Ticket #89 (closed defect: fixed)
Memory buffer overflow
| Reported by: | Knut Landmark | Owned by: | |
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | zoo-kernel | Version: | |
| Keywords: | Cc: |
Description
The following code in service_internal.c (from line 2006, revision 456) generates errors (on Windows 7 platform) due to insufficient memory allocation (malloc needs to allocate bytes for the forward slash characters in the URLs, lines 2007 and 2010).
if(strncasecmp(tmp2->value,"http://",7)==0){
file_url=(char*)malloc((strlen(tmp2->value)+strlen(file_name))*sizeof(char));
sprintf(file_url,"%s/%s",tmp2->value,file_name);
}else{
file_url=(char*)malloc((strlen(tmp3->value)+strlen(tmp2->value)+strlen(file_name))*sizeof(char));
sprintf(file_url,"%s/%s/%s",tmp3->value,tmp2->value,file_name);
}
Possibly, the if statement should also be modified to take into account the https protocol.
Change History
Note: See
TracTickets for help on using
tickets.
