diff options
| author | Thomas E. Dickey <dickey@invisible-island.net> | 2023-10-17 23:38:48 +0000 |
|---|---|---|
| committer | Thomas E. Dickey <dickey@invisible-island.net> | 2023-10-18 00:09:37 +0000 |
| commit | 26735ba8400464437273b79b24ac6481240e504b (patch) | |
| tree | f90ca89cea971d453ab07ec426d184c7cce015e2 /WWW | |
| parent | b0c270d7f89b80207e5cd514da2b0e5af54670e6 (diff) | |
| download | lynx-snapshots-26735ba8400464437273b79b24ac6481240e504b.tar.gz | |
snapshot of project "lynx", label v2-9-0dev_12i
Diffstat (limited to 'WWW')
| -rw-r--r-- | WWW/Library/Implementation/HTParse.c | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/WWW/Library/Implementation/HTParse.c b/WWW/Library/Implementation/HTParse.c index 2e454418..65d8f296 100644 --- a/WWW/Library/Implementation/HTParse.c +++ b/WWW/Library/Implementation/HTParse.c @@ -1,5 +1,5 @@ /* - * $LynxId: HTParse.c,v 1.98 2021/07/27 21:29:49 tom Exp $ + * $LynxId: HTParse.c,v 1.100 2023/10/17 23:38:48 tom Exp $ * * Parse HyperText Document Address HTParse.c * ================================ @@ -417,12 +417,13 @@ char *HTParse(const char *aName, len1 = strlen(aName) + 1; len2 = strlen(relatedName) + 1; len = len1 + len2 + MIN_PARSE; /* Lots of space: more than enough */ - need = (len * 2 + len1 + len2); - if (need > (size_t) max_uri_size || - (int) need < (int) len1 || - (int) need < (int) len2) + + if ((int) need < (int) len1 || + (int) need < (int) len2) { + CTRACE((tfp, "HTParse: overflow\n")); return StrAllocCopy(return_value, ""); + } result = tail = (char *) LYalloca(need); if (result == NULL) { @@ -794,7 +795,14 @@ char *HTParse(const char *aName, } CTRACE((tfp, "HTParse: result:`%s'\n", result)); - StrAllocCopy(return_value, result); + need = strlen(result); + if (need > (size_t) max_uri_size) { + CTRACE((tfp, "HTParse too-long address (have %ld vs limit %d)\n", + need, max_uri_size)); + StrAllocCopy(return_value, ""); + } else { + StrAllocCopy(return_value, result); + } LYalloca_free(result); /* FIXME: could be optimized using HTParse() internals */ |