diff -up apt-0.5.15lorg3.94pt/methods/http.cc.cve-2014-6273 apt-0.5.15lorg3.94pt/methods/http.cc --- apt-0.5.15lorg3.94pt/methods/http.cc.cve-2014-6273 2009-02-24 11:46:07.000000000 +0100 +++ apt-0.5.15lorg3.94pt/methods/http.cc 2014-10-25 12:54:44.047060828 +0200 @@ -39,6 +39,7 @@ #include <errno.h> #include <string.h> #include <iostream> +#include <sstream> #include <algorithm> #include <map> @@ -64,6 +65,24 @@ unsigned long TimeOut = 120; bool ChokePipe = true; bool Debug = false; +static string uintToString(unsigned n) +{ + ostringstream ostr; + + ostr << n; + + return ostr.str(); +} + +static string longToString(long n) +{ + ostringstream ostr; + + ostr << n; + + return ostr.str(); +} + // CircleBuf::CircleBuf - Circular input buffer /*{{{*/ // --------------------------------------------------------------------- /* */ @@ -634,18 +653,14 @@ void HttpMethod::SendReq(FetchItem *Itm, URI Uri = Itm->Uri; // The HTTP server expects a hostname with a trailing :port - char Buf[1000]; + std::string Buf; string ProperHost = Uri.Host; if (Uri.Port != 0) { - sprintf(Buf,":%u",Uri.Port); + Buf = ":" + uintToString(Uri.Port); ProperHost += Buf; } - // Just in case. - if (Itm->Uri.length() >= sizeof(Buf)) - abort(); - /* Build the request. We include a keep-alive header only for non-proxy requests. This is to tweak old http/1.0 servers that do support keep-alive but not HTTP/1.1 automatic keep-alive. Doing this with a proxy server @@ -653,26 +668,29 @@ void HttpMethod::SendReq(FetchItem *Itm, pass it on, HTTP/1.1 says the connection should default to keep alive and we expect the proxy to do this */ if (Proxy.empty() == true) - sprintf(Buf,"GET %s HTTP/1.1\r\nHost: %s\r\nConnection: keep-alive\r\n", - QuoteString(Uri.Path,"~").c_str(),ProperHost.c_str()); + { + Buf = "GET " + QuoteString(Uri.Path,"~") + " HTTP/1.1\r\nHost: " + ProperHost + "\r\nConnection: keep-alive\r\n"; + } else { /* Generate a cache control header if necessary. We place a max cache age on index files, optionally set a no-cache directive and a no-store directive for archives. */ - sprintf(Buf,"GET %s HTTP/1.1\r\nHost: %s\r\n", - Itm->Uri.c_str(),ProperHost.c_str()); + Buf ="GET " + Itm->Uri + " HTTP/1.1\r\nHost: " + ProperHost + "\r\n"; if (_config->FindB("Acquire::http::No-Cache",false) == true) - strcat(Buf,"Cache-Control: no-cache\r\nPragma: no-cache\r\n"); + Buf += "Cache-Control: no-cache\r\nPragma: no-cache\r\n"; else { if (Itm->IndexFile == true) - sprintf(Buf+strlen(Buf),"Cache-Control: max-age=%u\r\n", - _config->FindI("Acquire::http::Max-Age",60*60*24)); + { + Buf += "Cache-Control: max-age=" + uintToString( _config->FindI("Acquire::http::Max-Age",60*60*24)) + "\r\n"; + } else { if (_config->FindB("Acquire::http::No-Store",false) == true) - strcat(Buf,"Cache-Control: no-store\r\n"); + { + Buf += "Cache-Control: no-store\r\n"; + } } } } @@ -684,15 +702,14 @@ void HttpMethod::SendReq(FetchItem *Itm, if (stat(Itm->DestFile.c_str(),&SBuf) >= 0 && SBuf.st_size > 0) { // In this case we send an if-range query with a range header - sprintf(Buf,"Range: bytes=%li-\r\nIf-Range: %s\r\n",(long)SBuf.st_size - 1, - TimeRFC1123(SBuf.st_mtime).c_str()); + Buf = "Range: bytes=" + longToString((long)SBuf.st_size - 1) + "-\r\nIf-Range: " + TimeRFC1123(SBuf.st_mtime) + "\r\n"; Req += Buf; } else { if (Itm->LastModified != 0) { - sprintf(Buf,"If-Modified-Since: %s\r\n",TimeRFC1123(Itm->LastModified).c_str()); + Buf = "If-Modified-Since: " + TimeRFC1123(Itm->LastModified) + "\r\n"; Req += Buf; } }