diff -up apt-0.5.15lorg3.94pt/methods/http.cc.cve-2014-6273 apt-0.5.15lorg3.94pt/methods/http.cc
--- apt-0.5.15lorg3.94pt/methods/http.cc.cve-2014-6273 2009-02-24 11:46:07.000000000 +0100
+++ apt-0.5.15lorg3.94pt/methods/http.cc 2014-10-25 12:54:44.047060828 +0200
@@ -39,6 +39,7 @@
#include <errno.h>
#include <string.h>
#include <iostream>
+#include <sstream>
#include <algorithm>
#include <map>
@@ -64,6 +65,24 @@ unsigned long TimeOut = 120;
bool ChokePipe = true;
bool Debug = false;
+static string uintToString(unsigned n)
+{
+ ostringstream ostr;
+
+ ostr << n;
+
+ return ostr.str();
+}
+
+static string longToString(long n)
+{
+ ostringstream ostr;
+
+ ostr << n;
+
+ return ostr.str();
+}
+
// CircleBuf::CircleBuf - Circular input buffer /*{{{*/
// ---------------------------------------------------------------------
/* */
@@ -634,18 +653,14 @@ void HttpMethod::SendReq(FetchItem *Itm,
URI Uri = Itm->Uri;
// The HTTP server expects a hostname with a trailing :port
- char Buf[1000];
+ std::string Buf;
string ProperHost = Uri.Host;
if (Uri.Port != 0)
{
- sprintf(Buf,":%u",Uri.Port);
+ Buf = ":" + uintToString(Uri.Port);
ProperHost += Buf;
}
- // Just in case.
- if (Itm->Uri.length() >= sizeof(Buf))
- abort();
-
/* Build the request. We include a keep-alive header only for non-proxy
requests. This is to tweak old http/1.0 servers that do support keep-alive
but not HTTP/1.1 automatic keep-alive. Doing this with a proxy server
@@ -653,26 +668,29 @@ void HttpMethod::SendReq(FetchItem *Itm,
pass it on, HTTP/1.1 says the connection should default to keep alive
and we expect the proxy to do this */
if (Proxy.empty() == true)
- sprintf(Buf,"GET %s HTTP/1.1\r\nHost: %s\r\nConnection: keep-alive\r\n",
- QuoteString(Uri.Path,"~").c_str(),ProperHost.c_str());
+ {
+ Buf = "GET " + QuoteString(Uri.Path,"~") + " HTTP/1.1\r\nHost: " + ProperHost + "\r\nConnection: keep-alive\r\n";
+ }
else
{
/* Generate a cache control header if necessary. We place a max
cache age on index files, optionally set a no-cache directive
and a no-store directive for archives. */
- sprintf(Buf,"GET %s HTTP/1.1\r\nHost: %s\r\n",
- Itm->Uri.c_str(),ProperHost.c_str());
+ Buf ="GET " + Itm->Uri + " HTTP/1.1\r\nHost: " + ProperHost + "\r\n";
if (_config->FindB("Acquire::http::No-Cache",false) == true)
- strcat(Buf,"Cache-Control: no-cache\r\nPragma: no-cache\r\n");
+ Buf += "Cache-Control: no-cache\r\nPragma: no-cache\r\n";
else
{
if (Itm->IndexFile == true)
- sprintf(Buf+strlen(Buf),"Cache-Control: max-age=%u\r\n",
- _config->FindI("Acquire::http::Max-Age",60*60*24));
+ {
+ Buf += "Cache-Control: max-age=" + uintToString( _config->FindI("Acquire::http::Max-Age",60*60*24)) + "\r\n";
+ }
else
{
if (_config->FindB("Acquire::http::No-Store",false) == true)
- strcat(Buf,"Cache-Control: no-store\r\n");
+ {
+ Buf += "Cache-Control: no-store\r\n";
+ }
}
}
}
@@ -684,15 +702,14 @@ void HttpMethod::SendReq(FetchItem *Itm,
if (stat(Itm->DestFile.c_str(),&SBuf) >= 0 && SBuf.st_size > 0)
{
// In this case we send an if-range query with a range header
- sprintf(Buf,"Range: bytes=%li-\r\nIf-Range: %s\r\n",(long)SBuf.st_size - 1,
- TimeRFC1123(SBuf.st_mtime).c_str());
+ Buf = "Range: bytes=" + longToString((long)SBuf.st_size - 1) + "-\r\nIf-Range: " + TimeRFC1123(SBuf.st_mtime) + "\r\n";
Req += Buf;
}
else
{
if (Itm->LastModified != 0)
{
- sprintf(Buf,"If-Modified-Since: %s\r\n",TimeRFC1123(Itm->LastModified).c_str());
+ Buf = "If-Modified-Since: " + TimeRFC1123(Itm->LastModified) + "\r\n";
Req += Buf;
}
}
