crtxcr/cgitsb
1
0
Forka 0
Codice Problemi Pull Requests Rilasci Wiki Attività

Compare string lengths when parsing the snapshot mask

Sfoglia il codice sorgente 
We used to rely on the result from strncmp() without comparing the length of
the strings involved. Even worse, any single-character format specifier would
enable zip-format due to the optional '.'-prefix since the length of the
mask then would become zero.

Noticed-by: Evan Martin <sys@neugierig.org>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
This commit is contained in:
Lars Hjemli
2007-12-03 00:39:20 +01:00
parent 7b346647c9
commit 2216fd6472
1 ha cambiato i file con 4 aggiunte e 3 eliminazioni
Scarica il file Patch Scarica il file Diff Expand all files Collapse all files

7
ui-snapshot.c
Vedi File

@@ -130,7 +130,7 @@ int cgit_parse_snapshots_mask(const char *str)
{
const struct snapshot_archive_t* sat;
static const char *delim = " \t,:/|;";
int f, tl, rv = 0;
int f, tl, sl, rv = 0;
/* favor legacy setting */
if(atoi(str))
@@ -142,8 +142,9 @@ int cgit_parse_snapshots_mask(const char *str)
break;
for(f=0; f<snapshot_archives_len; f++) {
sat = &snapshot_archives[f];
if(!(strncmp(sat->suffix, str, tl) &&
strncmp(sat->suffix+1, str, tl-1))) {
sl = strlen(sat->suffix);
if((tl == sl && !strncmp(sat->suffix, str, tl)) ||
(tl == sl-1 && !strncmp(sat->suffix+1, str, tl-1))) {
rv |= sat->bit;
break;
}