[axel-commits] r54 - /branches/2.x/CHANGES /branches/2.x/axel.h /branches/2.x/http.c /trunk/CHANGES /trunk/axel.h /trunk/http.c

phihag-guest at users.alioth.debian.org phihag-guest at users.alioth.debian.org
Mon Oct 13 21:06:40 UTC 2008


Author: phihag-guest
Date: Mon Oct 13 21:06:39 2008
New Revision: 54

URL: http://svn.debian.org/wsvn/axel/?sc=1&rev=54
Log:
Fix buffer overflow in http.c (Closes: #311178)

Modified:
    branches/2.x/CHANGES
    branches/2.x/axel.h
    branches/2.x/http.c
    trunk/CHANGES
    trunk/axel.h
    trunk/http.c

Modified: branches/2.x/CHANGES
URL: http://svn.debian.org/wsvn/axel/branches/2.x/CHANGES?rev=54&op=diff
==============================================================================
--- branches/2.x/CHANGES (original)
+++ branches/2.x/CHANGES Mon Oct 13 21:06:39 2008
@@ -1,3 +1,7 @@
+Version 2.2:
+
+- Fix a buffer overflow in http.c:http_encode.
+
 Version 2.1:
 
 - Fix version string.  2.0 still reported 1.1, thanks Ajay R Ramjatan

Modified: branches/2.x/axel.h
URL: http://svn.debian.org/wsvn/axel/branches/2.x/axel.h?rev=54&op=diff
==============================================================================
--- branches/2.x/axel.h (original)
+++ branches/2.x/axel.h Mon Oct 13 21:06:39 2008
@@ -67,7 +67,7 @@
 #define MAX_STRING		1024
 #define MAX_ADD_HEADERS	10
 #define MAX_REDIR		5
-#define AXEL_VERSION_STRING	"2.1"
+#define AXEL_VERSION_STRING	"2.2"
 #define USER_AGENT		"Axel " AXEL_VERSION_STRING " (" ARCH ")"
 
 typedef struct

Modified: branches/2.x/http.c
URL: http://svn.debian.org/wsvn/axel/branches/2.x/http.c?rev=54&op=diff
==============================================================================
--- branches/2.x/http.c (original)
+++ branches/2.x/http.c Mon Oct 13 21:06:39 2008
@@ -236,9 +236,19 @@
 	
 	for( i = j = 0; s[i]; i ++, j ++ )
 	{
+		/* Fix buffer overflow */
+		if (j >= MAX_STRING - 1) {
+			break;
+		}
+		
 		t[j] = s[i];
 		if( s[i] == ' ' )
 		{
+			/* Fix buffer overflow */
+			if (j >= MAX_STRING - 3) {
+				break;
+			}
+			
 			strcpy( t + j, "%20" );
 			j += 2;
 		}

Modified: trunk/CHANGES
URL: http://svn.debian.org/wsvn/axel/trunk/CHANGES?rev=54&op=diff
==============================================================================
--- trunk/CHANGES (original)
+++ trunk/CHANGES Mon Oct 13 21:06:39 2008
@@ -1,3 +1,7 @@
+Version 2.2:
+
+- Fix a buffer overflow in http.c:http_encode.
+
 Version 2.1:
 
 - Fix version string.  2.0 still reported 1.1, thanks Ajay R Ramjatan

Modified: trunk/axel.h
URL: http://svn.debian.org/wsvn/axel/trunk/axel.h?rev=54&op=diff
==============================================================================
--- trunk/axel.h (original)
+++ trunk/axel.h Mon Oct 13 21:06:39 2008
@@ -67,7 +67,7 @@
 #define MAX_STRING		1024
 #define MAX_ADD_HEADERS	10
 #define MAX_REDIR		5
-#define AXEL_VERSION_STRING	"2.1"
+#define AXEL_VERSION_STRING	"2.99.0"
 #define DEFAULT_USER_AGENT	"Axel " AXEL_VERSION_STRING " (" ARCH ")"
 
 typedef struct

Modified: trunk/http.c
URL: http://svn.debian.org/wsvn/axel/trunk/http.c?rev=54&op=diff
==============================================================================
--- trunk/http.c (original)
+++ trunk/http.c Mon Oct 13 21:06:39 2008
@@ -235,9 +235,19 @@
 	
 	for( i = j = 0; s[i]; i ++, j ++ )
 	{
+		/* Fix buffer overflow */
+		if (j >= MAX_STRING - 1) {
+			break;
+		}
+		
 		t[j] = s[i];
 		if( s[i] == ' ' )
 		{
+			/* Fix buffer overflow */
+			if (j >= MAX_STRING - 3) {
+				break;
+			}
+			
 			strcpy( t + j, "%20" );
 			j += 2;
 		}




More information about the axel-commits mailing list