fix off-by-one in handlerequest() for index files and check truncation - geomyidae - A small C-based gopherd.
HTML git clone git://bitreich.org/geomyidae/ git://enlrupgkhuxnvlhsf6lc3fziv5h2hhfrinws65d7roiv6bfj7d652fid.onion/geomyidae/
DIR Log
DIR Files
DIR Refs
DIR Tags
DIR README
DIR LICENSE
---
DIR commit b4c65d77c916d3b13ab4a1239cfb8b60d042ce6d
DIR parent 4c38a3cd677ac4ba3b61cac341ef1608508fc8d9
HTML Author: Hiltjo Posthuma <hiltjo@codemadness.org>
Date: Sun, 9 Jul 2017 20:09:33 +0200
fix off-by-one in handlerequest() for index files and check truncation
fix truncation so it prevents listing files even if it has an index
file.
Signed-off-by: Christoph Lohmann <20h@r-36.net>
Diffstat:
M main.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
---
DIR diff --git a/main.c b/main.c
@@ -161,7 +161,13 @@ handlerequest(int sock, char *base, char *ohost, char *port, char *clienth,
fd = -1;
if(stat(path, &dir) != -1 && S_ISDIR(dir.st_mode)) {
for(i = 0; i < sizeof(indexf)/sizeof(indexf)[0]; i++) {
- strncat(path, indexf[i], sizeof(path) - strlen(path));
+ if (strlen(path) + strlen(indexf[i]) >= sizeof(path)) {
+ if(loglvl & ERRORS)
+ logentry(clienth, clientp, recvc,
+ "path truncation occurred");
+ return;
+ }
+ strncat(path, indexf[i], sizeof(path) - strlen(path) - 1);
fd = open(path, O_RDONLY);
if(fd >= 0)
break;