Check-in [b83e2d07b5]
Overview
Comment:Added additional bounds checking to conf_apache (needs more)
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: b83e2d07b5ed3053a6a23dfcac92fa17e8e4b9a8
User & Date: rkeene on 2006-12-15 23:33:06
Other Links: manifest | tags
Context
2006-12-16
17:06
Subversion to Fossil Copy Commit. Please Ignore. Recording copying lc_geterrstr.3.in to lc_seterrstr.3.in. check-in: 9f254f7f02 user: rkeene tags: trunk
2006-12-15
23:33
Added additional bounds checking to conf_apache (needs more) check-in: b83e2d07b5 user: rkeene tags: trunk
23:15
Fixed potential buffer bounds issues check-in: e25a9d7fae user: rkeene tags: trunk
Changes

Modified conf_apache.c from [dc1e53e03b] to [963e2cc977].

135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
		while (*linebuf_ptr < ' ' && linebuf_ptr >= linebuf) {
			*linebuf_ptr = '\0';
			linebuf_ptr--;
		}

		/* Remove leading spaces. */
		linebuf_ptr = &linebuf[0];
		while (*linebuf_ptr == ' ' || *linebuf_ptr == '\t') {
			linebuf_ptr++;
		}

		/* Handle section header. */
		if (linebuf_ptr[0] == '<' && linebuf_ptr[strlen(linebuf_ptr) - 1] == '>') {
			/* Remove < and > from around the data. */
			linebuf_ptr[strlen(linebuf_ptr) - 1] = '\0';
			linebuf_ptr++;

			/* Lowercase the command part of the section. */
			tmp_ptr = linebuf_ptr;
			while (*tmp_ptr != '\0' && *tmp_ptr != ' ') {
				*tmp_ptr = tolower(*tmp_ptr);
				tmp_ptr++;
			}

			/* If this is a close section command, handle it */
			if (linebuf_ptr[0] == '/') {
				linebuf_ptr++;







|




|






|







135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
		while (*linebuf_ptr < ' ' && linebuf_ptr >= linebuf) {
			*linebuf_ptr = '\0';
			linebuf_ptr--;
		}

		/* Remove leading spaces. */
		linebuf_ptr = &linebuf[0];
		while ((*linebuf_ptr == ' ' || *linebuf_ptr == '\t') && linebuf_ptr < (linebuf + sizeof(linebuf))) {
			linebuf_ptr++;
		}

		/* Handle section header. */
		if (linebuf_ptr[0] == '<' && linebuf_ptr[strlen(linebuf_ptr) - 1] == '>' && linebuf_ptr < (linebuf + sizeof(linebuf))) {
			/* Remove < and > from around the data. */
			linebuf_ptr[strlen(linebuf_ptr) - 1] = '\0';
			linebuf_ptr++;

			/* Lowercase the command part of the section. */
			tmp_ptr = linebuf_ptr;
			while (*tmp_ptr != '\0' && *tmp_ptr != ' ' && tmp_ptr < (linebuf + sizeof(linebuf))) {
				*tmp_ptr = tolower(*tmp_ptr);
				tmp_ptr++;
			}

			/* If this is a close section command, handle it */
			if (linebuf_ptr[0] == '/') {
				linebuf_ptr++;