From 93b201d23be3167983826da750d7d1fe8c4c5d47 Mon Sep 17 00:00:00 2001
From: Robert James Kaes <rjkaes@users.sourceforge.net>
Date: Mon, 15 Jan 2001 17:11:57 +0000
Subject: Fixed more potential overflow bugs.

---
 ChangeLog   | 6 ++++++
 src/reqs.c  | 7 ++++---
 src/stats.c | 4 ++--
 3 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index f9c5cbe..abcbed7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,11 @@
 2001-01-15  Robert James Kaes  <rjkaes@flarenet.com>
 
+	* src/reqs.c (process_method): A potential stack overflow bug fixed.
+	Though, I do not actually think a stack overflow could have occurred
+	in this case. Better safe than sorry.
+
+	* src/stats.c (showstats): Another potential heap overflow bug fixed.
+
 	* src/utils.c (httperr): A heap overflow bug fixed.
 
 2000-12-07  Robert James Kaes  <rjkaes@flarenet.com>
diff --git a/src/reqs.c b/src/reqs.c
index 01c8ab8..cea4249 100644
--- a/src/reqs.c
+++ b/src/reqs.c
@@ -1,4 +1,4 @@
-/* $Id: reqs.c,v 1.10 2000-11-23 04:46:25 rjkaes Exp $
+/* $Id: reqs.c,v 1.11 2001-01-15 17:11:57 rjkaes Exp $
  *
  * This is where all the work in tinyproxy is actually done. Incoming
  * connections have a new thread created for them. The thread then
@@ -170,12 +170,13 @@ static int process_method(struct conn_s *connptr)
 	if (!uri->scheme || strcasecmp(uri->scheme, "http") != 0) {
 		char *error_string;
 		if (uri->scheme) {
-			error_string = malloc(strlen(uri->scheme) + 64);
+			int error_string_len = strlen(uri->scheme) + 64;
+			error_string = malloc(error_string_len);
 			if (!error_string) {
 				log(LOG_CRIT, "Out of Memory!");
 				return -1;
 			}
-			sprintf(error_string,
+			snprintf(error_string, error_string_len,
 				"Invalid scheme (%s). Only HTTP is allowed.",
 				uri->scheme);
 		} else {
diff --git a/src/stats.c b/src/stats.c
index 4257645..da7054e 100644
--- a/src/stats.c
+++ b/src/stats.c
@@ -1,4 +1,4 @@
-/* $Id: stats.c,v 1.1 2000-09-12 00:06:09 rjkaes Exp $
+/* $Id: stats.c,v 1.2 2001-01-15 17:11:57 rjkaes Exp $
  *
  * This module handles the statistics for tinyproxy. There are only two
  * public API functions. The reason for the functions, rather than just a
@@ -79,7 +79,7 @@ int showstats(struct conn_s *connptr)
 	}
 
 	LOCK();
-	sprintf(connptr->output_message, msg,
+	snprintf(connptr->output_message, MAXBUFFSIZE, msg,
 		PACKAGE, VERSION, PACKAGE, VERSION,
 		stats.num_open,
 		stats.num_reqs,
-- 
cgit v1.2.3