From d968c0951e421752bd60278deb7b260d7eb7a674 Mon Sep 17 00:00:00 2001
From: amosjeffries <>
Date: Mon, 5 Nov 2007 06:59:51 +0000
Subject: [PATCH] Close three possible buffer over/under-runs

Simple fixes imported from earlier string work.
 - prevent pointer operations in cut /set operations if the location
   given is outside teh currently allocated buffer.
The methods will behave as if the operations were successful but did
not alter the string.
---
 src/SquidString.h |  9 ++++-----
 src/String.cci    | 23 ++++++++++++-----------
 2 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/src/SquidString.h b/src/SquidString.h
index 4d97f35f96..c2f371d2b2 100644
--- a/src/SquidString.h
+++ b/src/SquidString.h
@@ -1,6 +1,6 @@
 
 /*
- * $Id: SquidString.h,v 1.11 2007/09/28 01:40:50 amosjeffries Exp $
+ * $Id: SquidString.h,v 1.12 2007/11/04 23:59:51 amosjeffries Exp $
  *
  * DEBUG: section 67    String
  * AUTHOR: Duane Wessels
@@ -112,12 +112,11 @@ public:
     _SQUID_INLINE_ int caseCmp (char const *) const;
     _SQUID_INLINE_ int caseCmp (char const *, size_t count) const;
 
-    _SQUID_INLINE_ void set
-        (char const *loc, char const ch);
+    _SQUID_INLINE_ void set(char const *loc, char const ch);
 
-    _SQUID_INLINE_ void cut (size_t newLength);
+    _SQUID_INLINE_ void cut(size_t newLength);
 
-    _SQUID_INLINE_ void cutPointer (char const *loc);
+    _SQUID_INLINE_ void cutPointer(char const *loc);
 
 #if DEBUGSTRINGS
 
diff --git a/src/String.cci b/src/String.cci
index e1995e46bc..ccc48f4ac0 100644
--- a/src/String.cci
+++ b/src/String.cci
@@ -1,6 +1,6 @@
 
 /*
- * $Id: String.cci,v 1.9 2007/05/29 13:31:38 amosjeffries Exp $
+ * $Id: String.cci,v 1.10 2007/11/04 23:59:52 amosjeffries Exp $
  *
  * DEBUG: section 67    String
  * AUTHOR: Duane Wessels
@@ -125,36 +125,39 @@ String::cmp (String const &aString) const
 }
 
 int
-String::caseCmp (char const *aString) const
+String::caseCmp(char const *aString) const
 {
     return strcasecmp(buf(), aString);
 }
 
 int
-String::caseCmp (char const *aString, size_t count) const
+String::caseCmp(char const *aString, size_t count) const
 {
     return strncasecmp(buf(), aString, count);
 }
 
-/* FIXME: this is can perform buffer overflows and underflows! */
 void
-String::set (char const *loc, char const ch)
+String::set(char const *loc, char const ch)
 {
+    if(loc < buf_ || loc > (buf_ + size_) ) return;
+
     buf_[loc-buf_] = ch;
 }
 
-/* FIXME: this is can perform buffer overflows and underflows! */
 void
-String::cut (size_t newLength)
+String::cut(size_t newLength)
 {
+    if(newLength < 0 || newLength > len_) return;
+
     len_ = newLength;
     buf_[newLength] = '\0';
 }
 
-/* FIXME: this is can perform buffer overflows and underflows! */
 void
-String::cutPointer (char const *loc)
+String::cutPointer(char const *loc)
 {
+    if(loc < buf_ || loc > (buf_ + size_) ) return;
+
     len_ = loc-buf_;
     buf_[len_] = '\0';
 }
@@ -165,5 +168,3 @@ operator<<(std::ostream& os, String const &aString)
     os << aString.buf();
     return os;
 }
-
-
-- 
2.47.2