bbs/deb-goldedplus
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixed buffer overflow bug in LocationAlias matching

Browse Source
This commit is contained in:
Ianos Gnatiuc
2005-10-15 19:50:53 +00:00
parent a3f734d634
commit 1d7bbd47f8
2 changed files with 10 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
golded3/genode.cpp
View File

@@ -30,10 +30,6 @@
#include <gftnnlge.h>
#include <gftnnlv7.h>
#if defined(__USE_ALLOCA__)
#include <malloc.h>
#endif
// ------------------------------------------------------------------
@@ -1145,11 +1141,7 @@ void LookupNodeLocation(GMsg* msg, std::string &location, int what)
if (strbag.First())
{
#if defined(__USE_ALLOCA__)
char *city_upr = (char*)alloca(city.length()+1);
#else
__extension__ char city_upr[city.length()+1];
#endif
char *city_upr = (char*)throw_malloc(city.length()+1);
strcpy(city_upr, city.c_str());
strupr(city_upr);
@@ -1161,10 +1153,14 @@ void LookupNodeLocation(GMsg* msg, std::string &location, int what)
{
size_t len = strlen(str);
city.replace(ptr-city_upr, len, strbag.Current2());
memset(ptr, -1, len);
city_upr = (char*)throw_realloc(city_upr, city.length()+1);
strcpy(city_upr, city.c_str());
strupr(city_upr);
}
}
while (strbag.Next());
free(city_upr);
}
item.loc = location = city;