113 lines
3.3 KiB
Diff
113 lines
3.3 KiB
Diff
WWW/Library/Implementation/HTParse.c | 47 +++++++++++++++++++++++-----------
|
|
src/LYGlobalDefs.h | 1 +
|
|
src/LYMain.c | 1 +
|
|
3 files changed, 34 insertions(+), 15 deletions(-)
|
|
|
|
diff --git a/WWW/Library/Implementation/HTParse.c b/WWW/Library/Implementation/HTParse.c
|
|
index c9bfbbf..b265e22 100644
|
|
--- a/WWW/Library/Implementation/HTParse.c
|
|
+++ b/WWW/Library/Implementation/HTParse.c
|
|
@@ -12,6 +12,7 @@
|
|
#include <LYLeaks.h>
|
|
#include <LYStrings.h>
|
|
#include <LYCharUtils.h>
|
|
+#include <LYGlobalDefs.h>
|
|
|
|
#ifdef HAVE_ALLOCA_H
|
|
#include <alloca.h>
|
|
@@ -255,7 +256,8 @@ char *HTParse(const char *aName,
|
|
char *result = NULL;
|
|
char *tail = NULL; /* a pointer to the end of the 'result' string */
|
|
char *return_value = NULL;
|
|
- unsigned len, len1, len2;
|
|
+ size_t len, len1, len2;
|
|
+ size_t need;
|
|
char *name = NULL;
|
|
char *rel = NULL;
|
|
char *p, *q;
|
|
@@ -290,9 +292,17 @@ char *HTParse(const char *aName,
|
|
len2 = strlen(relatedName) + 1;
|
|
len = len1 + len2 + 8; /* Lots of space: more than enough */
|
|
|
|
- result = tail = (char *) LYalloca(len * 2 + len1 + len2);
|
|
+ need = (len * 2 + len1 + len2);
|
|
+ if (need > (size_t) max_uri_size ||
|
|
+ (int) need < (int) len1 ||
|
|
+ (int) need < (int) len2)
|
|
+ return StrAllocCopy(return_value, "");
|
|
+
|
|
+ result = tail = (char *) LYalloca(need);
|
|
if (result == NULL) {
|
|
outofmem(__FILE__, "HTParse");
|
|
+
|
|
+ assert(result != NULL);
|
|
}
|
|
*result = '\0';
|
|
name = result + len;
|
|
@@ -674,21 +684,28 @@ const char *HTParseAnchor(const char *aName)
|
|
* keeping in mind scan() peculiarities on schemes:
|
|
*/
|
|
struct struct_parts given;
|
|
+ size_t need = ((unsigned) ((p - aName) + (int) strlen(p) + 1));
|
|
+ char *name;
|
|
|
|
- char *name = (char *) LYalloca((unsigned) ((p - aName)
|
|
- + (int) strlen(p) + 1));
|
|
+ if (need > (size_t) max_uri_size) {
|
|
+ p += strlen(p);
|
|
+ } else {
|
|
+ name = (char *) LYalloca(need);
|
|
|
|
- if (name == NULL) {
|
|
- outofmem(__FILE__, "HTParseAnchor");
|
|
- }
|
|
- strcpy(name, aName);
|
|
- scan(name, &given);
|
|
- LYalloca_free(name);
|
|
-
|
|
- p++; /*next to '#' */
|
|
- if (given.anchor == NULL) {
|
|
- for (; *p; p++) /*scroll to end '\0' */
|
|
- ;
|
|
+ if (name == NULL) {
|
|
+ outofmem(__FILE__, "HTParseAnchor");
|
|
+
|
|
+ assert(name != NULL);
|
|
+ }
|
|
+ strcpy(name, aName);
|
|
+ scan(name, &given);
|
|
+ LYalloca_free(name);
|
|
+
|
|
+ p++; /*next to '#' */
|
|
+ if (given.anchor == NULL) {
|
|
+ for (; *p; p++) /*scroll to end '\0' */
|
|
+ ;
|
|
+ }
|
|
}
|
|
}
|
|
return p;
|
|
diff --git a/src/LYGlobalDefs.h b/src/LYGlobalDefs.h
|
|
index d0c5ab1..cc3e1e8 100644
|
|
--- a/src/LYGlobalDefs.h
|
|
+++ b/src/LYGlobalDefs.h
|
|
@@ -305,6 +305,7 @@ extern "C" {
|
|
extern int max_cookies_buffer;
|
|
extern int max_cookies_domain;
|
|
extern int max_cookies_global;
|
|
+ extern int max_uri_size;
|
|
#ifdef USE_SESSIONS
|
|
extern short session_limit; /* maximal entries saved/restored
|
|
in session file */
|
|
diff --git a/src/LYMain.c b/src/LYMain.c
|
|
index 126a30f..0ccebe5 100644
|
|
--- a/src/LYMain.c
|
|
+++ b/src/LYMain.c
|
|
@@ -494,6 +494,7 @@ int lynx_temp_subspace = 0; /* > 0 if we made temp-directory */
|
|
int max_cookies_domain = 50;
|
|
int max_cookies_global = 500;
|
|
int max_cookies_buffer = 4096;
|
|
+int max_uri_size = 8192;
|
|
int nlinks = 0; /* number of links in memory */
|
|
int outgoing_mail_charset = -1; /* translate mail to this charset */
|
|
|