diff options
author | mnicholson <mnicholson@f38db490-d61c-443f-a65b-d21fe96a405b> | 2011-01-11 18:51:40 +0000 |
---|---|---|
committer | mnicholson <mnicholson@f38db490-d61c-443f-a65b-d21fe96a405b> | 2011-01-11 18:51:40 +0000 |
commit | 9cc03bc48d23a4ee406011c0cac23193f776199a (patch) | |
tree | e9df5360211562cbf0238f1423b1b3dc035680e2 /main | |
parent | f8a53260179e20b7a2142d7ee9f8b38c39cee9c6 (diff) |
Merged revisions 301307 via svnmerge from
https://origsvn.digium.com/svn/asterisk/branches/1.6.2
................
r301307 | mnicholson | 2011-01-11 12:42:05 -0600 (Tue, 11 Jan 2011) | 11 lines
Merged revisions 301305 via svnmerge from
https://origsvn.digium.com/svn/asterisk/branches/1.4
........
r301305 | mnicholson | 2011-01-11 12:34:40 -0600 (Tue, 11 Jan 2011) | 4 lines
Prevent buffer overflows in ast_uri_encode()
ABE-2705
........
................
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.8@301308 f38db490-d61c-443f-a65b-d21fe96a405b
Diffstat (limited to 'main')
-rw-r--r-- | main/utils.c | 21 |
1 files changed, 10 insertions, 11 deletions
diff --git a/main/utils.c b/main/utils.c index 268ab8eb5..687a6ec42 100644 --- a/main/utils.c +++ b/main/utils.c @@ -384,33 +384,32 @@ static void base64_init(void) char *ast_uri_encode(const char *string, char *outbuf, int buflen, int do_special_char) { const char *ptr = string; /* Start with the string */ - char *out = NULL; - char *buf = NULL; + char *out = outbuf; const char *mark = "-_.!~*'()"; /* no encode set, RFC 2396 section 2.3, RFC 3261 sec 25 */ - ast_copy_string(outbuf, string, buflen); - while (*ptr) { + while (*ptr && out - outbuf < buflen - 1) { if ((const signed char) *ptr < 32 || *ptr == 0x7f || *ptr == '%' || (do_special_char && !(*ptr >= '0' && *ptr <= '9') && /* num */ !(*ptr >= 'A' && *ptr <= 'Z') && /* ALPHA */ !(*ptr >= 'a' && *ptr <= 'z') && /* alpha */ !strchr(mark, *ptr))) { /* mark set */ - - /* Oops, we need to start working here */ - if (!buf) { - buf = outbuf; - out = buf + (ptr - string) ; /* Set output ptr */ + if (out - outbuf >= buflen - 3) { + break; } + out += sprintf(out, "%%%02X", (unsigned char) *ptr); - } else if (buf) { + } else { *out = *ptr; /* Continue copying the string */ out++; } ptr++; } - if (buf) + + if (buflen) { *out = '\0'; + } + return outbuf; } |