| author | Lars Hjemli <hjemli@gmail.com> | 2007-12-02 23:39:20 (UTC) |
|---|---|---|
| committer | Lars Hjemli <hjemli@gmail.com> | 2007-12-02 23:39:20 (UTC) |
| commit | 2216fd6472fe183439df1a39c1c06974abc3f150 (patch) (unidiff) | |
| tree | 063180038252f9a7116bed384aab20717e4990e4 | |
| parent | 7b346647c9d8cc3b4acccecc3ede526dc4b2fb06 (diff) | |
| download | cgit-2216fd6472fe183439df1a39c1c06974abc3f150.zip cgit-2216fd6472fe183439df1a39c1c06974abc3f150.tar.gz cgit-2216fd6472fe183439df1a39c1c06974abc3f150.tar.bz2 | |
Compare string lengths when parsing the snapshot mask
We used to rely on the result from strncmp() without comparing the length of
the strings involved. Even worse, any single-character format specifier would
enable zip-format due to the optional '.'-prefix since the length of the
mask then would become zero.
Noticed-by: Evan Martin <sys@neugierig.org>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
| -rw-r--r-- | ui-snapshot.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/ui-snapshot.c b/ui-snapshot.c index 4d1aa88..dfedd8f 100644 --- a/ui-snapshot.c +++ b/ui-snapshot.c | |||
| @@ -117,40 +117,41 @@ void cgit_print_snapshot_links(const char *repo, const char *head, | |||
| 117 | for(f=0; f<snapshot_archives_len; f++) { | 117 | for(f=0; f<snapshot_archives_len; f++) { |
| 118 | sat = &snapshot_archives[f]; | 118 | sat = &snapshot_archives[f]; |
| 119 | if(!(snapshots & sat->bit)) | 119 | if(!(snapshots & sat->bit)) |
| 120 | continue; | 120 | continue; |
| 121 | filename = fmt("%s-%s%s", cgit_repobasename(repo), hex, | 121 | filename = fmt("%s-%s%s", cgit_repobasename(repo), hex, |
| 122 | sat->suffix); | 122 | sat->suffix); |
| 123 | cgit_snapshot_link(filename, NULL, NULL, (char *)head, | 123 | cgit_snapshot_link(filename, NULL, NULL, (char *)head, |
| 124 | (char *)hex, filename); | 124 | (char *)hex, filename); |
| 125 | html("<br/>"); | 125 | html("<br/>"); |
| 126 | } | 126 | } |
| 127 | } | 127 | } |
| 128 | 128 | ||
| 129 | int cgit_parse_snapshots_mask(const char *str) | 129 | int cgit_parse_snapshots_mask(const char *str) |
| 130 | { | 130 | { |
| 131 | const struct snapshot_archive_t* sat; | 131 | const struct snapshot_archive_t* sat; |
| 132 | static const char *delim = " \t,:/|;"; | 132 | static const char *delim = " \t,:/|;"; |
| 133 | int f, tl, rv = 0; | 133 | int f, tl, sl, rv = 0; |
| 134 | 134 | ||
| 135 | /* favor legacy setting */ | 135 | /* favor legacy setting */ |
| 136 | if(atoi(str)) | 136 | if(atoi(str)) |
| 137 | return 1; | 137 | return 1; |
| 138 | for(;;) { | 138 | for(;;) { |
| 139 | str += strspn(str,delim); | 139 | str += strspn(str,delim); |
| 140 | tl = strcspn(str,delim); | 140 | tl = strcspn(str,delim); |
| 141 | if(!tl) | 141 | if(!tl) |
| 142 | break; | 142 | break; |
| 143 | for(f=0; f<snapshot_archives_len; f++) { | 143 | for(f=0; f<snapshot_archives_len; f++) { |
| 144 | sat = &snapshot_archives[f]; | 144 | sat = &snapshot_archives[f]; |
| 145 | if(!(strncmp(sat->suffix, str, tl) && | 145 | sl = strlen(sat->suffix); |
| 146 | strncmp(sat->suffix+1, str, tl-1))) { | 146 | if((tl == sl && !strncmp(sat->suffix, str, tl)) || |
| 147 | (tl == sl-1 && !strncmp(sat->suffix+1, str, tl-1))) { | ||
| 147 | rv |= sat->bit; | 148 | rv |= sat->bit; |
| 148 | break; | 149 | break; |
| 149 | } | 150 | } |
| 150 | } | 151 | } |
| 151 | str += tl; | 152 | str += tl; |
| 152 | } | 153 | } |
| 153 | return rv; | 154 | return rv; |
| 154 | } | 155 | } |
| 155 | 156 | ||
| 156 | /* vim:set sw=8: */ | 157 | /* vim:set sw=8: */ |