Module Name: src
Committed By: mrg
Date: Thu Nov 22 18:42:06 UTC 2018
Modified Files:
src/libexec/httpd: cgi-bozo.c
Log Message:
add an assert() check on array bounds.
To generate a diff of this commit:
cvs rdiff -u -r1.42 -r1.43 src/libexec/httpd/cgi-bozo.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/libexec/httpd/cgi-bozo.c
diff -u src/libexec/httpd/cgi-bozo.c:1.42 src/libexec/httpd/cgi-bozo.c:1.43
--- src/libexec/httpd/cgi-bozo.c:1.42 Thu Nov 22 08:54:08 2018
+++ src/libexec/httpd/cgi-bozo.c Thu Nov 22 18:42:06 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: cgi-bozo.c,v 1.42 2018/11/22 08:54:08 mrg Exp $ */
+/* $NetBSD: cgi-bozo.c,v 1.43 2018/11/22 18:42:06 mrg Exp $ */
/* $eterna: cgi-bozo.c,v 1.40 2011/11/18 09:21:15 mrg Exp $ */
@@ -45,6 +45,7 @@
#include <string.h>
#include <syslog.h>
#include <unistd.h>
+#include <assert.h>
#include <netinet/in.h>
@@ -380,6 +381,7 @@ bozo_process_cgi(bozo_httpreq_t *request
const char *type, *clen, *info, *cgihandler;
char *query, *s, *t, *path, *env, *command, *file, *url;
char **envp, **curenvp, **argv, **search_string_argv = NULL;
+ char **lastenvp;
char *uri;
size_t i, len, search_string_argc = 0;
ssize_t rbytes;
@@ -506,6 +508,7 @@ bozo_process_cgi(bozo_httpreq_t *request
for (ix = 0; ix < envpsize; ix++)
envp[ix] = NULL;
curenvp = envp;
+ lastenvp = envp + envpsize;
SIMPLEQ_FOREACH(headp, &request->hr_headers, h_next) {
const char *s2;
@@ -587,6 +590,7 @@ bozo_process_cgi(bozo_httpreq_t *request
strerror(errno));
*curenvp = 0;
+ assert(lastenvp > curenvp);
/*
* We create 2 procs: one to become the CGI, one read from
