c0be2e5be4
A problem in the handling of some types of remote files has been reported in mpg123. Because of this, it may be possible for a remote attacker to execute arbitrary code with the privileges of the mpg123 user. ok naddy@ jolan@
25 lines
580 B
Plaintext
25 lines
580 B
Plaintext
$OpenBSD: patch-httpget_c,v 1.1 2003/11/13 20:51:50 margarida Exp $
|
|
--- httpget.c.orig 2003-11-13 18:34:37.000000000 +0000
|
|
+++ httpget.c 2003-11-13 18:35:10.000000000 +0000
|
|
@@ -55,11 +55,10 @@ void readstring (char *string, int maxle
|
|
#endif
|
|
int pos = 0;
|
|
|
|
- while(1) {
|
|
+ while(pos < maxlen) {
|
|
if( read(fileno(f),string+pos,1) == 1) {
|
|
pos++;
|
|
if(string[pos-1] == '\n') {
|
|
- string[pos] = 0;
|
|
break;
|
|
}
|
|
}
|
|
@@ -68,6 +67,7 @@ void readstring (char *string, int maxle
|
|
exit(1);
|
|
}
|
|
}
|
|
+ string[pos] = 0;
|
|
#if 0
|
|
do {
|
|
result = fgets(string, maxlen, f);
|