mirror of
https://gitlab.alpinelinux.org/alpine/aports.git
synced 2026-05-16 18:17:15 +02:00
53 lines
1.6 KiB
Diff
53 lines
1.6 KiB
Diff
Patch-Source: https://src.fedoraproject.org/rpms/civetweb/blob/f44/f/0002-src-civetweb.c.patch
|
|
--
|
|
From 76e222bcb77ba8452e5da4e82ae6cecd499c25e0 Mon Sep 17 00:00:00 2001
|
|
From: krispybyte <krispybyte@proton.me>
|
|
Date: Sat, 21 Jun 2025 23:33:50 +0300
|
|
Subject: [PATCH 1/2] Fix heap overflow in directory URI slash redirection
|
|
|
|
---
|
|
src/civetweb.c | 23 ++++++++++++++++++-----
|
|
1 file changed, 18 insertions(+), 5 deletions(-)
|
|
|
|
--- civetweb-1.16/src/civetweb.c.orig 2023-04-08 11:38:36.000000000 -0400
|
|
+++ civetweb-1.16/src/civetweb.c 2025-09-29 15:08:02.385060903 -0400
|
|
@@ -15242,7 +15242,6 @@
|
|
/* 12. Directory uris should end with a slash */
|
|
if (file.stat.is_directory && ((uri_len = (int)strlen(ri->local_uri)) > 0)
|
|
&& (ri->local_uri[uri_len - 1] != '/')) {
|
|
-
|
|
/* Path + server root */
|
|
size_t buflen = UTF8_PATH_MAX * 2 + 2;
|
|
char *new_path;
|
|
@@ -15255,12 +15254,26 @@
|
|
mg_send_http_error(conn, 500, "out or memory");
|
|
} else {
|
|
mg_get_request_link(conn, new_path, buflen - 1);
|
|
- strcat(new_path, "/");
|
|
+
|
|
+ size_t len = strlen(new_path);
|
|
+ if (len + 1 < buflen) {
|
|
+ new_path[len] = '/';
|
|
+ new_path[len + 1] = '\0';
|
|
+ len++;
|
|
+ }
|
|
+
|
|
if (ri->query_string) {
|
|
- /* Append ? and query string */
|
|
- strcat(new_path, "?");
|
|
- strcat(new_path, ri->query_string);
|
|
+ if (len + 1 < buflen) {
|
|
+ new_path[len] = '?';
|
|
+ new_path[len + 1] = '\0';
|
|
+ len++;
|
|
+ }
|
|
+
|
|
+ /* Append with size of space left for query string + null terminator */
|
|
+ size_t max_append = buflen - len - 1;
|
|
+ strncat(new_path, ri->query_string, max_append);
|
|
}
|
|
+
|
|
mg_send_http_redirect(conn, new_path, 301);
|
|
mg_free(new_path);
|
|
}
|