You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by "William A. Rowe, Jr." <wr...@lnd.com> on 2000/06/23 09:07:47 UTC
[Patch - 2 for 1.3.13] RE: IBM HTTP SERVER / APACHE (fwd)
Ok...
I'm satified that Allen filled the major hole in Win32. I have
a suggestion for a supplimental patch to avoid falling in it
again elsewhere.
Index: util_win32.c
===================================================================
RCS file: /home/cvs/apache-1.3/src/os/win32/util_win32.c,v
retrieving revision 1.35
diff -u -u -5 -r1.35 util_win32.c
--- util_win32.c 2000/06/22 22:57:31 1.35
+++ util_win32.c 2000/06/23 06:47:47
@@ -286,30 +286,33 @@
#undef stat
API_EXPORT(int) os_stat(const char *szPath, struct stat *pStat)
{
int n;
+ int len = strlen(szPath);
- if (strlen(szPath) == 0) {
+ if ((len == 0) || (len >= MAX_PATH)) {
return -1;
}
if (szPath[0] == '/' && szPath[1] == '/') {
char buf[_MAX_PATH];
char *s;
int nSlashes = 0;
- ap_assert(strlen(szPath) < _MAX_PATH);
strcpy(buf, szPath);
for (s = buf; *s; ++s) {
if (*s == '/') {
*s = '\\';
++nSlashes;
}
}
/* then we need to add one more to get \\machine\share\ */
if (nSlashes == 3) {
+ if (++len >= MAX_PATH) {
+ return -1;
+ }
*s++ = '\\';
}
*s = '\0';
return stat(buf, pStat);
}
I really don't know that the last bit (3 lines) are appropriate,
but if you have any thoughts please voice them.