Compare string lengths when parsing the snapshot mask
We used to rely on the result from strncmp() without comparing the length of the strings involved. Even worse, any single-character format specifier would enable zip-format due to the optional '.'-prefix since the length of the mask then would become zero. Noticed-by: Evan Martin <sys@neugierig.org> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
This commit is contained in:
parent
7b346647c9
commit
2216fd6472
@ -130,7 +130,7 @@ int cgit_parse_snapshots_mask(const char *str)
|
|||||||
{
|
{
|
||||||
const struct snapshot_archive_t* sat;
|
const struct snapshot_archive_t* sat;
|
||||||
static const char *delim = " \t,:/|;";
|
static const char *delim = " \t,:/|;";
|
||||||
int f, tl, rv = 0;
|
int f, tl, sl, rv = 0;
|
||||||
|
|
||||||
/* favor legacy setting */
|
/* favor legacy setting */
|
||||||
if(atoi(str))
|
if(atoi(str))
|
||||||
@ -142,8 +142,9 @@ int cgit_parse_snapshots_mask(const char *str)
|
|||||||
break;
|
break;
|
||||||
for(f=0; f<snapshot_archives_len; f++) {
|
for(f=0; f<snapshot_archives_len; f++) {
|
||||||
sat = &snapshot_archives[f];
|
sat = &snapshot_archives[f];
|
||||||
if(!(strncmp(sat->suffix, str, tl) &&
|
sl = strlen(sat->suffix);
|
||||||
strncmp(sat->suffix+1, str, tl-1))) {
|
if((tl == sl && !strncmp(sat->suffix, str, tl)) ||
|
||||||
|
(tl == sl-1 && !strncmp(sat->suffix+1, str, tl-1))) {
|
||||||
rv |= sat->bit;
|
rv |= sat->bit;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user