Changeset 21997


Ignore:
Timestamp:
2010-04-29T16:38:05+12:00 (11 years ago)
Author:
mdewsnip
Message:

Fixed nasty problem where random memory can be iterated through when "e" variables are badly formed. By John Thompson at DL Consulting Ltd.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • main/trunk/greenstone2/runtime-src/src/recpt/cgiutils.cpp

    r21961 r21997  
    680680        while ((*(arg_ehere-3) == 'Z') && (*(arg_ehere-2) == 'z')) {
    681681          if (first) argvalue.clear();
    682           arg_ehere = (findchar (arg_ehere, arg_eend, '-')) + 1;
     682
     683          // Hey, here's a wild idea. Why don't we check that there is
     684          // another hyphen in the cgiarge before we get a pointer to it and
     685          // add one. That way we are far less likely to wander off into
     686          // random memory merrily parsing arguments that are then lovingly
     687          // spewed all over the HTML page returned at the usage logs.
     688          text_t::iterator minus_itr = findchar (arg_ehere, arg_eend, '-');
     689          if (minus_itr == arg_eend)
     690          {
     691        logout << text_t2ascii << "Error: the cgi argument \"" << argname << "\" was specified as being a compressed argument but we have run out of cgiarge to decompress!\n";
     692        return false;             
     693          }
     694          arg_ehere = minus_itr + 1;
     695
    683696          while (sav != (arg_ehere-1)) {
    684697        if (!((*sav == 'Z') && (*(sav+1) == 'z') && (*(sav+2) == '-')) &&
Note: See TracChangeset for help on using the changeset viewer.