From 2216fd6472fe183439df1a39c1c06974abc3f150 Mon Sep 17 00:00:00 2001
From: Lars Hjemli <hjemli@gmail.com>
Date: Mon, 3 Dec 2007 00:39:20 +0100
Subject: Compare string lengths when parsing the snapshot mask

We used to rely on the result from strncmp() without comparing the length of
the strings involved. Even worse, any single-character format specifier would
enable zip-format due to the optional '.'-prefix since the length of the
mask then would become zero.

Noticed-by: Evan Martin <sys@neugierig.org>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>

diff --git a/ui-snapshot.c b/ui-snapshot.c
index 4d1aa88..dfedd8f 100644
--- a/ui-snapshot.c
+++ b/ui-snapshot.c
@@ -130,7 +130,7 @@ int cgit_parse_snapshots_mask(const char *str)
 {
 	const struct snapshot_archive_t* sat;
 	static const char *delim = " \t,:/|;";
-	int f, tl, rv = 0;
+	int f, tl, sl, rv = 0;
 
 	/* favor legacy setting */
 	if(atoi(str))
@@ -142,8 +142,9 @@ int cgit_parse_snapshots_mask(const char *str)
 			break;
 		for(f=0; f<snapshot_archives_len; f++) {
 			sat = &snapshot_archives[f];
-			if(!(strncmp(sat->suffix, str, tl) &&
-			     strncmp(sat->suffix+1, str, tl-1))) {
+			sl = strlen(sat->suffix);
+			if((tl == sl && !strncmp(sat->suffix, str, tl)) ||
+			   (tl == sl-1 && !strncmp(sat->suffix+1, str, tl-1))) {
 				rv |= sat->bit;
 				break;
 			}
-- 
cgit v0.10.1