This is the mail archive of the cygwin-apps@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: New bug added to README


On Thu, 17 Apr 2003, Max Bowsher wrote:

> maxb wrote:
> > CVSROOT: /cvs/cygwin-apps
> > Module name: setup
> > Changes by: maxb 2003-04-17 08:41:41
> >
> > Log message:
> > New bug in TODO:
> >
> > * Audit rfc1738 code for bad memory/string handling. Example: Crash occurs
> > if rfc1738 encoded dirname is truncated in the middle of a %xx sequence.
>
> Suggesting this be considered for Release Blocker status.
> Max.

Yup, there's a bug all-right:

rfc1738.cc, in rfc1738_unescape() [line 201]:
   for (i = j = 0; s[j]; i++, j++)
     {
       s[i] = s[j];
       if (s[i] != '%')
         continue;
       if (s[j + 1] == '%')
         {                       /* %% case */
           j++;
           continue;
         }
>      if (s[j + 1] && s[j + 2])

It will crash in the line above, since it overruns the buffer (by 2).  I'm
attaching a patch.  Perhaps the squid people should also be notified.
	Igor
==============================================================================
ChangeLog:
2003-04-17  Igor Pechtchanski  <pechtcha at cs dot nyu dot edu>

	* rfc1738.cc (rfc1738_unescape): Handle incomplete escape.

-- 
				http://cs.nyu.edu/~pechtcha/
      |\      _,,,---,,_		pechtcha at cs dot nyu dot edu
ZZZzz /,`.-'`'    -.  ;-;;,_		igor at watson dot ibm dot com
     |,4-  ) )-,_. ,\ (  `'-'		Igor Pechtchanski
    '---''(_/--'  `-'\_) fL	a.k.a JaguaR-R-R-r-r-r-.-.-.  Meow!

Knowledge is an unending adventure at the edge of uncertainty.
  -- Leto II

Attachment: setup-rfc1738-fix.patch
Description: Text document


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]