lobo/isync
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix bug in newline conversion causing buffer overflows.

Browse Source 
this leads to segfaults and has some security impact.
This commit is contained in:
Oswald Buddenhagen 2006-08-10 07:01:02 +00:00
parent 617d1a6e49
commit 9b657a46a0
1 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/sync.c
View File

@ -211,7 +211,7 @@ msg_fetched( int sts, void *aux )
copy_vars_t *vars = (copy_vars_t *)aux; copy_vars_t *vars = (copy_vars_t *)aux;
SVARS(vars->aux) SVARS(vars->aux)
char *fmap, *buf; char *fmap, *buf;
int i, len, extra, cra, crd, scr, tcr; int i, len, extra, cra, crd, scr, tcr, crds;
int start, sbreak = 0, ebreak = 0; int start, sbreak = 0, ebreak = 0;
char c; char c;
@ -234,20 +234,21 @@ msg_fetched( int sts, void *aux )
extra += 8 + TUIDL + 1 + tcr; extra += 8 + TUIDL + 1 + tcr;
nloop: nloop:
start = i; start = i;
crds = 0;
while (i < len) { while (i < len) {
c = fmap[i++]; c = fmap[i++];
if (c == '\r') if (c == '\r')
extra += crd; crds += crd;
else if (c == '\n') { else if (c == '\n') {
extra += cra;
if (i - 1 - scr == start) {
sbreak = ebreak = i - 1 - scr;
goto oke;
}
if (!memcmp( fmap + start, "X-TUID: ", 8 )) { if (!memcmp( fmap + start, "X-TUID: ", 8 )) {
extra -= (ebreak = i) - (sbreak = start); extra -= (ebreak = i) - (sbreak = start);
goto oke; goto oke;
} }
extra += cra + crds;
if (i - 1 - scr == start) {
sbreak = ebreak = i - 1 - scr;
goto oke;
}
goto nloop; goto nloop;
} }
} }