Fix bad buffer length in {http,supemb}_is_valid_uri() (reported by Se…

…nén de Diego)
koanlogic · Dec 28, 2011 · ec3da81 · ec3da81
1 parent fc5f108
commit ec3da81
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 2 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -19,6 +19,8 @@ KLone 3.0.0:
 	  values (reported and fixed by Davide Berra)
 	- Fix SSL compilation flags missing during cross-compilation
 	- Fix partially uploaded files not cleaned up
+	- Fix bad buffer length in {http,supemb}_is_valid_uri() (reported by
+	  Senén de Diego)
 
 KLone 2.4.0:
 	- max size estimate of encrypted sessions fixed (session_prv_calc_maxsize)

diff --git a/THANKS b/THANKS
@@ -10,3 +10,4 @@ Christian Kelinski      kelinski at gmail.com
 Kari Pahula             kaol at iki.fi
 Mark Richards           mark.richards at massmicro.com
 Steven Van Ingelgem     steven at vaningelgem.be
+Senén de Diego          atinar1@hotmail.com
diff --git a/src/libhttp/http.c b/src/libhttp/http.c
@@ -225,9 +225,12 @@ static int http_is_valid_uri(request_t *rq, const char *buf, size_t len)
 
     dbg_err_if (rq == NULL);
     dbg_err_if (buf == NULL);
+    dbg_err_if (len + 1 > URI_MAX);
 
     dbg_err_if ((h = request_get_http(rq)) == NULL);
-    dbg_err_if (u_strlcpy(uri, buf, sizeof uri));
+
+    memcpy(uri, buf, len);
+    uri[len] = '\0';
 
     /* try the url itself */
     if(broker_is_valid_uri(h->broker, h, rq, uri, strlen(uri)))

diff --git a/src/libhttp/sup_emb.c b/src/libhttp/sup_emb.c
@@ -34,10 +34,12 @@ static int supemb_is_valid_uri(http_t *h, request_t *rq, const char *uri,
 
     dbg_err_if (uri == NULL);
     dbg_err_if (mtime == NULL);
+    dbg_err_if (len + 1 > U_FILENAME_MAX);
 
     u_unused_args(h, rq);
 
-    dbg_err_if (u_strlcpy(filename, uri, sizeof filename));
+    memcpy(filename, uri, len);
+    filename[len] = '\0';
 
     if(emb_lookup(filename, &e) == 0)
     {   /* resource found */