Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 87221 Details for
Bug 133988
media-sound/mpg123-0.59s-r9 heap overflow
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
separate patch on top of 103_all_CAN-2004-0982.patch
mpg123-gentoo-httpget-purl.diff (text/plain), 1.41 KB, created by
Horst Schirmeier
on 2006-05-21 18:04:52 UTC
(
hide
)
Description:
separate patch on top of 103_all_CAN-2004-0982.patch
Filename:
MIME Type:
Creator:
Horst Schirmeier
Created:
2006-05-21 18:04:52 UTC
Size:
1.41 KB
patch
obsolete
>--- mpg123-gentoo/httpget.c 2006-05-22 02:42:11.000000000 +0200 >+++ mpg123-myfix/httpget.c 2006-05-22 02:45:59.000000000 +0200 >@@ -231,7 +231,7 @@ char *httpauth1 = NULL; > int http_open (char *url) > { > char *purl, *host, *request, *sptr; >- unsigned int linelength, linelengthbase; >+ unsigned int linelength, linelengthbase, purl_length; > unsigned long myip; > unsigned char *myport; > int sock; >@@ -275,8 +275,14 @@ int http_open (char *url) > exit(1); > } > >- /* The length of purl is upper bound by 3*strlen(url) + 1 if everything in it is a space */ >- purl = (char *)malloc(sizeof(char) * (strlen(url)*3 + 1)); >+ /* >+ * The length of purl is upper bound by 3*strlen(url) + 1 if everything >+ * in it is a space. For HTTP redirections, we need something longer; >+ * 1024 bytes were arbitrarily chosen. >+ */ >+ purl_length = strlen(url) * 3 + 1; >+ if (purl_length < 1024) purl_length = 1024; >+ purl = (char *)malloc(sizeof(char) * purl_length); > if (!purl) { > fprintf (stderr, "malloc() failed, out of memory.\n"); > exit (1); >@@ -479,8 +485,10 @@ fail: > } > do { > readstring (request, linelength-1, myfile); >- if (!strncmp(request, "Location:", 9)) >- strncpy (purl, request+10, 1023); >+ if (!strncmp(request, "Location:", 9)) { >+ strncpy (purl, request+10, purl_length); >+ purl[purl_length - 1] = 0; >+ } > } while (request[0] != '\r' && request[0] != '\n'); > > free(request);
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 133988
:
87220
| 87221