You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nuttx.apache.org by xi...@apache.org on 2020/05/28 12:04:39 UTC
[incubator-nuttx-apps] 02/02: netlib_parsehttpurl: Fix pathlen check
This is an automated email from the ASF dual-hosted git repository.
xiaoxiang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-nuttx-apps.git
commit a49f951c8607ba30b779e5f10a1f27d3f03450a7
Author: YAMAMOTO Takashi <ya...@midokura.com>
AuthorDate: Thu May 28 17:24:54 2020 +0900
netlib_parsehttpurl: Fix pathlen check
---
netutils/netlib/netlib_parsehttpurl.c | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
diff --git a/netutils/netlib/netlib_parsehttpurl.c b/netutils/netlib/netlib_parsehttpurl.c
index f3235de..06039ac 100644
--- a/netutils/netlib/netlib_parsehttpurl.c
+++ b/netutils/netlib/netlib_parsehttpurl.c
@@ -68,6 +68,7 @@ int netlib_parsehttpurl(FAR const char *url, FAR uint16_t *port,
FAR char *dest;
int bytesleft;
int ret = OK;
+ size_t pathlen;
/* A valid HTTP URL must begin with http:// if it does not, we will assume
* that it is a file name only, but still return an error. wget() depends
@@ -154,7 +155,17 @@ int netlib_parsehttpurl(FAR const char *url, FAR uint16_t *port,
/* The copy the rest of the file name to the user buffer */
- strncpy(dest, src, bytesleft);
- filename[namelen-1] = '\0';
+ pathlen = strlen(src);
+ if (bytesleft >= pathlen + 1)
+ {
+ memcpy(dest, src, pathlen);
+ dest[pathlen] = '\0';
+ }
+ else
+ {
+ dest[0] = '\0';
+ ret = -E2BIG;
+ }
+
return ret;
}