8e816f0352
From Kenneth J. Hendrickson <Kenneth.Hendrickson@Home.com>, PR #2285. * md5 -> distinfo * Remove a SECURITY file that doesn't document any security issues.
55 lines
1.4 KiB
Plaintext
55 lines
1.4 KiB
Plaintext
$OpenBSD: patch-encode_c,v 1.3 2002/01/20 23:26:07 naddy Exp $
|
|
--- encode.c.orig Fri Oct 30 22:58:47 1998
|
|
+++ encode.c Fri Jun 8 22:23:38 2001
|
|
@@ -24,6 +24,7 @@ url_encode(char **code_map, unsigned cha
|
|
char *buf;
|
|
unsigned char c, *p;
|
|
char *m;
|
|
+ int len;
|
|
|
|
static int one_shot = 1;
|
|
|
|
@@ -43,17 +44,17 @@ url_encode(char **code_map, unsigned cha
|
|
|
|
cookie_code_map[' '] = "+";
|
|
|
|
- sprintf(tmp, "%%%02X", ',');
|
|
+ snprintf(tmp, sizeof(tmp), "%%%02X", ',');
|
|
cookie_code_map[','] = strdup(tmp);
|
|
|
|
- sprintf(tmp, "%%%02X", ';');
|
|
+ snprintf(tmp, sizeof(tmp), "%%%02X", ';');
|
|
cookie_code_map[';'] = strdup(tmp);
|
|
|
|
/* for url's, we do full URL encoding. */
|
|
/* non-alphanumerics get turned into hex ... */
|
|
for(i=0; i < 256; i++) {
|
|
if(isalnum(i) == 0) {
|
|
- sprintf(tmp, "%%%02X", i);
|
|
+ snprintf(tmp, sizeof(tmp), "%%%02X", i);
|
|
url_code_map[i] = strdup(tmp);
|
|
}
|
|
}
|
|
@@ -78,14 +79,19 @@ url_encode(char **code_map, unsigned cha
|
|
}
|
|
|
|
/* each input char can expand to at most 6 chars */
|
|
- buf = zalloc((strlen((char *) s) + 1) * 6);
|
|
+ len = (strlen((char *) s) + 1) * 6;
|
|
+ if ((buf = zalloc(len)) == NULL) {
|
|
+ fprintf(stderr, "%s:%d malloc failed\n", __FILE__, __LINE__);
|
|
+ exit(-1);
|
|
+ }
|
|
|
|
for(p = (unsigned char *) buf; (c = *s); s++) {
|
|
if((m = code_map[c])) {
|
|
- strcpy((char *) p, m);
|
|
+ len -= strlcpy((char *) p, m, len);
|
|
p += strlen(m);
|
|
} else {
|
|
*p++ = c;
|
|
+ len--;
|
|
}
|
|
}
|
|
|