More conservative buffer overflow checking code for

apr_filepath_merge(): fail immediately if the sum of the rootpath and addpath lengths is too long, rather than letting long strings pass through and checking for overflow at multiple points throughout the merge code. git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@63495 13f79535-47bb-0310-9956-ffa450edef68
author: Brian Pane <brianp@apache.org> 2002-06-12 01:42:35 +0000
committer: Brian Pane <brianp@apache.org> 2002-06-12 01:42:35 +0000
commit: a68e56b62c0d4207ed82e21cd4c920f5fc1666de (patch)
tree: a8ae1541186a1ad633d1b0f910923825758bb291 /file_io/unix/filepath.c
parent: 378ea980baa2cd878747d6b72f355d512effb8af (diff)
download: apr-a68e56b62c0d4207ed82e21cd4c920f5fc1666de.tar.gz
apr-a68e56b62c0d4207ed82e21cd4c920f5fc1666de.zip
1 files changed, 1 insertions, 12 deletions
diff --git a/file_io/unix/filepath.c b/file_io/unix/filepath.c
index d84c47694..5ab44cf5b 100644
--- a/file_io/unix/filepath.c
+++ b/file_io/unix/filepath.c
@@ -189,10 +189,7 @@ APR_DECLARE(apr_status_t) apr_filepath_merge(char **newpath,
                                              * root, and at end, plus trailing
                                              * null */
     if (maxlen > APR_PATH_MAX) {
-        if (rootlen >= APR_PATH_MAX) {
-            return APR_ENAMETOOLONG;
-        }
-        maxlen = APR_PATH_MAX;
+        return APR_ENAMETOOLONG;
     }
     path = (char *)apr_palloc(p, maxlen);
 
@@ -223,8 +220,6 @@ APR_DECLARE(apr_status_t) apr_filepath_merge(char **newpath,
         /* Always '/' terminate the given root path
          */
         if (keptlen && path[keptlen - 1] != '/') {
-            if (keptlen + 1 >= maxlen)
-                return APR_ENAMETOOLONG;
             path[keptlen++] = '/';
         }
         pathlen = keptlen;
@@ -271,9 +266,6 @@ APR_DECLARE(apr_status_t) apr_filepath_merge(char **newpath,
 
                 /* Otherwise append another backpath.
                  */
-                if (pathlen + 3 >= maxlen ) {
-                    return APR_ENAMETOOLONG;
-                }
                 memcpy(path + pathlen, "../", 3);
                 pathlen += 3;
             }
@@ -304,9 +296,6 @@ APR_DECLARE(apr_status_t) apr_filepath_merge(char **newpath,
             if (*next) {
                 seglen++;
             }
-            if (pathlen + seglen >= maxlen) {
-                return APR_ENAMETOOLONG;
-            }
             memcpy(path + pathlen, addpath, seglen);
             pathlen += seglen;
         }
author	Brian Pane <brianp@apache.org>	2002-06-12 01:42:35 +0000
committer	Brian Pane <brianp@apache.org>	2002-06-12 01:42:35 +0000
commit	a68e56b62c0d4207ed82e21cd4c920f5fc1666de (patch)
tree	a8ae1541186a1ad633d1b0f910923825758bb291 /file_io/unix/filepath.c
parent	378ea980baa2cd878747d6b72f355d512effb8af (diff)
download	apr-a68e56b62c0d4207ed82e21cd4c920f5fc1666de.tar.gz apr-a68e56b62c0d4207ed82e21cd4c920f5fc1666de.zip