[4096];
int index = 0;
+ const int indexMax = 4096 - 1;
int port = 0;
if (proxy != NULL) {
@@ -258,7 +260,7 @@
#endif
if (URL == NULL) return;
buf[index] = 0;
- while (*cur != 0) {
+ while ((*cur != 0) && (index < indexMax)) {
if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) {
buf[index] = 0;
index = 0;