a1batross
/
kore
forked from mirrors/kore
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Use kore_mem_find() in kore_buf_replace_string(), fixes certain crashes 

that could occur when calling kore_buf_replace_string() with patterns
that would be found at the end or start of the buffer.
This commit is contained in:
Joris Vink 2013-09-26 16:49:44 +02:00
parent 3359be363f
commit 1fb3c013ff
2 changed files with 4 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
includes/kore.h
View File

@ -358,8 +358,7 @@ u_int8_t *kore_buf_release(struct kore_buf *, u_int32_t *);
void kore_buf_appendf(struct kore_buf *, const char *, ...);
void kore_buf_appendv(struct kore_buf *, struct buf_vec *, u_int16_t);
void kore_buf_appendb(struct kore_buf *, struct kore_buf *);
void kore_buf_replace_string(struct kore_buf *, const char *,
void *, size_t);
void kore_buf_replace_string(struct kore_buf *, char *, void *, size_t);
struct spdy_header_block *spdy_header_block_create(int);
struct spdy_stream *spdy_stream_lookup(struct connection *, u_int32_t);

6
src/buf.c
View File

@ -98,8 +98,7 @@ kore_buf_free(struct kore_buf *buf)
}
void
kore_buf_replace_string(struct kore_buf *b, const char *src,
void *dst, size_t len)
kore_buf_replace_string(struct kore_buf *b, char *src, void *dst, size_t len)
{
u_int32_t blen, off, off2;
size_t nlen, klen;
@ -112,7 +111,8 @@ kore_buf_replace_string(struct kore_buf *b, const char *src,
nlen = blen + len;
p = (char *)b->data;
if ((key = strstr((p + off), src)) == NULL)
key = kore_mem_find(p + off, b->offset - off, src, klen);
if (key == NULL)
break;
end = key + klen;