summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGravatar Adam Chlipala <adamc@hcoop.net>2009-05-12 20:15:11 -0400
committerGravatar Adam Chlipala <adamc@hcoop.net>2009-05-12 20:15:11 -0400
commit8c48972ebbb4fa43af6dee99b79648fe1546d867 (patch)
tree1608cc110ac8aad6730dbe1e2199d6605483102d
parentb0eb28d7ea4eb75efce79ab7493b9e21842b80b4 (diff)
Stop potential buffer overrun of path_copy
-rw-r--r--src/c/driver.c10
1 files changed, 9 insertions, 1 deletions
diff --git a/src/c/driver.c b/src/c/driver.c
index 2f84184f..af3e73a3 100644
--- a/src/c/driver.c
+++ b/src/c/driver.c
@@ -150,6 +150,8 @@ static void *worker(void *data) {
uw_context ctx = new_context();
size_t buf_size = 2;
char *buf = malloc(buf_size);
+ size_t path_copy_size = 0;
+ char *path_copy = malloc(path_copy_size);
while (1) {
char *back = buf, *s, *post;
@@ -197,7 +199,7 @@ static void *worker(void *data) {
int is_post = 0, do_normal_send = 1;
char *boundary = NULL;
size_t boundary_len;
- char *cmd, *path, *headers, path_copy[uw_bufsize+1], *inputs, *after_headers;
+ char *cmd, *path, *headers, *inputs, *after_headers;
//printf("All: %s\n", buf);
@@ -435,8 +437,14 @@ static void *worker(void *data) {
printf("Serving URI %s....\n", path);
while (1) {
+ size_t path_len = strlen(path);
+
uw_write_header(ctx, "HTTP/1.1 200 OK\r\n");
+ if (path_len + 1 > path_copy_size) {
+ path_copy_size = path_len + 1;
+ path_copy = realloc(path_copy, path_copy_size);
+ }
strcpy(path_copy, path);
fk = uw_begin(ctx, path_copy);
if (fk == SUCCESS || fk == RETURN_BLOB) {