[libsoup] Fix out-of-bounds read in URI parsing
- From: Dan Winship <danw src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [libsoup] Fix out-of-bounds read in URI parsing
- Date: Mon, 7 Aug 2017 14:00:47 +0000 (UTC)
commit 7aa41c2f6b2b159a2503cf02dc203cbf1493c4b7
Author: Dan Winship <danw gnome org>
Date: Mon Aug 7 09:59:49 2017 -0400
Fix out-of-bounds read in URI parsing
https://bugzilla.gnome.org/show_bug.cgi?id=785042
libsoup/soup-uri.c | 2 +-
tests/uri-parsing.c | 6 +++++-
2 files changed, 6 insertions(+), 2 deletions(-)
---
diff --git a/libsoup/soup-uri.c b/libsoup/soup-uri.c
index 3eafd87..32ade29 100644
--- a/libsoup/soup-uri.c
+++ b/libsoup/soup-uri.c
@@ -453,7 +453,7 @@ soup_uri_new_with_base (SoupURI *base, const char *uri_string)
}
/* Remove "<segment>/.." at end where <segment> != ".." */
q = strrchr (uri->path, '/');
- if (q && !strcmp (q, "/..")) {
+ if (q && q != uri->path && !strcmp (q, "/..")) {
p = q - 1;
while (p > uri->path && *p != '/')
p--;
diff --git a/tests/uri-parsing.c b/tests/uri-parsing.c
index ba3b129..85f09b9 100644
--- a/tests/uri-parsing.c
+++ b/tests/uri-parsing.c
@@ -151,7 +151,11 @@ static struct {
{ "http://[fe80::dead:beef%25em1]/", "http://[fe80::dead:beef%25em1]/", NULL,
{ "http", NULL, NULL, "fe80::dead:beef%em1", 80, "/", NULL, NULL } },
{ "http://[fe80::dead:beef%10]/", "http://[fe80::dead:beef%2510]/", NULL,
- { "http", NULL, NULL, "fe80::dead:beef%10", 80, "/", NULL, NULL } }
+ { "http", NULL, NULL, "fe80::dead:beef%10", 80, "/", NULL, NULL } },
+
+ /* ".." past top */
+ { "http://example.com/..", "http://example.com/", "785042",
+ { "http", NULL, NULL, "example.com", 80, "/", NULL, NULL } },
};
static int num_abs_tests = G_N_ELEMENTS(abs_tests);
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]