Mercurial > urweb
comparison src/c/driver.c @ 793:3e5d1c6ae30c
Stop potential buffer overrun of path_copy
| author | Adam Chlipala <adamc@hcoop.net> |
|---|---|
| date | Tue, 12 May 2009 20:15:11 -0400 |
| parents | 43553c93dd8c |
| children | 5f49a6b759cb |
comparison
equal
deleted
inserted
replaced
| 792:d20d6afc1206 | 793:3e5d1c6ae30c |
|---|---|
| 148 static void *worker(void *data) { | 148 static void *worker(void *data) { |
| 149 int me = *(int *)data, retries_left = MAX_RETRIES; | 149 int me = *(int *)data, retries_left = MAX_RETRIES; |
| 150 uw_context ctx = new_context(); | 150 uw_context ctx = new_context(); |
| 151 size_t buf_size = 2; | 151 size_t buf_size = 2; |
| 152 char *buf = malloc(buf_size); | 152 char *buf = malloc(buf_size); |
| 153 size_t path_copy_size = 0; | |
| 154 char *path_copy = malloc(path_copy_size); | |
| 153 | 155 |
| 154 while (1) { | 156 while (1) { |
| 155 char *back = buf, *s, *post; | 157 char *back = buf, *s, *post; |
| 156 int sock, dont_close = 0; | 158 int sock, dont_close = 0; |
| 157 | 159 |
| 195 if (s = strstr(buf, "\r\n\r\n")) { | 197 if (s = strstr(buf, "\r\n\r\n")) { |
| 196 failure_kind fk; | 198 failure_kind fk; |
| 197 int is_post = 0, do_normal_send = 1; | 199 int is_post = 0, do_normal_send = 1; |
| 198 char *boundary = NULL; | 200 char *boundary = NULL; |
| 199 size_t boundary_len; | 201 size_t boundary_len; |
| 200 char *cmd, *path, *headers, path_copy[uw_bufsize+1], *inputs, *after_headers; | 202 char *cmd, *path, *headers, *inputs, *after_headers; |
| 201 | 203 |
| 202 //printf("All: %s\n", buf); | 204 //printf("All: %s\n", buf); |
| 203 | 205 |
| 204 s[2] = 0; | 206 s[2] = 0; |
| 205 after_headers = s + 4; | 207 after_headers = s + 4; |
| 433 } | 435 } |
| 434 | 436 |
| 435 printf("Serving URI %s....\n", path); | 437 printf("Serving URI %s....\n", path); |
| 436 | 438 |
| 437 while (1) { | 439 while (1) { |
| 440 size_t path_len = strlen(path); | |
| 441 | |
| 438 uw_write_header(ctx, "HTTP/1.1 200 OK\r\n"); | 442 uw_write_header(ctx, "HTTP/1.1 200 OK\r\n"); |
| 439 | 443 |
| 444 if (path_len + 1 > path_copy_size) { | |
| 445 path_copy_size = path_len + 1; | |
| 446 path_copy = realloc(path_copy, path_copy_size); | |
| 447 } | |
| 440 strcpy(path_copy, path); | 448 strcpy(path_copy, path); |
| 441 fk = uw_begin(ctx, path_copy); | 449 fk = uw_begin(ctx, path_copy); |
| 442 if (fk == SUCCESS || fk == RETURN_BLOB) { | 450 if (fk == SUCCESS || fk == RETURN_BLOB) { |
| 443 uw_commit(ctx); | 451 uw_commit(ctx); |
| 444 break; | 452 break; |