Mirrors/libwebsockets
1
0
Fork 0
mirror of https://github.com/warmcat/libwebsockets.git synced 2025-03-09 00:00:04 +01:00
Code Issues Releases Wiki Activity

coverity 160167 resource_path set at cmake may overflow buffer

Browse source 
resource_path is configured at cmake time (it's like /usr/share/libwebsockets-test-server)
it's true if you gave a >255 char path there it would blow up.

It's fixed but again not network-accessible.

Signed-off-by: Andy Green <andy@warmcat.com>
This commit is contained in:
Andy Green 2016-04-23 07:40:34 +08:00
parent 1536c5beb6
commit 09490aeb93
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
lwsws/http.c
View file

@ -152,7 +152,8 @@ int callback_http(struct lws *wsi, enum lws_callback_reasons reason, void *user,
if (lws_hdr_total_length(wsi, WSI_TOKEN_POST_URI))
return 0;
strcpy(buf, resource_path);
strncpy(buf, resource_path, sizeof(buf) - 1);
buf[sizeof(buf) - 1] = '\0';
if (strcmp(in, "/")) {
if (*((const char *)in) != '/')
strcat(buf, "/");