openbsd-ports/www/junkbuster/patches/patch-encode_c
2010-05-24 22:17:03 +00:00

55 lines
1.4 KiB
Plaintext

$OpenBSD: patch-encode_c,v 1.4 2010/05/24 22:17:03 espie Exp $
--- encode.c.orig Sat Oct 31 04:58:47 1998
+++ encode.c Sat May 22 16:47:47 2010
@@ -24,6 +24,7 @@ url_encode(char **code_map, unsigned char *s)
char *buf;
unsigned char c, *p;
char *m;
+ int len;
static int one_shot = 1;
@@ -43,17 +44,17 @@ url_encode(char **code_map, unsigned char *s)
cookie_code_map[' '] = "+";
- sprintf(tmp, "%%%02X", ',');
+ snprintf(tmp, sizeof(tmp), "%%%02X", ',');
cookie_code_map[','] = strdup(tmp);
- sprintf(tmp, "%%%02X", ';');
+ snprintf(tmp, sizeof(tmp), "%%%02X", ';');
cookie_code_map[';'] = strdup(tmp);
/* for url's, we do full URL encoding. */
/* non-alphanumerics get turned into hex ... */
for(i=0; i < 256; i++) {
if(isalnum(i) == 0) {
- sprintf(tmp, "%%%02X", i);
+ snprintf(tmp, sizeof(tmp), "%%%02X", i);
url_code_map[i] = strdup(tmp);
}
}
@@ -78,14 +79,19 @@ url_encode(char **code_map, unsigned char *s)
}
/* each input char can expand to at most 6 chars */
- buf = zalloc((strlen((char *) s) + 1) * 6);
+ len = (strlen((char *) s) + 1) * 6;
+ if ((buf = zalloc(len)) == NULL) {
+ fprintf(stderr, "%s:%d malloc failed\n", __FILE__, __LINE__);
+ exit(-1);
+ }
for(p = (unsigned char *) buf; (c = *s); s++) {
if((m = code_map[c])) {
- strcpy((char *) p, m);
+ len -= strlcpy((char *) p, m, len);
p += strlen(m);
} else {
*p++ = c;
+ len--;
}
}