[uploads.c 1.208 : line 1426]
buf = strchr(buf, '/');
- p = buf++;
- if (!p) {
+ if (!buf) {
g_warning("Invalid encoded Gnutella HTTP URI: %s", uri);
upload_error_remove(u, NULL, 400,
"Invalid encoded Gnutella HTTP request");
return NULL;
}
+ p = buf++;
To state the obvious, what if "buf" doesn't contain a '/'? Obviously
this is a really mangled URI, but if it is from the outside, we should
expect anything. Even if the URI is never from the outside, the above
change would have no overhead and would be safer... maybe a little
less easy to understand.
I haven't had a chance to review many of the changes yet.
fwiw,
Bill Pringlemeir.
-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g.
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_______________________________________________
Gtk-gnutella-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/gtk-gnutella-devel
