diff options
author | Ray Lai <ray@raylai.com> | 2016-05-23 22:30:52 +0800 |
---|---|---|
committer | Gleydson Soares <gsoares@gmail.com> | 2017-04-08 00:04:32 +0000 |
commit | 669713d43f8a014ba481265d4c58c3fe575527b4 (patch) | |
tree | cb5a6dade1296992775f07619eb1abf702981ded /src/cmd/venti/srv/httpd.c | |
parent | 9f34853f7c6b459fb473d75cb78372406f69d7b2 (diff) | |
download | plan9port-669713d43f8a014ba481265d4c58c3fe575527b4.tar.gz plan9port-669713d43f8a014ba481265d4c58c3fe575527b4.tar.bz2 plan9port-669713d43f8a014ba481265d4c58c3fe575527b4.zip |
9term: Add missing parentheses, preventing buffer overflow.
(el-sr) is the string length and (sizeof wdir - strlen(name) - 20)
is the buffer size. When the string length is greater than the
buffer size, the beginning of the string is supposed to be trimmed
to fit in the buffer size. Unfortunately a pair of parentheses were
missing, pointing sr outside the buffer, and the for loop below
then reads outside the buffer. For certain binary data printed in
a window, it causes a segfault.
Change-Id: Iffeaa348260ee2a5a36d9577308fb8d1c1688d05
Reviewed-on: https://plan9port-review.googlesource.com/1540
Reviewed-by: Gleydson Soares <gsoares@gmail.com>
Diffstat (limited to 'src/cmd/venti/srv/httpd.c')
0 files changed, 0 insertions, 0 deletions