You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Dean Gaudet <dg...@arctic.org> on 1997/12/18 21:08:09 UTC

[PATCH] two bugs in mod_autoindex

"AddIconByType (TXT,/icons/text.gif text/*", note the missing closing
paren, does the wrong thing, and doesn't report an error.

Don't fread() without testing for errors. 

Dean

Index: modules/standard/mod_autoindex.c
===================================================================
RCS file: /export/home/cvs/apachen/src/modules/standard/mod_autoindex.c,v
retrieving revision 1.59
diff -u -r1.59 mod_autoindex.c
--- mod_autoindex.c	1997/12/18 19:55:17	1.59
+++ mod_autoindex.c	1997/12/18 20:03:08
@@ -186,8 +186,14 @@
     char *iconbak = pstrdup(cmd->pool, icon);
 
     if (icon[0] == '(') {
-	char *alt = getword_nc(cmd->pool, &iconbak, ',');
-	iconbak[strlen(iconbak) - 1] = '\0';	/* Lose closing paren */
+	char *alt;
+	char *cl = strchr(iconbak, ')');
+
+	if (cl == NULL) {
+	    return "missing closing paren";
+	}
+	alt = getword_nc(cmd->pool, &iconbak, ',');
+	*cl = '\0';				/* Lose closing paren */
 	add_alt(cmd, d, &alt[1], to);
     }
     if (cmd->info == BY_PATH)
@@ -612,6 +618,10 @@
 	if (!(thefile = pfopen(r->pool, r->filename, "r")))
 	         return NULL;
 	n = fread(titlebuf, sizeof(char), MAX_STRING_LEN - 1, thefile);
+	if (n <= 0) {
+	    pfclose(r->pool, thefile);
+	    return NULL;
+	}
 	titlebuf[n] = '\0';
 	for (x = 0, p = 0; titlebuf[x]; x++) {
 	    if (toupper(titlebuf[x]) == find[p]) {