Re: [Bug-wget] one strlen on loop

bug-wget

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] one strlen on loop

From:	Tim Rühsen
Subject:	Re: [Bug-wget] one strlen on loop
Date:	Wed, 25 Oct 2017 09:45:53 +0200
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0

On 10/25/2017 01:10 AM, Rodgger Bruno wrote:
> right?

Not quite

>> And there seems to be two buffer underflow issues in the old code.
>> Please consider fixing it as well:
>>
>>>      if (!c_strncasecmp((tok + (tok_len - 4)), ".DIR", 4))
>>
>>>      else if (!c_strncasecmp ((tok + (tok_len - 6)), ".DIR;1", 6))
>>
>> Should be like
>>
>>>      if ((tok_len >= 4) && !c_strncasecmp((tok + (tok_len - 4)),
>> ".DIR", 4))
>>
>>>      else if ((tok_len >= 6) && !c_strncasecmp ((tok + (tok_len - 6)),
>> ".DIR;1", 6))

You new patch is

+      if (tok_len <= 4 && c_strncasecmp((tok + (tok_len - 4)), ".DIR", 4))

+      else if (tok_len <= 6 && c_strncasecmp ((tok + (tok_len - 6)),
".DIR;1", 6))

You want to check that tok_len is *great* enough, else you might get a
buffer underflow in c_strncasecmp. The logic now is the opposite of what
you want.

Regards, Tim

signature.asc
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug-wget] one strlen on loop, Rodgger Bruno, 2017/10/22
- Re: [Bug-wget] one strlen on loop, Tim Rühsen, 2017/10/23
  - Re: [Bug-wget] one strlen on loop, Rodgger Bruno, 2017/10/24
    - Re: [Bug-wget] one strlen on loop, Tim Rühsen <=

Prev by Date: Re: [Bug-wget] one strlen on loop
Next by Date: [Bug-wget] Patch: Avoid unnecessary UTF-8 encoded fallback
Previous by thread: Re: [Bug-wget] one strlen on loop
Next by thread: [Bug-wget] Patch: Avoid unnecessary UTF-8 encoded fallback
Index(es):
- Date
- Thread