Archives/cgit
2
0
Fork 0
mirror of https://git.zx2c4.com/cgit/ synced 2024-11-10 07:10:33 +00:00
Code Issues Projects Releases Wiki Activity

Compare string lengths when parsing the snapshot mask

Browse Source 
We used to rely on the result from strncmp() without comparing the length of
the strings involved. Even worse, any single-character format specifier would
enable zip-format due to the optional '.'-prefix since the length of the
mask then would become zero.

Noticed-by: Evan Martin <sys@neugierig.org>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
This commit is contained in:
Lars Hjemli 2007-12-03 00:39:20 +01:00
parent 7b346647c9
commit 2216fd6472
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ui-snapshot.c
View File

@ -130,7 +130,7 @@ int cgit_parse_snapshots_mask(const char *str)
{ {
const struct snapshot_archive_t* sat; const struct snapshot_archive_t* sat;
static const char *delim = " \t,:/|;"; static const char *delim = " \t,:/|;";
int f, tl, rv = 0; int f, tl, sl, rv = 0;
/* favor legacy setting */ /* favor legacy setting */
if(atoi(str)) if(atoi(str))
@ -142,8 +142,9 @@ int cgit_parse_snapshots_mask(const char *str)
break; break;
for(f=0; f<snapshot_archives_len; f++) { for(f=0; f<snapshot_archives_len; f++) {
sat = &snapshot_archives[f]; sat = &snapshot_archives[f];
if(!(strncmp(sat->suffix, str, tl) && sl = strlen(sat->suffix);
strncmp(sat->suffix+1, str, tl-1))) { if((tl == sl && !strncmp(sat->suffix, str, tl)) ||
(tl == sl-1 && !strncmp(sat->suffix+1, str, tl-1))) {
rv |= sat->bit; rv |= sat->bit;
break; break;
} }