From 7dc7640aef93f69bff8ba828e8bf98cd88f913d1 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Wilfried=20G=C3=B6esgens?= Date: Sun, 13 Jan 2008 22:02:24 +0000 Subject: [PATCH] * sanitize urlesc, so we don't buffer overrun. --- libcitadel/configure.in | 2 +- libcitadel/debian/libcitadel1.substvars | 2 +- libcitadel/lib/libcitadel.h | 2 +- libcitadel/lib/tools.c | 34 +++++++++++++++---------- 4 files changed, 23 insertions(+), 17 deletions(-) diff --git a/libcitadel/configure.in b/libcitadel/configure.in index 73f2193d8..1c94025ae 100755 --- a/libcitadel/configure.in +++ b/libcitadel/configure.in @@ -5,7 +5,7 @@ dnl dnl Ensure that libcitadel is configured with autoconf 2.52 or newer AC_PREREQ(2.52) -AC_INIT(citadel, 1.00, example@example.com) +AC_INIT(citadel, 7.24, example@example.com) AC_CONFIG_SRCDIR(Makefile.in) AC_CONFIG_AUX_DIR(conftools) diff --git a/libcitadel/debian/libcitadel1.substvars b/libcitadel/debian/libcitadel1.substvars index e881fc18f..36e5a58f3 100644 --- a/libcitadel/debian/libcitadel1.substvars +++ b/libcitadel/debian/libcitadel1.substvars @@ -1 +1 @@ -shlibs:Depends=libc6 (>= 2.6.1-1) +shlibs:Depends=libc6 (>= 2.7-1) diff --git a/libcitadel/lib/libcitadel.h b/libcitadel/lib/libcitadel.h index f65dbc359..66c1134cc 100644 --- a/libcitadel/lib/libcitadel.h +++ b/libcitadel/lib/libcitadel.h @@ -177,7 +177,7 @@ char *memreadlinelen(char *start, char *buf, int maxlen, int *retlen); void stripout(char *str, char leftboundary, char rightboundary); void stripallbut(char *str, char leftboundary, char rightboundary); char *myfgets(char *s, int size, FILE *stream); -void urlesc(char *outbuf, char *strbuf); +void urlesc(char *outbuf, size_t oblen, char *strbuf); char *CtdlTempFileName(char *prefix1, int prefix2); FILE *CtdlTempFile(void); void generate_uuid(char *buf); diff --git a/libcitadel/lib/tools.c b/libcitadel/lib/tools.c index ab885268b..8298d9d48 100644 --- a/libcitadel/lib/tools.c +++ b/libcitadel/lib/tools.c @@ -698,29 +698,35 @@ char *myfgets(char *s, int size, FILE *stream) { return ret; } -/* - * Escape a string for feeding out as a URL. - * Output buffer must be big enough to handle escape expansion! +/** + * \brief Escape a string for feeding out as a URL. + * \param outbuf the output buffer + * \param oblen the size of outbuf to sanitize + * \param strbuf the input buffer */ -void urlesc(char *outbuf, char *strbuf) +void urlesc(char *outbuf, size_t oblen, char *strbuf) { - int a, b, c; - char *ec = " #&;`'|*?-~<>^()[]{}$\\"; + int a, b, c, len, eclen, olen; + char *ec = " +#&;`'|*?-~<>^()[]{}/$\"\\"; strcpy(outbuf, ""); - - for (a = 0; a < (int)strlen(strbuf); ++a) { + len = strlen(strbuf); + eclen = strlen(ec); + olen = 0; + for (a = 0; a < len; ++a) { c = 0; - for (b = 0; b < strlen(ec); ++b) { + for (b = 0; b < eclen; ++b) { if (strbuf[a] == ec[b]) c = 1; } - b = strlen(outbuf); - if (c == 1) - sprintf(&outbuf[b], "%%%02x", strbuf[a]); - else - sprintf(&outbuf[b], "%c", strbuf[a]); + if (c == 1) { + snprintf(&outbuf[olen], oblen - olen, "%%%02x", strbuf[a]); + olen += 3; + } + else + outbuf[olen ++] = strbuf[a]; } + outbuf[olen] = '\0'; } -- 2.30.2