Changeset 21997

Show
Ignore:
Timestamp:
29.04.2010 16:38:05 (9 years ago)
Author:
mdewsnip
Message:

Fixed nasty problem where random memory can be iterated through when "e" variables are badly formed. By John Thompson at DL Consulting Ltd.

Files:
1 modified

Legend:

Unmodified
Added
Removed
  • main/trunk/greenstone2/runtime-src/src/recpt/cgiutils.cpp

    r21961 r21997  
    680680        while ((*(arg_ehere-3) == 'Z') && (*(arg_ehere-2) == 'z')) { 
    681681          if (first) argvalue.clear(); 
    682           arg_ehere = (findchar (arg_ehere, arg_eend, '-')) + 1; 
     682 
     683          // Hey, here's a wild idea. Why don't we check that there is 
     684          // another hyphen in the cgiarge before we get a pointer to it and 
     685          // add one. That way we are far less likely to wander off into 
     686          // random memory merrily parsing arguments that are then lovingly 
     687          // spewed all over the HTML page returned at the usage logs. 
     688          text_t::iterator minus_itr = findchar (arg_ehere, arg_eend, '-'); 
     689          if (minus_itr == arg_eend) 
     690          { 
     691        logout << text_t2ascii << "Error: the cgi argument \"" << argname << "\" was specified as being a compressed argument but we have run out of cgiarge to decompress!\n"; 
     692        return false;               
     693          } 
     694          arg_ehere = minus_itr + 1; 
     695 
    683696          while (sav != (arg_ehere-1)) { 
    684697        if (!((*sav == 'Z') && (*(sav+1) == 'z') && (*(sav+2) == '-')) &&