Changeset 21997 for main/trunk/greenstone2/runtime-src/src

Timestamp:

2010-04-29T16:38:05+12:00 (14 years ago)

Author:

mdewsnip

Message:

Fixed nasty problem where random memory can be iterated through when "e" variables are badly formed. By John Thompson at DL Consulting Ltd.

File:

• main/trunk/greenstone2/runtime-src/src/recpt/cgiutils.cpp (modified) (1 diff)

main/trunk/greenstone2/runtime-src/src/recpt/cgiutils.cpp

@@ -680 +680 @@
         while ((*(arg_ehere-3) == 'Z') && (*(arg_ehere-2) == 'z')) {
           if (first) argvalue.clear();
-          arg_ehere = (findchar (arg_ehere, arg_eend, '-')) + 1;
+
+          // Hey, here's a wild idea. Why don't we check that there is
+          // another hyphen in the cgiarge before we get a pointer to it and
+          // add one. That way we are far less likely to wander off into
+          // random memory merrily parsing arguments that are then lovingly
+          // spewed all over the HTML page returned at the usage logs.
+          text_t::iterator minus_itr = findchar (arg_ehere, arg_eend, '-');
+          if (minus_itr == arg_eend)
+          {
+        logout << text_t2ascii << "Error: the cgi argument \"" << argname << "\" was specified as being a compressed argument but we have run out of cgiarge to decompress!\n";
+        return false;              
+          }
+          arg_ehere = minus_itr + 1;
+
           while (sav != (arg_ehere-1)) {
         if (!((*sav == 'Z') && (*(sav+1) == 'z') && (*(sav+2) == '-')) &&