From d4d6716a52943a0483e1db352c60325a5c0c63a2 Mon Sep 17 00:00:00 2001 From: Michael Smith Date: Fri, 5 Apr 2002 09:28:26 +0000 Subject: [PATCH] Buffer overflows. Requires a change to the format plugin interface - jack: if you want this done differently, feel free to change it (or ask me to). svn path=/trunk/httpp/; revision=3219 --- httpp/httpp.c | 8 ++++++-- log/log.c | 4 +++- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/httpp/httpp.c b/httpp/httpp.c index 01f9762..b823046 100644 --- a/httpp/httpp.c +++ b/httpp/httpp.c @@ -3,6 +3,8 @@ ** http parsing engine */ +#include + #include #include #include @@ -15,6 +17,8 @@ #define strcasecmp stricmp #endif +#define MAX_HEADERS 32 + /* internal functions */ /* misc */ @@ -48,7 +52,7 @@ void httpp_initialize(http_parser_t *parser, http_varlist_t *defaults) int httpp_parse(http_parser_t *parser, char *http_data, unsigned long len) { char *data, *tmp; - char *line[32]; /* limited to 32 lines, should be more than enough */ + char *line[MAX_HEADERS]; /* limited to 32 lines, should be more than enough */ int i, l, retlen; int lines; char *req_type = NULL; @@ -73,7 +77,7 @@ int httpp_parse(http_parser_t *parser, char *http_data, unsigned long len) */ lines = 0; line[lines] = data; - for (i = 0; i < len; i++) { + for (i = 0; i < len && lines < MAX_HEADERS; i++) { if (data[i] == '\r') data[i] = '\0'; if (data[i] == '\n') { diff --git a/log/log.c b/log/log.c index 91e4980..e0e9184 100644 --- a/log/log.c +++ b/log/log.c @@ -35,7 +35,7 @@ typedef struct log_tag char *filename; FILE *logfile; - char *buffer; + char *buffer; } log_t; log_t loglist[LOG_MAXLOGS]; @@ -170,7 +170,9 @@ void log_write(int log_id, int priority, const char *cat, const char *fmt, ...) va_list ap; if (log_id < 0) return; + if (log_id > LOG_MAXLOGS) return; /* Bad log number */ if (loglist[log_id].level < priority) return; + if (priority > 4) return; /* Bad priority */ va_start(ap, fmt);