Andrew's git
/
gitweb.git
/ diff
summary
|
log
|
commit
| diff |
tree
commit
grep
author
committer
pickaxe
?
re
http-backend: Fix access beyond end of string.
author
Tarmigan Casebolt
<tarmigan+git@gmail.com>
Sat, 14 Nov 2009 21:10:57 +0000
(13:10 -0800)
committer
Junio C Hamano
<gitster@pobox.com>
Mon, 16 Nov 2009 06:14:51 +0000
(22:14 -0800)
Found with valgrind while looking for Content-Length corruption in
smart http.
Signed-off-by: Tarmigan Casebolt <tarmigan+git@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
http-backend.c
patch
|
blob
|
history
raw
|
patch
|
inline
| side by side (parent:
4a5328d
)
diff --git
a/http-backend.c
b/http-backend.c
index 7f48406d6dd8a3b67ade9a6b532a8c5764d61504..8e08f057dd6536b06d1ee017e4733ad1585e782e 100644
(file)
--- a/
http-backend.c
+++ b/
http-backend.c
@@
-615,7
+615,7
@@
int main(int argc, char **argv)
if (regcomp(&re, c->pattern, REG_EXTENDED))
die("Bogus regex in service table: %s", c->pattern);
if (!regexec(&re, dir, 1, out, 0)) {
if (regcomp(&re, c->pattern, REG_EXTENDED))
die("Bogus regex in service table: %s", c->pattern);
if (!regexec(&re, dir, 1, out, 0)) {
- size_t n
= out[0].rm_eo - out[0].rm_so
;
+ size_t n;
if (strcmp(method, c->method)) {
const char *proto = getenv("SERVER_PROTOCOL");
if (strcmp(method, c->method)) {
const char *proto = getenv("SERVER_PROTOCOL");
@@
-629,9
+629,10
@@
int main(int argc, char **argv)
}
cmd = c;
}
cmd = c;
+ n = out[0].rm_eo - out[0].rm_so;
cmd_arg = xmalloc(n);
cmd_arg = xmalloc(n);
-
strncpy(cmd_arg, dir + out[0].rm_so + 1, n
);
- cmd_arg[n] = '\0';
+
memcpy(cmd_arg, dir + out[0].rm_so + 1, n-1
);
+ cmd_arg[n
-1
] = '\0';
dir[out[0].rm_so] = 0;
break;
}
dir[out[0].rm_so] = 0;
break;
}