On 25.10.2011 20:07, Christopher Schultz wrote: > Rainer, > > On 10/23/2011 12:19 PM, rj...@apache.org wrote: >> +static const char *find_path_in_uri(const char *uri, const char >> *path) +{ + size_t len = strlen(path); + while (uri = >> strchr(uri, '/')) { + uri++; + if (!strncmp(uri, >> path, len) && + (*(uri + len) == '/' || + >> strlen(uri) == len)) { + return uri; + } + >> } > > Also, 'len' is never updated in the loop, so the call to strncmp > could potentially cause a SIGSEGV -- but only in the cases where > something truly nefarious is going on, anyway.
Hmmm, I don't get that: path isn't changed, strncmp() will never compare beyond terminating '0', and uri+len must be inside uri if length of path is len, and uri and path coincide for len chars. Of course *(uri+len) could be '0', but that's OK. Regards, Rainer --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org