1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
|
$NetBSD: patch-aq,v 1.2 2004/11/07 08:55:04 tron Exp $
--- httpget.c.orig 2004-11-07 09:47:28.000000000 +0100
+++ httpget.c 2004-11-07 09:49:34.000000000 +0100
@@ -55,11 +55,10 @@
#endif
int pos = 0;
- while(1) {
+ while(pos < (maxlen - 1)) {
if( read(fileno(f),string+pos,1) == 1) {
pos++;
if(string[pos-1] == '\n') {
- string[pos] = 0;
break;
}
}
@@ -78,6 +77,7 @@
}
#endif
+ string[pos] = '\0';
}
void encode64 (char *source,char *destination)
@@ -111,7 +111,7 @@
}
/* VERY simple auth-from-URL grabber */
-int getauthfromURL(char *url,char *auth)
+int getauthfromURL(char *url,char *auth,unsigned long authlen)
{
char *pos;
@@ -126,9 +126,13 @@
if( url[i] == '/' )
return 0;
}
+ if (pos-url >= authlen) {
+ fprintf (stderr, "Error: authentication data exceeds max. length.\n");
+ return -1;
+ }
strncpy(auth,url,pos-url);
auth[pos-url] = 0;
- strcpy(url,pos+1);
+ memmove(url,pos+1,strlen(pos+1)+1);
return 1;
}
return 0;
@@ -265,7 +269,10 @@
strncpy (purl, url, 1023);
purl[1023] = '\0';
- getauthfromURL(purl,httpauth1);
+ if (getauthfromURL(purl,httpauth1,sizeof(httpauth1)) < 0) {
+ sock = -1;
+ goto exit;
+ }
do {
strcpy (request, "GET ");
@@ -399,6 +406,7 @@
fprintf (stderr, "Too many HTTP relocations.\n");
exit (1);
}
+exit:
free (purl);
free (request);
free(host);
|