Re: Two small bugfix patches

From: Joey Schulze <joey_at_infodrom.org>
Date: Wed, 1 Jul 2009 18:06:06 +0200

Hi Tyler!

Tyler McHenry wrote:
> While using cgilib, I've run into two bugs that appear to still exist in the
> repository that is browseable from your website, so I thought you would like
> to know about them. Patches are included.

Thanks a lot!

> First, there is a spurious 'extern' keyword just prior to the closing brace of
> the conditionally-compiled extern block in cgi.h. This causes C++ programs
> using cgilib to fail to compile. The first patch removes this.

True, this is now fixed in CVS.

> Second, in the cgiSetHeader function in cgi.c, there is an off-by-one error in
> the third (length) argument supplied to strncpy. Unlike strncat, strncpy is
> not guaranteed to produce a nul-terminated string if there is no nul byte
> found in the source string before reaching the maximum length specified.
>
> Since strncat is called on a string that was just previously assigned to point
> into uninitialized memory, it often ends up _not_ being nul-terminated and
> causes segmentation faults. The second patch fixes the off-by-one error.

Well spotted! I've checked the code again and have fixed it in CVS as well.
Copying +1 bytes was not an option, btw. since this would copy "dangerous"
characters instead of a trailing zero byte. The allocated string is now
zeroed after allocation to ensure there are enough NUL bytes.

Regards,

        Joey

-- 
If nothing changes, everything will remain the same.  -- Barne's Law
Received on Wed Jul 01 2009 - 18:06:06 CEST

This archive was generated by hypermail 2.2.0 : Wed Jul 01 2009 - 18:07:07 CEST