Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/libexec/httpd Fix deref "command" after "free(file)", from K...
details: https://anonhg.NetBSD.org/src/rev/84efd1c2c673
branches: trunk
changeset: 807694:84efd1c2c673
user: christos <christos%NetBSD.org@localhost>
date: Sun Apr 19 19:05:19 2015 +0000
description:
Fix deref "command" after "free(file)", from KIYOHARA Takashi
diffstat:
libexec/httpd/cgi-bozo.c | 11 ++++++-----
1 files changed, 6 insertions(+), 5 deletions(-)
diffs (43 lines):
diff -r e1cdbd948d0f -r 84efd1c2c673 libexec/httpd/cgi-bozo.c
--- a/libexec/httpd/cgi-bozo.c Sun Apr 19 18:54:52 2015 +0000
+++ b/libexec/httpd/cgi-bozo.c Sun Apr 19 19:05:19 2015 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: cgi-bozo.c,v 1.25 2014/06/24 07:23:59 shm Exp $ */
+/* $NetBSD: cgi-bozo.c,v 1.26 2015/04/19 19:05:19 christos Exp $ */
/* $eterna: cgi-bozo.c,v 1.40 2011/11/18 09:21:15 mrg Exp $ */
@@ -247,7 +247,8 @@
char date[40];
bozoheaders_t *headp;
const char *type, *clen, *info, *cgihandler;
- char *query, *s, *t, *path, *env, *command, *file, *url;
+ char *query, *s, *t, *path, *env, *file, *url;
+ char command[MAXPATHLEN];
char **envp, **curenvp, *argv[4];
char *uri;
size_t len;
@@ -284,7 +285,6 @@
path = NULL;
envp = NULL;
cgihandler = NULL;
- command = NULL;
info = NULL;
len = strlen(url);
@@ -309,12 +309,13 @@
ix = 0;
if (cgihandler) {
- command = file + 1;
+ snprintf(command, sizeof(command), "%s", file + 1);
path = bozostrdup(httpd, cgihandler);
argv[ix++] = path;
/* argv[] = [ path, command, query, NULL ] */
} else {
- command = file + CGIBIN_PREFIX_LEN + 1;
+ snprintf(command, sizeof(command), "%s",
+ file + CGIBIN_PREFIX_LEN + 1);
if ((s = strchr(command, '/')) != NULL) {
info = bozostrdup(httpd, s);
*s = '\0';
Home |
Main Index |
Thread Index |
Old Index