Bug #1189: buffer overflow bug in gopherToHTML()

Yet another buffer overflow bug in gopherToHTML().  This one is similar
to others already found and the same solution is used.  If a potential
overflow is detected, the excess input is simply lost.

Forward port of Duane's 2.5 patch.

diff --git a/src/gopher.cc b/src/gopher.cc
index 5a2c73504e48c9443e73a615427f6f80e8e8afff..92208742d8af7cadd06c4828c201f930ee920065 100644 (file)
--- a/src/gopher.cc
+++ b/src/gopher.cc
@@ -1,6 +1,6 @@
 
 /*
- * $Id: gopher.cc,v 1.185 2003/11/29 08:37:29 hno Exp $
+ * $Id: gopher.cc,v 1.186 2005/01/28 09:23:41 serassio Exp $
  *
  * DEBUG: section 10    Gopher
  * AUTHOR: Harvest Derived
@@ -394,6 +394,13 @@ gopherToHTML(GopherStateData * gopherState, char *inbuf, int len)
         if (gopherState->len != 0) {
             /* there is something left from last tx. */
             xstrncpy(line, gopherState->buf, gopherState->len + 1);
+
+            if (gopherState->len + len > TEMP_BUF_SIZE) {
+                debug(10, 1) ("GopherHTML: Buffer overflow. Lost some data on URL: %s\n",
+                              storeUrl(entry));
+                len = TEMP_BUF_SIZE - gopherState->len;
+            }
+
             lpos = (char *) memccpy(line + gopherState->len, inbuf, '\n', len);
 
             if (lpos)