From: wessels <>
Date: Wed, 8 Apr 1998 05:50:50 +0000 (+0000)
Subject: Fix buffer overflow bug in ftpParseListing()
X-Git-Tag: SQUID_3_0_PRE1~3598
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4a2635aae0114a7944adfe9560c3c843c1f003be;p=thirdparty%2Fsquid.git

Fix buffer overflow bug in ftpParseListing()
---

diff --git a/src/ftp.cc b/src/ftp.cc
index f10aefbe80..5585198752 100644
--- a/src/ftp.cc
+++ b/src/ftp.cc
@@ -1,6 +1,6 @@
 
 /*
- * $Id: ftp.cc,v 1.216 1998/03/31 05:37:40 wessels Exp $
+ * $Id: ftp.cc,v 1.217 1998/04/07 23:50:50 wessels Exp $
  *
  * DEBUG: section 9     File Transfer Protocol (FTP)
  * AUTHOR: Harvest Derived
@@ -692,6 +692,7 @@ static void
 ftpParseListing(FtpStateData * ftpState, int len)
 {
     char *buf = ftpState->data.buf;
+    char *sbuf;		/* NULL-terminated copy of buf */
     char *end;
     char *line;
     char *s;
@@ -710,10 +711,11 @@ ftpParseListing(FtpStateData * ftpState, int len)
     }
     line = memAllocate(MEM_4K_BUF);
     end++;
-    /* XXX there is an ABR bug here.   We need to make sure buf is
-     * NULL terminated */
+    /* XXX, buf needs to be NULL terminated, copying is gross */
+    sbuf = xmalloc(len+1);
+    xstrncpy(sbuf, buf, len+1);
     storeBuffer(e);
-    for (s = buf; s < end; s += strcspn(s, crlf), s += strspn(s, crlf)) {
+    for (s = sbuf; s < end; s += strcspn(s, crlf), s += strspn(s, crlf)) {
 	linelen = strcspn(s, crlf) + 1;
 	if (linelen > 4096)
 	    linelen = 4096;
@@ -737,6 +739,7 @@ ftpParseListing(FtpStateData * ftpState, int len)
 	ftpState->data.offset = strlen(ftpState->data.buf);
     }
     memFree(MEM_4K_BUF, line);
+    xfree(sbuf);
 }
 
 static void