diff options
Diffstat (limited to '')
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | src/reqs.c | 7 | ||||
| -rw-r--r-- | src/stats.c | 4 |
3 files changed, 12 insertions, 5 deletions
@@ -1,5 +1,11 @@ 2001-01-15 Robert James Kaes <rjkaes@flarenet.com> + * src/reqs.c (process_method): A potential stack overflow bug fixed. + Though, I do not actually think a stack overflow could have occurred + in this case. Better safe than sorry. + + * src/stats.c (showstats): Another potential heap overflow bug fixed. + * src/utils.c (httperr): A heap overflow bug fixed. 2000-12-07 Robert James Kaes <rjkaes@flarenet.com> @@ -1,4 +1,4 @@ -/* $Id: reqs.c,v 1.10 2000-11-23 04:46:25 rjkaes Exp $ +/* $Id: reqs.c,v 1.11 2001-01-15 17:11:57 rjkaes Exp $ * * This is where all the work in tinyproxy is actually done. Incoming * connections have a new thread created for them. The thread then @@ -170,12 +170,13 @@ static int process_method(struct conn_s *connptr) if (!uri->scheme || strcasecmp(uri->scheme, "http") != 0) { char *error_string; if (uri->scheme) { - error_string = malloc(strlen(uri->scheme) + 64); + int error_string_len = strlen(uri->scheme) + 64; + error_string = malloc(error_string_len); if (!error_string) { log(LOG_CRIT, "Out of Memory!"); return -1; } - sprintf(error_string, + snprintf(error_string, error_string_len, "Invalid scheme (%s). Only HTTP is allowed.", uri->scheme); } else { diff --git a/src/stats.c b/src/stats.c index 4257645..da7054e 100644 --- a/src/stats.c +++ b/src/stats.c @@ -1,4 +1,4 @@ -/* $Id: stats.c,v 1.1 2000-09-12 00:06:09 rjkaes Exp $ +/* $Id: stats.c,v 1.2 2001-01-15 17:11:57 rjkaes Exp $ * * This module handles the statistics for tinyproxy. There are only two * public API functions. The reason for the functions, rather than just a @@ -79,7 +79,7 @@ int showstats(struct conn_s *connptr) } LOCK(); - sprintf(connptr->output_message, msg, + snprintf(connptr->output_message, MAXBUFFSIZE, msg, PACKAGE, VERSION, PACKAGE, VERSION, stats.num_open, stats.num_reqs, |