From: Wilfried Goesgens <dothebart@citadel.org>
Date: Sun, 21 Oct 2012 22:16:47 +0000 (+0200)
Subject: URL-Parsing: fix off by one when checking the length of URL params
X-Git-Tag: v8.20~209
X-Git-Url: https://code.citadel.org/?p=citadel.git;a=commitdiff_plain;h=8fa72a64be9fe62fe40dfe8301cbcbca0fc44b79

URL-Parsing: fix off by one when checking the length of URL params
---

diff --git a/webcit/paramhandling.c b/webcit/paramhandling.c
index 46ac87280..9db69f7e7 100644
--- a/webcit/paramhandling.c
+++ b/webcit/paramhandling.c
@@ -50,7 +50,7 @@ void ParseURLParams(StrBuf *url)
 			bptr++;
 		}
 		keylen = aptr - up - 1; /* -1 -> '=' */
-		if(keylen > sizeof(u->url_key)) {
+		if(keylen >= sizeof(u->url_key)) {
 			syslog(1, "invalid url_key from %s", ChrPtr(WCC->Hdr->HR.browser_host));
 			return;
 		}
@@ -371,7 +371,7 @@ void PutBstr(const char *key, long keylen, StrBuf *Value)
 	urlcontent *u;
 	wcsession *WCC = WC;
 
-	if(keylen > sizeof(u->url_key)) {
+	if(keylen >= sizeof(u->url_key)) {
 		syslog(1, "invalid url_key from %s", ChrPtr(WCC->Hdr->HR.browser_host));
 		FreeStrBuf(&Value);
 		return;