cryb.to/cryb-to
1
0
Fork 0
mirror of https://github.com/cryb-to/cryb-to.git synced 2024-11-15 02:05:40 +00:00
Code Issues Projects Releases Packages Wiki Activity

Fix buffer over-read in percent_decode().

Browse source 
When decoding a trigram, percent_decode() would correctly increment the input pointer by an extra two characters (three total) but would not decrement the input length by the same amount.  This would result in a buffer over-read when decoding unterminated strings.
This commit is contained in:
Dag-Erling Smørgrav 2016-01-10 23:29:03 +01:00
parent 476374323d
commit c044f2580b
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
lib/enc/cryb_percent.c
View file

@ -92,6 +92,7 @@ percent_decode(const char *in, size_t ilen, char *out, size_t *olen)
if (++len < *olen && out != NULL) if (++len < *olen && out != NULL)
*out++ = unhex(in[1]) << 4 | unhex(in[2]); *out++ = unhex(in[1]) << 4 | unhex(in[2]);
in += 2; in += 2;
ilen -= 2;
} else { } else {
if (*olen > 0 && out != NULL) if (*olen > 0 && out != NULL)
*out = '\0'; *out = '\0';