diff options
| author | 2007-12-03 08:39:20 (JST) | |
|---|---|---|
| committer | 2007-12-03 08:39:20 (JST) | |
| commit | 2216fd6472fe183439df1a39c1c06974abc3f150 (patch) | |
| tree | 063180038252f9a7116bed384aab20717e4990e4 | |
| parent | 7b346647c9d8cc3b4acccecc3ede526dc4b2fb06 (diff) | |
| download | cgit-2216fd6472fe183439df1a39c1c06974abc3f150.zip cgit-2216fd6472fe183439df1a39c1c06974abc3f150.tar.gz | |
Compare string lengths when parsing the snapshot mask
We used to rely on the result from strncmp() without comparing the length of
the strings involved. Even worse, any single-character format specifier would
enable zip-format due to the optional '.'-prefix since the length of the
mask then would become zero.
Noticed-by: Evan Martin <sys@neugierig.org>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
| -rw-r--r-- | ui-snapshot.c | 7 | 
1 files changed, 4 insertions, 3 deletions
| diff --git a/ui-snapshot.c b/ui-snapshot.c index 4d1aa88..dfedd8f 100644 --- a/ui-snapshot.c +++ b/ui-snapshot.c | |||
| @@ -130,7 +130,7 @@ int cgit_parse_snapshots_mask(const char *str) | |||
| 130 | { | 130 | { | 
| 131 | const struct snapshot_archive_t* sat; | 131 | const struct snapshot_archive_t* sat; | 
| 132 | static const char *delim = " \t,:/|;"; | 132 | static const char *delim = " \t,:/|;"; | 
| 133 | int f, tl, rv = 0; | 133 | int f, tl, sl, rv = 0; | 
| 134 | 134 | ||
| 135 | /* favor legacy setting */ | 135 | /* favor legacy setting */ | 
| 136 | if(atoi(str)) | 136 | if(atoi(str)) | 
| @@ -142,8 +142,9 @@ int cgit_parse_snapshots_mask(const char *str) | |||
| 142 | break; | 142 | break; | 
| 143 | for(f=0; f<snapshot_archives_len; f++) { | 143 | for(f=0; f<snapshot_archives_len; f++) { | 
| 144 | sat = &snapshot_archives[f]; | 144 | sat = &snapshot_archives[f]; | 
| 145 | if(!(strncmp(sat->suffix, str, tl) && | 145 | sl = strlen(sat->suffix); | 
| 146 | strncmp(sat->suffix+1, str, tl-1))) { | 146 | if((tl == sl && !strncmp(sat->suffix, str, tl)) || | 
| 147 | (tl == sl-1 && !strncmp(sat->suffix+1, str, tl-1))) { | ||
| 147 | rv |= sat->bit; | 148 | rv |= sat->bit; | 
| 148 | break; | 149 | break; | 
| 149 | } | 150 | } | 
