* more carefully render urls

diff --git a/webcit/messages.c b/webcit/messages.c
index 5505602afec8f2b261fbc84cb1c17e48570b73e4..38298f799037e03e22915760d49aaa5aae88c8d5 100644 (file)
--- a/webcit/messages.c
+++ b/webcit/messages.c
@@ -336,15 +336,19 @@ int webcit_rfc2047encode(char *target, int maxlen, char *source, long SourceLen)
  * Look for URL's embedded in a buffer and make them linkable.  We use a
  * target window in order to keep the Citadel session in its own window.
  */
-void url(char *buf)
+void url(char *buf, size_t bufsize)
 {
-       int len;
+       int len, UrlLen, Offset, TrailerLen, outpos;
        char *start, *end, *pos;
        char urlbuf[SIZ];
-       char outbuf[1024];
+       char outbuf[SIZ];
 
        start = NULL;
        len = strlen(buf);
+       if (len > bufsize) {
+               lprintf(1, "URL: content longer than buffer!");
+               return;
+       }
        end = buf + len;
        for (pos = buf; (pos < end) && (start == NULL); ++pos) {
                if (!strncasecmp(pos, "http://", 7))
@@ -375,17 +379,33 @@ void url(char *buf)
                        end = pos;
                }
        }
+       
+       UrlLen = end - start;
+       if (UrlLen > sizeof(urlbuf)){
+               lprintf(1, "URL: content longer than buffer!");
+               return;
+       }
+       memcpy(urlbuf, start, UrlLen);
+       urlbuf[UrlLen] = '\0';
+
+       Offset = start - buf;
+       if ((Offset != 0) && (Offset < sizeof(outbuf)))
+               memcpy(outbuf, buf, Offset);
+       outpos = snprintf(&outbuf[Offset], sizeof(outbuf) - Offset,  
+                         "%ca href=%c%s%c TARGET=%c%s%c%c%s%c/A%c",
+                         LB, QU, urlbuf, QU, QU, TARGET, QU, RB, urlbuf, LB, RB);
+       if (outpos >= sizeof(outbuf) - Offset) {
+               lprintf(1, "URL: content longer than buffer!");
+               return;
+       }
 
-       strncpy(urlbuf, start, end - start);
-       urlbuf[end - start] = '\0';
-
-       if (start != buf)
-               strncpy(outbuf, buf, start - buf );
-       sprintf(&outbuf[start-buf], "%ca href=%c%s%c TARGET=%c%s%c%c%s%c/A%c",
-               LB, QU, urlbuf, QU, QU, TARGET, QU, RB, urlbuf, LB, RB);
-       strcat(outbuf, end);
-       if ( strlen(outbuf) < 250 )
-               strcpy(buf, outbuf);
+       TrailerLen = len - (end - start);
+       memcpy(outbuf + Offset + outpos, end, TrailerLen);
+       if ( Offset + TrailerLen + outpos > bufsize) {
+               lprintf(1, "URL: content longer than buffer!");
+               return;
+       }
+       memcpy (buf, outbuf, Offset + TrailerLen + outpos);
 }
 
 
@@ -1256,7 +1276,7 @@ void read_message(long msgnum, int printable_view, char *section) {
                                bq = 0;
                        }
                        wprintf("<tt>");
-                       url(buf);
+                       url(buf, sizeof(buf));
                        escputs(buf);
                        wprintf("</tt><br />\n");
                }
@@ -1675,7 +1695,7 @@ void pullquote_message(long msgnum, int forward_attachments, int include_headers
                                bq = 0;
                        }
                        wprintf("<tt>");
-                       url(buf);
+                       url(buf, sizeof(buf));
                        msgescputs1(buf);
                        wprintf("</tt><br />");
                }

diff --git a/webcit/rss.c b/webcit/rss.c
index f86fb97b712eeb212cc088e1191b23e32b0d6348..7a99ecc052e45564837734b293f787da187dff8e 100644 (file)
--- a/webcit/rss.c
+++ b/webcit/rss.c
@@ -278,7 +278,7 @@ void display_rss(char *roomname, char *request_method)
                                        wprintf("</blockquote>");
                                        bq = 0;
                                }
-                               url(buf);
+                               url(buf, sizeof(buf));
                                escputs(buf);
                                wprintf("\n");
                        }
@@ -320,7 +320,7 @@ void display_rss(char *roomname, char *request_method)
                                        bq = 0;
                                }
                                wprintf("<tt>");
-                               url(buf);
+                               url(buf, sizeof(buf));
                                escputs(buf);
                                wprintf("</tt><br />\n");
                        }

diff --git a/webcit/serv_func.c b/webcit/serv_func.c
index ac8a2e77043bbaae23721899de87e6af13a8fda5..edff5ebd43a6ceee1a3d13b718f0972958d21d58 100644 (file)
--- a/webcit/serv_func.c
+++ b/webcit/serv_func.c
@@ -136,7 +136,7 @@ void fmout(char *align)
                        strcpy(buf, &buf[2]);
                }
                /** Activate embedded URL's */
-               url(buf);
+               url(buf, sizeof(buf));
 
                escputs(buf);
                wprintf("\n");

diff --git a/webcit/webcit.h b/webcit/webcit.h
index 515d9b6989dadfda5af3878caf0b8c90a399f28c..b4a2c9ddffba305a8894a6f31f3b5ed39d7cf10d 100644 (file)
--- a/webcit/webcit.h
+++ b/webcit/webcit.h
@@ -544,7 +544,7 @@ void display_mime_icon(void);
 void print_menu_box(char* Title, char *Class, int nLines, ...);
 long stresc(char *target, long tSize, char *strbuf, int nbsp, int nolinebreaks);
 void escputs(char *strbuf);
-void url(char *buf);
+void url(char *buf, size_t bufsize);
 void escputs1(char *strbuf, int nbsp, int nolinebreaks);
 void msgesc(char *target, size_t tlen, char *strbuf);
 void msgescputs(char *strbuf);