summaryrefslogtreecommitdiff
path: root/network/thttpd/patches/2.25b/fix-buffer-overflow.diff
diff options
context:
space:
mode:
Diffstat (limited to 'network/thttpd/patches/2.25b/fix-buffer-overflow.diff')
-rw-r--r--network/thttpd/patches/2.25b/fix-buffer-overflow.diff21
1 files changed, 21 insertions, 0 deletions
diff --git a/network/thttpd/patches/2.25b/fix-buffer-overflow.diff b/network/thttpd/patches/2.25b/fix-buffer-overflow.diff
new file mode 100644
index 0000000000..cacd732148
--- /dev/null
+++ b/network/thttpd/patches/2.25b/fix-buffer-overflow.diff
@@ -0,0 +1,21 @@
+diff -Nrup thttpd-2.25b.orig/libhttpd.c thttpd-2.25b/libhttpd.c
+--- thttpd-2.25b.orig/libhttpd.c 2003-12-25 19:06:05.000000000 +0000
++++ thttpd-2.25b/libhttpd.c 2007-01-08 21:43:28.000000000 +0000
+@@ -1469,7 +1469,7 @@ expand_symlinks( char* path, char** rest
+ httpd_realloc_str( &checked, &maxchecked, checkedlen );
+ (void) strcpy( checked, path );
+ /* Trim trailing slashes. */
+- while ( checked[checkedlen - 1] == '/' )
++ while ( checkedlen && checked[checkedlen - 1] == '/' )
+ {
+ checked[checkedlen - 1] = '\0';
+ --checkedlen;
+@@ -1488,7 +1488,7 @@ expand_symlinks( char* path, char** rest
+ restlen = strlen( path );
+ httpd_realloc_str( &rest, &maxrest, restlen );
+ (void) strcpy( rest, path );
+- if ( rest[restlen - 1] == '/' )
++ if ( restlen && rest[restlen - 1] == '/' )
+ rest[--restlen] = '\0'; /* trim trailing slash */
+ if ( ! tildemapped )
+ /* Remove any leading slashes. */