Fix heap buffer overflow in de_dotdot

blueness · Jun 6, 2017 · c0dc63a · c0dc63a
1 parent 7e15761
commit c0dc63a
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/libhttpd.c b/src/libhttpd.c
@@ -2410,7 +2410,7 @@ de_dotdot( char* file )
     while ( strncmp( file, "./", 2 ) == 0 )
 	(void) memmove( file, file + 2, strlen( file ) - 1 );
     while ( ( cp = strstr( file, "/./") ) != (char*) 0 )
-	(void) memmove( cp, cp + 2, strlen( file ) - 1 );
+	(void) memmove( cp, cp + 2, strlen( cp ) - 1 );
 
     /* Alternate between removing leading ../ and removing xxx/../ */
     for (;;)