This is the mail archive of the cygwin-apps@cygwin.com mailing list for the Cygwin project.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
Resending with a better subject this time. Oh, and "ping". Igor ---------- Forwarded message ---------- Date: Thu, 17 Apr 2003 10:08:16 -0400 (EDT) From: Igor Pechtchanski <pechtcha at cs dot nyu dot edu> Reply-To: cygwin-apps at cygwin dot com To: Max Bowsher <maxb at ukf dot net> Cc: cygwin-apps at cygwin dot com Subject: Re: New bug added to README On Thu, 17 Apr 2003, Max Bowsher wrote: > maxb wrote: > > CVSROOT: /cvs/cygwin-apps > > Module name: setup > > Changes by: maxb 2003-04-17 08:41:41 > > > > Log message: > > New bug in TODO: > > > > * Audit rfc1738 code for bad memory/string handling. Example: Crash occurs > > if rfc1738 encoded dirname is truncated in the middle of a %xx sequence. > > Suggesting this be considered for Release Blocker status. > Max. Yup, there's a bug all-right: rfc1738.cc, in rfc1738_unescape() [line 201]: for (i = j = 0; s[j]; i++, j++) { s[i] = s[j]; if (s[i] != '%') continue; if (s[j + 1] == '%') { /* %% case */ j++; continue; } > if (s[j + 1] && s[j + 2]) It will crash in the line above, since it overruns the buffer (by 2). I'm attaching a patch. Perhaps the squid people should also be notified. Igor ============================================================================== ChangeLog: 2003-04-17 Igor Pechtchanski <pechtcha at cs dot nyu dot edu> * rfc1738.cc (rfc1738_unescape): Handle incomplete escape. -- http://cs.nyu.edu/~pechtcha/ |\ _,,,---,,_ pechtcha at cs dot nyu dot edu ZZZzz /,`.-'`' -. ;-;;,_ igor at watson dot ibm dot com |,4- ) )-,_. ,\ ( `'-' Igor Pechtchanski '---''(_/--' `-'\_) fL a.k.a JaguaR-R-R-r-r-r-.-.-. Meow! Knowledge is an unending adventure at the edge of uncertainty. -- Leto II
Attachment:
setup-rfc1738-fix.patch
Description: Text document
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |