Check-in [b83e2d07b5]
Overview
Comment:Added additional bounds checking to conf_apache (needs more)
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: b83e2d07b5ed3053a6a23dfcac92fa17e8e4b9a8
User & Date: rkeene on 2006-12-15 23:33:06
Other Links: manifest | tags
Context
2006-12-16
17:06
Subversion to Fossil Copy Commit. Please Ignore. Recording copying lc_geterrstr.3.in to lc_seterrstr.3.in. check-in: 9f254f7f02 user: rkeene tags: trunk
2006-12-15
23:33
Added additional bounds checking to conf_apache (needs more) check-in: b83e2d07b5 user: rkeene tags: trunk
23:15
Fixed potential buffer bounds issues check-in: e25a9d7fae user: rkeene tags: trunk
Changes

Modified conf_apache.c from [dc1e53e03b] to [963e2cc977].

135
136
137
138
139
140
141
142

143
144
145
146
147

148
149
150
151
152
153
154

155
156
157
158
159
160
161
135
136
137
138
139
140
141

142
143
144
145
146

147
148
149
150
151
152
153

154
155
156
157
158
159
160
161







-
+




-
+






-
+







		while (*linebuf_ptr < ' ' && linebuf_ptr >= linebuf) {
			*linebuf_ptr = '\0';
			linebuf_ptr--;
		}

		/* Remove leading spaces. */
		linebuf_ptr = &linebuf[0];
		while (*linebuf_ptr == ' ' || *linebuf_ptr == '\t') {
		while ((*linebuf_ptr == ' ' || *linebuf_ptr == '\t') && linebuf_ptr < (linebuf + sizeof(linebuf))) {
			linebuf_ptr++;
		}

		/* Handle section header. */
		if (linebuf_ptr[0] == '<' && linebuf_ptr[strlen(linebuf_ptr) - 1] == '>') {
		if (linebuf_ptr[0] == '<' && linebuf_ptr[strlen(linebuf_ptr) - 1] == '>' && linebuf_ptr < (linebuf + sizeof(linebuf))) {
			/* Remove < and > from around the data. */
			linebuf_ptr[strlen(linebuf_ptr) - 1] = '\0';
			linebuf_ptr++;

			/* Lowercase the command part of the section. */
			tmp_ptr = linebuf_ptr;
			while (*tmp_ptr != '\0' && *tmp_ptr != ' ') {
			while (*tmp_ptr != '\0' && *tmp_ptr != ' ' && tmp_ptr < (linebuf + sizeof(linebuf))) {
				*tmp_ptr = tolower(*tmp_ptr);
				tmp_ptr++;
			}

			/* If this is a close section command, handle it */
			if (linebuf_ptr[0] == '/') {
				linebuf_ptr++;