diff options
| author | Thomas E. Dickey <dickey@invisible-island.net> | 2023-10-17 23:38:48 +0000 |
|---|---|---|
| committer | Thomas E. Dickey <dickey@invisible-island.net> | 2023-10-18 00:09:37 +0000 |
| commit | 26735ba8400464437273b79b24ac6481240e504b (patch) | |
| tree | f90ca89cea971d453ab07ec426d184c7cce015e2 | |
| parent | b0c270d7f89b80207e5cd514da2b0e5af54670e6 (diff) | |
| download | lynx-snapshots-26735ba8400464437273b79b24ac6481240e504b.tar.gz | |
snapshot of project "lynx", label v2-9-0dev_12i
| -rw-r--r-- | CHANGES | 5 | ||||
| -rw-r--r-- | WWW/Library/Implementation/HTParse.c | 20 |
2 files changed, 17 insertions, 8 deletions
diff --git a/CHANGES b/CHANGES index 2a217dca..a77fa4e3 100644 --- a/CHANGES +++ b/CHANGES @@ -1,9 +1,10 @@ --- $LynxId: CHANGES,v 1.1141 2023/10/04 23:50:20 tom Exp $ +-- $LynxId: CHANGES,v 1.1142 2023/10/17 23:31:55 tom Exp $ =============================================================================== Changes since Lynx 2.8 release =============================================================================== -2023-10-02 (2.9.0dev.13) +2023-10-16 (2.9.0dev.13) +* improve check for MAX_URI_SIZE -TD * improve check for UTF-8 character encoding in XML Text Declaration (report by Lennart Jablonka) -TD * fix for decoding utf-8 in CDATA sections (patch by Hiltjo Posthuma) diff --git a/WWW/Library/Implementation/HTParse.c b/WWW/Library/Implementation/HTParse.c index 2e454418..65d8f296 100644 --- a/WWW/Library/Implementation/HTParse.c +++ b/WWW/Library/Implementation/HTParse.c @@ -1,5 +1,5 @@ /* - * $LynxId: HTParse.c,v 1.98 2021/07/27 21:29:49 tom Exp $ + * $LynxId: HTParse.c,v 1.100 2023/10/17 23:38:48 tom Exp $ * * Parse HyperText Document Address HTParse.c * ================================ @@ -417,12 +417,13 @@ char *HTParse(const char *aName, len1 = strlen(aName) + 1; len2 = strlen(relatedName) + 1; len = len1 + len2 + MIN_PARSE; /* Lots of space: more than enough */ - need = (len * 2 + len1 + len2); - if (need > (size_t) max_uri_size || - (int) need < (int) len1 || - (int) need < (int) len2) + + if ((int) need < (int) len1 || + (int) need < (int) len2) { + CTRACE((tfp, "HTParse: overflow\n")); return StrAllocCopy(return_value, ""); + } result = tail = (char *) LYalloca(need); if (result == NULL) { @@ -794,7 +795,14 @@ char *HTParse(const char *aName, } CTRACE((tfp, "HTParse: result:`%s'\n", result)); - StrAllocCopy(return_value, result); + need = strlen(result); + if (need > (size_t) max_uri_size) { + CTRACE((tfp, "HTParse too-long address (have %ld vs limit %d)\n", + need, max_uri_size)); + StrAllocCopy(return_value, ""); + } else { + StrAllocCopy(return_value, result); + } LYalloca_free(result); /* FIXME: could be optimized using HTParse() internals */ |