projects
/
citadel.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
d696994
)
* sanitize urlesc, so we don't buffer overrun.
author
Wilfried Göesgens
<willi@citadel.org>
Sun, 13 Jan 2008 22:02:24 +0000
(22:02 +0000)
committer
Wilfried Göesgens
<willi@citadel.org>
Sun, 13 Jan 2008 22:02:24 +0000
(22:02 +0000)
libcitadel/configure.in
patch
|
blob
|
history
libcitadel/debian/libcitadel1.substvars
patch
|
blob
|
history
libcitadel/lib/libcitadel.h
patch
|
blob
|
history
libcitadel/lib/tools.c
patch
|
blob
|
history
diff --git
a/libcitadel/configure.in
b/libcitadel/configure.in
index 73f2193d8bd2710911392cedbb5241bbc4071abb..1c94025ae1a9114b9eecc9ed9a0763c0e4526ea4 100755
(executable)
--- a/
libcitadel/configure.in
+++ b/
libcitadel/configure.in
@@
-5,7
+5,7
@@
dnl
dnl Ensure that libcitadel is configured with autoconf 2.52 or newer
AC_PREREQ(2.52)
dnl Ensure that libcitadel is configured with autoconf 2.52 or newer
AC_PREREQ(2.52)
-AC_INIT(citadel,
1.00
, example@example.com)
+AC_INIT(citadel,
7.24
, example@example.com)
AC_CONFIG_SRCDIR(Makefile.in)
AC_CONFIG_AUX_DIR(conftools)
AC_CONFIG_SRCDIR(Makefile.in)
AC_CONFIG_AUX_DIR(conftools)
diff --git
a/libcitadel/debian/libcitadel1.substvars
b/libcitadel/debian/libcitadel1.substvars
index e881fc18f5e1f6fefad15c871cdc64a8b10bed2c..36e5a58f3a844db06c70599fe0c515b5c7903aae 100644
(file)
--- a/
libcitadel/debian/libcitadel1.substvars
+++ b/
libcitadel/debian/libcitadel1.substvars
@@
-1
+1
@@
-shlibs:Depends=libc6 (>= 2.
6.1
-1)
+shlibs:Depends=libc6 (>= 2.
7
-1)
diff --git
a/libcitadel/lib/libcitadel.h
b/libcitadel/lib/libcitadel.h
index f65dbc3596ea032c86f074d5f18921abfbed773d..66c1134ccffba0f718306e58dbd76944f91fef97 100644
(file)
--- a/
libcitadel/lib/libcitadel.h
+++ b/
libcitadel/lib/libcitadel.h
@@
-177,7
+177,7
@@
char *memreadlinelen(char *start, char *buf, int maxlen, int *retlen);
void stripout(char *str, char leftboundary, char rightboundary);
void stripallbut(char *str, char leftboundary, char rightboundary);
char *myfgets(char *s, int size, FILE *stream);
void stripout(char *str, char leftboundary, char rightboundary);
void stripallbut(char *str, char leftboundary, char rightboundary);
char *myfgets(char *s, int size, FILE *stream);
-void urlesc(char *outbuf, char *strbuf);
+void urlesc(char *outbuf,
size_t oblen,
char *strbuf);
char *CtdlTempFileName(char *prefix1, int prefix2);
FILE *CtdlTempFile(void);
void generate_uuid(char *buf);
char *CtdlTempFileName(char *prefix1, int prefix2);
FILE *CtdlTempFile(void);
void generate_uuid(char *buf);
diff --git
a/libcitadel/lib/tools.c
b/libcitadel/lib/tools.c
index ab885268bf08bf1e44d9625b986368dc5fb41f0d..8298d9d48c044b90a4816451a5a5e65d262a922e 100644
(file)
--- a/
libcitadel/lib/tools.c
+++ b/
libcitadel/lib/tools.c
@@
-698,29
+698,35
@@
char *myfgets(char *s, int size, FILE *stream) {
return ret;
}
return ret;
}
-/*
- * Escape a string for feeding out as a URL.
- * Output buffer must be big enough to handle escape expansion!
+/**
+ * \brief Escape a string for feeding out as a URL.
+ * \param outbuf the output buffer
+ * \param oblen the size of outbuf to sanitize
+ * \param strbuf the input buffer
*/
*/
-void urlesc(char *outbuf, char *strbuf)
+void urlesc(char *outbuf,
size_t oblen,
char *strbuf)
{
{
- int a, b, c;
- char *ec = "
#&;`'|*?-~<>^()[]{}$
\\";
+ int a, b, c
, len, eclen, olen
;
+ char *ec = "
+#&;`'|*?-~<>^()[]{}/$\"
\\";
strcpy(outbuf, "");
strcpy(outbuf, "");
-
- for (a = 0; a < (int)strlen(strbuf); ++a) {
+ len = strlen(strbuf);
+ eclen = strlen(ec);
+ olen = 0;
+ for (a = 0; a < len; ++a) {
c = 0;
c = 0;
- for (b = 0; b <
strlen(ec)
; ++b) {
+ for (b = 0; b <
eclen
; ++b) {
if (strbuf[a] == ec[b])
c = 1;
}
if (strbuf[a] == ec[b])
c = 1;
}
- b = strlen(outbuf);
- if (c == 1)
- sprintf(&outbuf[b], "%%%02x", strbuf[a]);
- else
- sprintf(&outbuf[b], "%c", strbuf[a]);
+ if (c == 1) {
+ snprintf(&outbuf[olen], oblen - olen, "%%%02x", strbuf[a]);
+ olen += 3;
+ }
+ else
+ outbuf[olen ++] = strbuf[a];
}
}
+ outbuf[olen] = '\0';
}
}