Sophie

Sophie

distrib > Mandriva > 10.0 > i586 > by-pkgid > aac5caea35b977d84011c51d9b7fe7f7 > files > 1

libxml-1.8.17-6.1.100mdk.src.rpm

--- libxml-1.8.17.orig/nanoftp.c
+++ libxml-1.8.17/nanoftp.c
@@ -65,6 +65,8 @@
 #define FTP_GET_PASSWD		331
 #define FTP_BUF_SIZE		512
 
+#define XML_NANO_MAX_URLBUF	4096
+
 typedef struct xmlNanoFTPCtxt {
     char *protocol;	/* the protocol name */
     char *hostname;	/* the host name */
@@ -203,7 +205,7 @@
 xmlNanoFTPScanURL(void *ctx, const char *URL) {
     xmlNanoFTPCtxtPtr ctxt = (xmlNanoFTPCtxtPtr) ctx;
     const char *cur = URL;
-    char buf[4096];
+    char buf[XML_NANO_MAX_URLBUF];
     int index = 0;
     int port = 0;
 
@@ -221,7 +223,7 @@
     }
     if (URL == NULL) return;
     buf[index] = 0;
-    while (*cur != 0) {
+    while ((*cur != 0) && (index < XML_NANO_MAX_URLBUF - 1)) {
         if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) {
 	    buf[index] = 0;
 	    ctxt->protocol = xmlMemStrdup(buf);
@@ -234,7 +236,7 @@
     if (*cur == 0) return;
 
     buf[index] = 0;
-    while (1) {
+    while (index < XML_NANO_MAX_URLBUF - 1) {
         if (cur[0] == ':') {
 	    buf[index] = 0;
 	    ctxt->hostname = xmlMemStrdup(buf);
@@ -263,7 +265,7 @@
     else {
         index = 0;
         buf[index] = 0;
-	while (*cur != 0)
+	while ((*cur != 0) && (index < XML_NANO_MAX_URLBUF-1))
 	    buf[index++] = *cur++;
 	buf[index] = 0;
 	ctxt->path = xmlMemStrdup(buf);
@@ -288,7 +290,7 @@
 xmlNanoFTPUpdateURL(void *ctx, const char *URL) {
     xmlNanoFTPCtxtPtr ctxt = (xmlNanoFTPCtxtPtr) ctx;
     const char *cur = URL;
-    char buf[4096];
+    char buf[XML_NANO_MAX_URLBUF];
     int index = 0;
     int port = 0;
 
@@ -301,7 +303,7 @@
     if (ctxt->hostname == NULL)
 	return(-1);
     buf[index] = 0;
-    while (*cur != 0) {
+    while ((*cur != 0) && (index < XML_NANO_MAX_URLBUF-1)) {
         if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) {
 	    buf[index] = 0;
 	    if (strcmp(ctxt->protocol, buf))
@@ -353,7 +355,7 @@
     else {
         index = 0;
         buf[index] = 0;
-	while (*cur != 0)
+	while ((*cur != 0) && (index < XML_NANO_MAX_URLBUF-1))
 	    buf[index++] = *cur++;
 	buf[index] = 0;
 	ctxt->path = xmlMemStrdup(buf);
@@ -374,7 +376,7 @@
 void
 xmlNanoFTPScanProxy(const char *URL) {
     const char *cur = URL;
-    char buf[4096];
+    char buf[XML_NANO_MAX_URLBUF];
     int index = 0;
     int port = 0;
 
@@ -393,7 +395,7 @@
 #endif
     if (URL == NULL) return;
     buf[index] = 0;
-    while (*cur != 0) {
+    while ((*cur != 0) && (index < XML_NANO_MAX_URLBUF-1)) {
         if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) {
 	    buf[index] = 0;
 	    index = 0;
@@ -828,6 +830,11 @@
     if (hp == NULL)
         return(-1);
 
+    if ((unsigned int) hp->h_length >
+	sizeof(((struct sockaddr_in *)&ctxt->ftpAddr)->sin_addr)) {
+	return (-1);
+    }
+
     /*
      * Prepare the socket
      */

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional