From b1f17f168b91d709c0c0e62608de301a36f06da9 Mon Sep 17 00:00:00 2001 From: John Keeping Date: Mon, 1 Apr 2013 19:03:34 +0100 Subject: Fix out-of-bounds memory accesses with virtual_root="" The CGit configuration variable virtual_root is normalized so that it does not have a trailing '/' character, but it is allowed to be empty (the empty string and NULL have different meanings here) and there is code that is insufficiently cautious when checking if it ends in a '/': if (virtual_root[strlen(virtual_root) - 1] != '/') Clearly this check is redundant, but rather than simply removing it we get a slight efficiency improvement by switching the normalization so that the virtual_root variable always ends in '/'. Do this with a new "ensure_end" helper. Signed-off-by: John Keeping --- shared.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'shared.c') diff --git a/shared.c b/shared.c index cc06930..1fa9c99 100644 --- a/shared.c +++ b/shared.c @@ -115,6 +115,21 @@ char *trim_end(const char *str, char c) return xstrndup(str, len); } +char *ensure_end(const char *str, char c) +{ + size_t len = strlen(str); + char *result; + + if (len && str[len - 1] == c) + return xstrndup(str, len); + + result = xmalloc(len + 2); + memcpy(result, str, len); + result[len] = '/'; + result[len + 1] = '\0'; + return result; +} + char *strlpart(char *txt, int maxlen) { char *result; -- cgit v1.2.3-70-g09d2