* sanitize urlesc, so we don't buffer overrun.

diff --git a/libcitadel/configure.in b/libcitadel/configure.in
index 73f2193d8bd2710911392cedbb5241bbc4071abb..1c94025ae1a9114b9eecc9ed9a0763c0e4526ea4 100755 (executable)
--- a/libcitadel/configure.in
+++ b/libcitadel/configure.in
@@ -5,7 +5,7 @@ dnl
 dnl Ensure that libcitadel is configured with autoconf 2.52 or newer
 AC_PREREQ(2.52)
 
-AC_INIT(citadel, 1.00, example@example.com)
+AC_INIT(citadel, 7.24, example@example.com)
 
 AC_CONFIG_SRCDIR(Makefile.in)
 AC_CONFIG_AUX_DIR(conftools)

diff --git a/libcitadel/debian/libcitadel1.substvars b/libcitadel/debian/libcitadel1.substvars
index e881fc18f5e1f6fefad15c871cdc64a8b10bed2c..36e5a58f3a844db06c70599fe0c515b5c7903aae 100644 (file)
--- a/libcitadel/debian/libcitadel1.substvars
+++ b/libcitadel/debian/libcitadel1.substvars
@@ -1 +1 @@
-shlibs:Depends=libc6 (>= 2.6.1-1)
+shlibs:Depends=libc6 (>= 2.7-1)

diff --git a/libcitadel/lib/libcitadel.h b/libcitadel/lib/libcitadel.h
index f65dbc3596ea032c86f074d5f18921abfbed773d..66c1134ccffba0f718306e58dbd76944f91fef97 100644 (file)
--- a/libcitadel/lib/libcitadel.h
+++ b/libcitadel/lib/libcitadel.h
@@ -177,7 +177,7 @@ char *memreadlinelen(char *start, char *buf, int maxlen, int *retlen);
 void stripout(char *str, char leftboundary, char rightboundary);
 void stripallbut(char *str, char leftboundary, char rightboundary);
 char *myfgets(char *s, int size, FILE *stream);
-void urlesc(char *outbuf, char *strbuf);
+void urlesc(char *outbuf, size_t oblen, char *strbuf);
 char *CtdlTempFileName(char *prefix1, int prefix2);
 FILE *CtdlTempFile(void);
 void generate_uuid(char *buf);

diff --git a/libcitadel/lib/tools.c b/libcitadel/lib/tools.c
index ab885268bf08bf1e44d9625b986368dc5fb41f0d..8298d9d48c044b90a4816451a5a5e65d262a922e 100644 (file)
--- a/libcitadel/lib/tools.c
+++ b/libcitadel/lib/tools.c
@@ -698,29 +698,35 @@ char *myfgets(char *s, int size, FILE *stream) {
        return ret;
 }
 
-/*
- * Escape a string for feeding out as a URL.
- * Output buffer must be big enough to handle escape expansion!
+/** 
+ * \brief Escape a string for feeding out as a URL.
+ * \param outbuf the output buffer
+ * \param oblen the size of outbuf to sanitize
+ * \param strbuf the input buffer
  */
-void urlesc(char *outbuf, char *strbuf)
+void urlesc(char *outbuf, size_t oblen, char *strbuf)
 {
-       int a, b, c;
-       char *ec = " #&;`'|*?-~<>^()[]{}$\\";
+       int a, b, c, len, eclen, olen;
+       char *ec = " +#&;`'|*?-~<>^()[]{}/$\"\\";
 
        strcpy(outbuf, "");
-
-       for (a = 0; a < (int)strlen(strbuf); ++a) {
+       len = strlen(strbuf);
+       eclen = strlen(ec);
+       olen = 0;
+       for (a = 0; a < len; ++a) {
                c = 0;
-               for (b = 0; b < strlen(ec); ++b) {
+               for (b = 0; b < eclen; ++b) {
                        if (strbuf[a] == ec[b])
                                c = 1;
                }
-               b = strlen(outbuf);
-               if (c == 1)
-                       sprintf(&outbuf[b], "%%%02x", strbuf[a]);
-               else
-                       sprintf(&outbuf[b], "%c", strbuf[a]);
+               if (c == 1) {
+                       snprintf(&outbuf[olen], oblen - olen, "%%%02x", strbuf[a]);
+                       olen += 3;
+               }
+               else 
+                       outbuf[olen ++] = strbuf[a];
        }
+       outbuf[olen] = '\0';
 }