You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@apr.apache.org by br...@apache.org on 2002/06/12 03:42:36 UTC
cvs commit: apr/file_io/unix filepath.c
brianp 2002/06/11 18:42:35
Modified: file_io/unix filepath.c
Log:
More conservative buffer overflow checking code for
apr_filepath_merge(): fail immediately if the sum of
the rootpath and addpath lengths is too long, rather
than letting long strings pass through and checking
for overflow at multiple points throughout the merge
code.
Revision Changes Path
1.15 +1 -12 apr/file_io/unix/filepath.c
Index: filepath.c
===================================================================
RCS file: /home/cvs/apr/file_io/unix/filepath.c,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- filepath.c 17 Mar 2002 03:24:15 -0000 1.14
+++ filepath.c 12 Jun 2002 01:42:35 -0000 1.15
@@ -189,10 +189,7 @@
* root, and at end, plus trailing
* null */
if (maxlen > APR_PATH_MAX) {
- if (rootlen >= APR_PATH_MAX) {
- return APR_ENAMETOOLONG;
- }
- maxlen = APR_PATH_MAX;
+ return APR_ENAMETOOLONG;
}
path = (char *)apr_palloc(p, maxlen);
@@ -223,8 +220,6 @@
/* Always '/' terminate the given root path
*/
if (keptlen && path[keptlen - 1] != '/') {
- if (keptlen + 1 >= maxlen)
- return APR_ENAMETOOLONG;
path[keptlen++] = '/';
}
pathlen = keptlen;
@@ -271,9 +266,6 @@
/* Otherwise append another backpath.
*/
- if (pathlen + 3 >= maxlen ) {
- return APR_ENAMETOOLONG;
- }
memcpy(path + pathlen, "../", 3);
pathlen += 3;
}
@@ -303,9 +295,6 @@
*/
if (*next) {
seglen++;
- }
- if (pathlen + seglen >= maxlen) {
- return APR_ENAMETOOLONG;
}
memcpy(path + pathlen, addpath, seglen);
pathlen += seglen;