apr-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bri...@apache.org
Subject cvs commit: apr/file_io/unix filepath.c
Date Wed, 12 Jun 2002 01:42:36 GMT
brianp      2002/06/11 18:42:35

  Modified:    file_io/unix filepath.c
  Log:
  More conservative buffer overflow checking code for
  apr_filepath_merge(): fail immediately if the sum of
  the rootpath and addpath lengths is too long, rather
  than letting long strings pass through and checking
  for overflow at multiple points throughout the merge
  code.
  
  Revision  Changes    Path
  1.15      +1 -12     apr/file_io/unix/filepath.c
  
  Index: filepath.c
  ===================================================================
  RCS file: /home/cvs/apr/file_io/unix/filepath.c,v
  retrieving revision 1.14
  retrieving revision 1.15
  diff -u -r1.14 -r1.15
  --- filepath.c	17 Mar 2002 03:24:15 -0000	1.14
  +++ filepath.c	12 Jun 2002 01:42:35 -0000	1.15
  @@ -189,10 +189,7 @@
                                                * root, and at end, plus trailing
                                                * null */
       if (maxlen > APR_PATH_MAX) {
  -        if (rootlen >= APR_PATH_MAX) {
  -            return APR_ENAMETOOLONG;
  -        }
  -        maxlen = APR_PATH_MAX;
  +        return APR_ENAMETOOLONG;
       }
       path = (char *)apr_palloc(p, maxlen);
   
  @@ -223,8 +220,6 @@
           /* Always '/' terminate the given root path
            */
           if (keptlen && path[keptlen - 1] != '/') {
  -            if (keptlen + 1 >= maxlen)
  -                return APR_ENAMETOOLONG;
               path[keptlen++] = '/';
           }
           pathlen = keptlen;
  @@ -271,9 +266,6 @@
   
                   /* Otherwise append another backpath.
                    */
  -                if (pathlen + 3 >= maxlen ) {
  -                    return APR_ENAMETOOLONG;
  -                }
                   memcpy(path + pathlen, "../", 3);
                   pathlen += 3;
               }
  @@ -303,9 +295,6 @@
                */
               if (*next) {
                   seglen++;
  -            }
  -            if (pathlen + seglen >= maxlen) {
  -                return APR_ENAMETOOLONG;
               }
               memcpy(path + pathlen, addpath, seglen);
               pathlen += seglen;
  
  
  

Mime
View raw message