Buffer overflows.

Requires a change to the format plugin interface - jack: if you want this done differently, feel free to change it (or ask me to). svn path=/trunk/httpp/; revision=3219
2024-12-04 14:46:31 -05:00 · 2002-04-05 09:28:26 +00:00 · 2002-04-05 09:28:26 +00:00 · d4d6716a52
commit d4d6716a52
parent 366d560cde
2 changed files with 9 additions and 3 deletions
--- a/httpp/httpp.c
+++ b/httpp/httpp.c
@ -3,6 +3,8 @@
 ** http parsing engine
 */

+#include <stdio.h>
+
 #include <stdlib.h>
 #include <string.h>
 #include <ctype.h>
@ -15,6 +17,8 @@
 #define strcasecmp stricmp
 #endif

+#define MAX_HEADERS 32
+
 /* internal functions */

 /* misc */
@ -48,7 +52,7 @@ void httpp_initialize(http_parser_t *parser, http_varlist_t *defaults)
 int httpp_parse(http_parser_t *parser, char *http_data, unsigned long len)
 {
 	char *data, *tmp;
-	char *line[32]; /* limited to 32 lines, should be more than enough */
+	char *line[MAX_HEADERS]; /* limited to 32 lines, should be more than enough */
 	int i, l, retlen;
 	int lines;
 	char *req_type = NULL;
@ -73,7 +77,7 @@ int httpp_parse(http_parser_t *parser, char *http_data, unsigned long len)
 	*/
 	lines = 0;
 	line[lines] = data;
-	for (i = 0; i < len; i++) {
+	for (i = 0; i < len && lines < MAX_HEADERS; i++) {
 		if (data[i] == '\r')
 			data[i] = '\0';
 		if (data[i] == '\n') {
--- a/log/log.c
+++ b/log/log.c
@ -35,7 +35,7 @@ typedef struct log_tag
 	char *filename;
 	FILE *logfile;
 	
-        char *buffer;
+    char *buffer;
 } log_t;

 log_t loglist[LOG_MAXLOGS];
@ -170,7 +170,9 @@ void log_write(int log_id, int priority, const char *cat, const char *fmt, ...)
 	va_list ap;

 	if (log_id < 0) return;
+    if (log_id > LOG_MAXLOGS) return; /* Bad log number */
 	if (loglist[log_id].level < priority) return;
+    if (priority > 4) return; /* Bad priority */


 	va_start(ap, fmt);