# HG changeset patch
# User Adam Chlipala <adamc@hcoop.net>
# Date 1242173711 14400
# Node ID 3e5d1c6ae30ceeb4ef7e2567455046cc4b9d5ed8
# Parent  d20d6afc1206a2cdeb3b030edaa8311012e2c2ca
Stop potential buffer overrun of path_copy

diff -r d20d6afc1206 -r 3e5d1c6ae30c src/c/driver.c
--- a/src/c/driver.c	Tue May 12 18:02:25 2009 -0400
+++ b/src/c/driver.c	Tue May 12 20:15:11 2009 -0400
@@ -150,6 +150,8 @@
   uw_context ctx = new_context();
   size_t buf_size = 2;
   char *buf = malloc(buf_size);
+  size_t path_copy_size = 0;
+  char *path_copy = malloc(path_copy_size);
 
   while (1) {
     char *back = buf, *s, *post;
@@ -197,7 +199,7 @@
         int is_post = 0, do_normal_send = 1;
         char *boundary = NULL;
         size_t boundary_len;
-        char *cmd, *path, *headers, path_copy[uw_bufsize+1], *inputs, *after_headers;
+        char *cmd, *path, *headers, *inputs, *after_headers;
 
         //printf("All: %s\n", buf);
 
@@ -435,8 +437,14 @@
         printf("Serving URI %s....\n", path);
 
         while (1) {
+          size_t path_len = strlen(path);
+
           uw_write_header(ctx, "HTTP/1.1 200 OK\r\n");
 
+          if (path_len + 1 > path_copy_size) {
+            path_copy_size = path_len + 1;
+            path_copy = realloc(path_copy, path_copy_size);
+          }
           strcpy(path_copy, path);
           fk = uw_begin(ctx, path_copy);
           if (fk == SUCCESS || fk == RETURN_BLOB) {