projects
/
libeap.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
WPS: Cleaned up URL parser not to modify const buffer
[libeap.git]
/
src
/
wps
/
wps_upnp.c
diff --git
a/src/wps/wps_upnp.c
b/src/wps/wps_upnp.c
index
9108caa
..
4825d2a
100644
(file)
--- a/
src/wps/wps_upnp.c
+++ b/
src/wps/wps_upnp.c
@@
-3,7
+3,7
@@
* Copyright (c) 2000-2003 Intel Corporation
* Copyright (c) 2006-2007 Sony Corporation
* Copyright (c) 2008-2009 Atheros Communications
* Copyright (c) 2000-2003 Intel Corporation
* Copyright (c) 2006-2007 Sony Corporation
* Copyright (c) 2008-2009 Atheros Communications
- * Copyright (c) 2009, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2009
-2010
, Jouni Malinen <j@w1.fi>
*
* See below for more details on licensing and code history.
*/
*
* See below for more details on licensing and code history.
*/
@@
-293,7
+293,8
@@
static void subscr_addr_free_all(struct subscription *s)
/* subscr_addr_add_url -- add address(es) for one url to subscription */
/* subscr_addr_add_url -- add address(es) for one url to subscription */
-static void subscr_addr_add_url(struct subscription *s, const char *url)
+static void subscr_addr_add_url(struct subscription *s, const char *url,
+ size_t url_len)
{
int alloc_len;
char *scratch_mem = NULL;
{
int alloc_len;
char *scratch_mem = NULL;
@@
-309,17
+310,19
@@
static void subscr_addr_add_url(struct subscription *s, const char *url)
int rerr;
/* url MUST begin with http: */
int rerr;
/* url MUST begin with http: */
- if (os_strncasecmp(url, "http://", 7))
+ if (
url_len < 7 ||
os_strncasecmp(url, "http://", 7))
goto fail;
url += 7;
goto fail;
url += 7;
+ url_len -= 7;
/* allocate memory for the extra stuff we need */
/* allocate memory for the extra stuff we need */
- alloc_len =
(2 * (os_strlen(url) + 1)
);
+ alloc_len =
2 * (url_len + 1
);
scratch_mem = os_zalloc(alloc_len);
if (scratch_mem == NULL)
goto fail;
mem = scratch_mem;
scratch_mem = os_zalloc(alloc_len);
if (scratch_mem == NULL)
goto fail;
mem = scratch_mem;
- strcpy(mem, url);
+ os_strncpy(mem, url, url_len);
+ wpa_printf(MSG_DEBUG, "WPS UPnP: Adding URL '%s'", mem);
domain_and_port = mem;
mem += 1 + os_strlen(mem);
delim = os_strchr(domain_and_port, '/');
domain_and_port = mem;
mem += 1 + os_strlen(mem);
delim = os_strchr(domain_and_port, '/');
@@
-331,7
+334,7
@@
static void subscr_addr_add_url(struct subscription *s, const char *url)
}
domain = mem;
strcpy(domain, domain_and_port);
}
domain = mem;
strcpy(domain, domain_and_port);
- delim = strchr(domain, ':');
+ delim =
os_
strchr(domain, ':');
if (delim) {
*delim++ = 0; /* null terminate domain */
if (isdigit(*delim))
if (delim) {
*delim++ = 0; /* null terminate domain */
if (isdigit(*delim))
@@
-386,7
+389,7
@@
static void subscr_addr_add_url(struct subscription *s, const char *url)
if (path[0] != '/')
*mem++ = '/';
strcpy(mem, path);
if (path[0] != '/')
*mem++ = '/';
strcpy(mem, path);
- mem += 1 + strlen(mem);
+ mem += 1 +
os_
strlen(mem);
os_memcpy(&a->saddr, rp->ai_addr, sizeof(a->saddr));
a->saddr.sin_port = htons(port);
os_memcpy(&a->saddr, rp->ai_addr, sizeof(a->saddr));
a->saddr.sin_port = htons(port);
@@
-406,7
+409,8
@@
fail:
static void subscr_addr_list_create(struct subscription *s,
const char *url_list)
{
static void subscr_addr_list_create(struct subscription *s,
const char *url_list)
{
- char *end;
+ const char *end;
+ wpa_printf(MSG_DEBUG, "WPS UPnP: Parsing URL list '%s'", url_list);
for (;;) {
while (*url_list == ' ' || *url_list == '\t')
url_list++;
for (;;) {
while (*url_list == ' ' || *url_list == '\t')
url_list++;
@@
-416,9
+420,8
@@
static void subscr_addr_list_create(struct subscription *s,
end = os_strchr(url_list, '>');
if (end == NULL)
break;
end = os_strchr(url_list, '>');
if (end == NULL)
break;
- *end++ = 0;
- subscr_addr_add_url(s, url_list);
- url_list = end;
+ subscr_addr_add_url(s, url_list, end - url_list);
+ url_list = end + 1;
}
}
}
}