aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDan Fandrich <dan@coneharvesters.com>2009-02-05 00:13:40 +0000
committerDan Fandrich <dan@coneharvesters.com>2009-02-05 00:13:40 +0000
commit77da9a00871cbdbb624f9560f7fcd40fbeda046f (patch)
tree11527d02c666c283d7c1ab8b8cdd5251fbd5a49c
parent42d2353e741e386fb09bea29f4f0f2778db8a69d (diff)
Added an explicit buffer limit check in msdosify() (patch based on FreeBSD).
This couldn't ever overflow in curl, but might if the code were used elsewhere or under different conditions.
-rw-r--r--CHANGES4
-rw-r--r--src/main.c8
2 files changed, 9 insertions, 3 deletions
diff --git a/CHANGES b/CHANGES
index 5f2385180..bcf0229ee 100644
--- a/CHANGES
+++ b/CHANGES
@@ -10,6 +10,10 @@ Daniel Fandrich (4 Feb 2009)
- Don't add the standard /usr/lib or /usr/include paths to LDFLAGS and CPPFLAGS
(respectively) when --with-ssl=/usr is used (patch based on FreeBSD).
+- Added an explicit buffer limit check in msdosify() (patch based on FreeBSD).
+ This couldn't ever overflow in curl, but might if the code were used
+ elsewhere or under different conditions.
+
Daniel Stenberg (3 Feb 2009)
- Hidemoto Nakada provided a small fix that makes it possible to get the
CURLINFO_CONTENT_LENGTH_DOWNLOAD size from file:// "transfers" with
diff --git a/src/main.c b/src/main.c
index db2a1307b..16abdfb7b 100644
--- a/src/main.c
+++ b/src/main.c
@@ -5350,12 +5350,14 @@ static char *basename(char *path)
static const char *
msdosify (const char *file_name)
{
- static char dos_name[PATH_MAX*2];
- static const char illegal_chars_dos[] = ".+, ;=[]|<>\\\":?*";
+ static char dos_name[PATH_MAX];
+ static const char illegal_chars_dos[] = ".+, ;=[]" /* illegal in DOS */
+ "|<>\\\":?*"; /* illegal in DOS & W95 */
static const char *illegal_chars_w95 = &illegal_chars_dos[8];
int idx, dot_idx;
const char *s = file_name;
char *d = dos_name;
+ const char * const dlimit = dos_name + sizeof(dos_name) - 1;
const char *illegal_aliens = illegal_chars_dos;
size_t len = sizeof (illegal_chars_dos) - 1;
int lfn = 0;
@@ -5376,7 +5378,7 @@ msdosify (const char *file_name)
*d++ = *s++;
}
- for (idx = 0, dot_idx = -1; *s; s++, d++) {
+ for (idx = 0, dot_idx = -1; *s && d < dlimit; s++, d++) {
if (memchr (illegal_aliens, *s, len)) {
/* Dots are special: DOS doesn't allow them as the leading character,
and a file name cannot have more than a single dot. We leave the