diff options
Diffstat (limited to 'network/thttpd/patches/2.25b/fix-buffer-overflow.diff')
-rw-r--r-- | network/thttpd/patches/2.25b/fix-buffer-overflow.diff | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/network/thttpd/patches/2.25b/fix-buffer-overflow.diff b/network/thttpd/patches/2.25b/fix-buffer-overflow.diff new file mode 100644 index 0000000000..cacd732148 --- /dev/null +++ b/network/thttpd/patches/2.25b/fix-buffer-overflow.diff @@ -0,0 +1,21 @@ +diff -Nrup thttpd-2.25b.orig/libhttpd.c thttpd-2.25b/libhttpd.c +--- thttpd-2.25b.orig/libhttpd.c 2003-12-25 19:06:05.000000000 +0000 ++++ thttpd-2.25b/libhttpd.c 2007-01-08 21:43:28.000000000 +0000 +@@ -1469,7 +1469,7 @@ expand_symlinks( char* path, char** rest + httpd_realloc_str( &checked, &maxchecked, checkedlen ); + (void) strcpy( checked, path ); + /* Trim trailing slashes. */ +- while ( checked[checkedlen - 1] == '/' ) ++ while ( checkedlen && checked[checkedlen - 1] == '/' ) + { + checked[checkedlen - 1] = '\0'; + --checkedlen; +@@ -1488,7 +1488,7 @@ expand_symlinks( char* path, char** rest + restlen = strlen( path ); + httpd_realloc_str( &rest, &maxrest, restlen ); + (void) strcpy( rest, path ); +- if ( rest[restlen - 1] == '/' ) ++ if ( restlen && rest[restlen - 1] == '/' ) + rest[--restlen] = '\0'; /* trim trailing slash */ + if ( ! tildemapped ) + /* Remove any leading slashes. */ |