We should in that case also patch *http_header_value()
Vincent.
Alexander Malysh a écrit :
hi,
yes, you are right here. it doesn't crash only due to the octstr_copy
length adjust.
Patch applied to cvs.
Thanks,
Alex
Am 27.03.2009 um 18:30 schrieb Nikos Balkanas:
Hi,
A small patch that left as it is should lead to memory corruption. I
have not tested the broken code but it seems quite obvious to me.
Please vote & decide.
BR,
Nikos
<http.diff>
--- /gateway-cvs/gwlib/http.c 2009-03-30 10:58:32.000000000 +0200
+++ /gateway/gwlib/http.c 2009-03-30 16:38:47.000000000 +0200
@@ -2850,7 +2850,7 @@
current_name = octstr_copy(os, 0, colon);
}
if (octstr_case_compare(current_name, name) == 0) {
- value = octstr_copy(os, colon + 1, octstr_len(os));
+ value = octstr_copy(os, colon + 1, octstr_len(os) - colon - 1);
octstr_strip_blanks(value);
octstr_destroy(current_name);
return value;
