commit 444b8f5b32d0263f1a20e18eb3044bfeed334361
Author: Hiltjo Posthuma <[email protected]>
AuthorDate: Mon Mar 5 01:12:09 2018 +0100
Commit: Laslo Hunhold <[email protected]>
CommitDate: Mon Mar 5 01:21:14 2018 +0100
http_send_response: fix undefined behaviour for copying the target string
... the format string and buffer were the same (undefined behaviour).
diff --git a/http.c b/http.c
index 98dfb00..118389b 100644
--- a/http.c
+++ b/http.c
@@ -346,10 +346,11 @@ http_send_response(int fd, struct request *r)
/* if we have a vhost prefix, prepend it to the target */
if (s.vhost[i].prefix) {
- if (esnprintf(realtarget, sizeof(realtarget), "%s%s",
+ if (esnprintf(tmptarget, sizeof(tmptarget), "%s%s",
s.vhost[i].prefix, realtarget)) {
return http_send_status(fd,
S_REQUEST_TOO_LARGE);
}
+ memcpy(realtarget, tmptarget, sizeof(realtarget));
}
}
