* use snprintf in compress_gzip just to be shure.
* \param target output string
* \param strbuf input string
*/
-void jsesc(char *target, char *strbuf)
+void jsesc(char *target, size_t tlen, char *strbuf)
{
- int a, len;
+ int len;
+ char *tend;
+ char *send;
+ char *tptr;
+ char *sptr;
target[0]='\0';
len = strlen (strbuf);
- for (a = 0; a < len; ++a) {
- if (strbuf[a] == '<')
- strcat(target, "[");
- else if (strbuf[a] == '>')
- strcat(target, "]");
- else if (strbuf[a] == '\"')
- strcat(target, """);
- else if (strbuf[a] == '&')
- strcat(target, "&;");
- else if (strbuf[a] == '\'')
- strcat(target, "\\'");
- else {
- strncat(target, &strbuf[a], 1);
+ send = strbuf + len;
+ sptr = strbuf;
+ tptr = target;
+
+ while (!IsEmptyStr(sptr) &&
+ (sptr < send) &&
+ (tptr < tend)) {
+
+ if (*sptr == '<')
+ *tptr = '[';
+ else if (*sptr == '>')
+ *tptr = ']';
+ else if (*sptr == '\'') {
+ if (tend - tptr < 3)
+ return;
+ *(tptr++) = '\\';
+ *tptr = '\'';
+ }
+ else if (*sptr == '"') {
+ if (tend - tptr < 8)
+ return;
+ *(tptr++) = '&';
+ *(tptr++) = 'q';
+ *(tptr++) = 'u';
+ *(tptr++) = 'o';
+ *(tptr++) = 't';
+ *tptr = ';';
+ }
+ else if (*sptr == '&') {
+ if (tend - tptr < 7)
+ return;
+ *(tptr++) = '&';
+ *(tptr++) = 'a';
+ *(tptr++) = 'm';
+ *(tptr++) = 'p';
+ *tptr = ';';
+ } else {
+ *tptr = *sptr;
}
+ tptr++; sptr++;
}
+ *tptr = '\0';
}
/**
{
char outbuf[SIZ];
- jsesc(outbuf, strbuf);
+ jsesc(outbuf, SIZ, strbuf);
wprintf("%s", outbuf);
}
/** If we can send the data out compressed, please do so. */
if (WC->gzip_ok) {
char *compressed_data = NULL;
- uLongf compressed_len;
+ size_t compressed_len;
- compressed_len = (uLongf) ((length * 101) / 100) + 100;
+ compressed_len = ((length * 101) / 100) + 100;
compressed_data = malloc(compressed_len);
if (compress_gzip((Bytef *) compressed_data,
char *bstr(char *key);
void urlesc(char *, char *);
void urlescputs(char *);
-void jsesc(char *, char *);
+void jsesc(char *, size_t, char *);
void jsescputs(char *);
void output_headers( int do_httpheaders,
int do_htmlhead,
#ifdef HAVE_ZLIB
#include <zlib.h>
-int ZEXPORT compress_gzip(Bytef * dest, uLongf * destLen,
+int ZEXPORT compress_gzip(Bytef * dest, size_t * destLen,
const Bytef * source, uLong sourceLen, int level);
#endif
#define DEF_MEM_LEVEL 8 /**< memlevel??? */
#define OS_CODE 0x03 /**< unix */
int ZEXPORT compress_gzip(Bytef * dest, /**< compressed buffer*/
- uLongf * destLen, /**< length of the compresed data */
+ size_t * destLen, /**< length of the compresed data */
const Bytef * source, /**< source to encode */
uLong sourceLen, /**< length of source to encode */
int level) /**< compression level */
const int gz_magic[2] = { 0x1f, 0x8b }; /** gzip magic header */
/** write gzip header */
- sprintf((char *) dest, "%c%c%c%c%c%c%c%c%c%c",
- gz_magic[0], gz_magic[1], Z_DEFLATED,
- 0 /*flags */ , 0, 0, 0, 0 /*time */ , 0 /** xflags */ ,
- OS_CODE);
+ snprintf((char *) dest, *destLen,
+ "%c%c%c%c%c%c%c%c%c%c",
+ gz_magic[0], gz_magic[1], Z_DEFLATED,
+ 0 /*flags */ , 0, 0, 0, 0 /*time */ , 0 /** xflags */ ,
+ OS_CODE);
/* normal deflate */
z_stream stream;
/* Perform gzip compression, if enabled and supported by client */
if (WC->gzip_ok) {
char *compressed_data = NULL;
- uLongf compressed_len;
+ size_t compressed_len;
- compressed_len = (uLongf) ((the_len * 101) / 100) + 100;
+ compressed_len = ((the_len * 101) / 100) + 100;
compressed_data = malloc(compressed_len);
if (compress_gzip((Bytef *) compressed_data,