From: wessels <>
Date: Mon, 17 Apr 2000 03:59:45 +0000 (+0000)
Subject: DW:
X-Git-Tag: SQUID_3_0_PRE1~2044
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=25b0856c1c1fdc67cc04357ff4d8fb4c5723f2d8;p=thirdparty%2Fsquid.git

DW:
 - Fix possible memory access bug.  Before the change we would always
   copy 4096 bytes from 'headers' to 'buf'.  Not only was it wasteful,
   but it accessed uninitialized memory.
---

diff --git a/src/HttpReply.cc b/src/HttpReply.cc
index 89b2c30c00..a0e683d322 100644
--- a/src/HttpReply.cc
+++ b/src/HttpReply.cc
@@ -1,6 +1,6 @@
 
 /*
- * $Id: HttpReply.cc,v 1.40 2000/03/06 16:23:28 wessels Exp $
+ * $Id: HttpReply.cc,v 1.41 2000/04/16 21:59:45 wessels Exp $
  *
  * DEBUG: section 58    HTTP Reply (Response)
  * AUTHOR: Alex Rousskov
@@ -144,12 +144,12 @@ httpReplyParse(HttpReply * rep, const char *buf, ssize_t end)
      */
     char *headers = memAllocate(MEM_4K_BUF);
     int success;
+    size_t s = XMIN(end + 1, 4096);
     /* reset current state, because we are not used in incremental fashion */
     httpReplyReset(rep);
-    /* put a string terminator */
-    xstrncpy(headers, buf, 4096);
-    if (end >= 0 && end < 4096)
-	*(headers + end) = '\0';
+    /* put a string terminator.  s is how many bytes to touch in
+     * 'buf' including the terminating NULL. */
+    xstrncpy(headers, buf, s);
     success = httpReplyParseStep(rep, headers, 0);
     memFree(headers, MEM_4K_BUF);
     return success == 1;