aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/formdata.c12
1 files changed, 10 insertions, 2 deletions
diff --git a/lib/formdata.c b/lib/formdata.c
index 41629cc75..06281f422 100644
--- a/lib/formdata.c
+++ b/lib/formdata.c
@@ -102,7 +102,7 @@ int FormParse(char *input,
/* nextarg MUST be a string in the format 'name=contents' and we'll
build a linked list with the info */
char name[256];
- char contents[4096]="";
+ char *contents;
char major[128];
char minor[128];
long flags = 0;
@@ -115,7 +115,12 @@ int FormParse(char *input,
struct HttpPost *subpost; /* a sub-node */
unsigned int i;
- if(1 <= sscanf(input, "%255[^=]=%4095[^\n]", name, contents)) {
+ /* Preallocate contents to the length of input to make sure we don't
+ overwrite anything. */
+ contents = malloc(strlen(input));
+ contents[0] = '\000';
+
+ if(1 <= sscanf(input, "%255[^=]=%[^\n]", name, contents)) {
/* the input was using the correct format */
contp = contents;
@@ -156,6 +161,7 @@ int FormParse(char *input,
if(2 != sscanf(type, "%127[^/]/%127[^,\n]",
major, minor)) {
fprintf(stderr, "Illegally formatted content-type field!\n");
+ free(contents);
return 2; /* illegal content-type syntax! */
}
/* now point beyond the content-type specifier */
@@ -287,8 +293,10 @@ int FormParse(char *input,
}
else {
fprintf(stderr, "Illegally formatted input field!\n");
+ free(contents);
return 1;
}
+ free(contents);
return 0;
}