Fix remote buffer overflow in search.cgi arguments

author: Andrey A. Chernov <ache@FreeBSD.org> 2001-04-20 08:48:51 +0000
committer: Andrey A. Chernov <ache@FreeBSD.org> 2001-04-20 08:48:51 +0000
commit: 68c3bfdbb2b4363e3c6c009a7704c130c8736cf2 (patch)
tree: a2cf98ae5188da36790b3c52fb9f6397ed7a2c84 /www/mnogosearch/files/patch-ac
parent: Default to KNF. (diff)
1 files changed, 25 insertions, 0 deletions
diff --git a/www/mnogosearch/files/patch-ac b/www/mnogosearch/files/patch-ac
new file mode 100644
index 000000000000..68f8816a275e
--- /dev/null
+++ b/www/mnogosearch/files/patch-ac
@@ -0,0 +1,25 @@
+--- src/search.c.old	Wed Feb 28 15:28:10 2001
++++ src/search.c	Thu Apr 19 18:02:10 2001
+@@ -1269,7 +1269,8 @@
+ 		strcpy(template,env);
+ 
+ 	if((env=getenv("QUERY_STRING"))){
+-		strcpy(query_string,env);
++		strncpy(query_string,env,UDMSTRSIZ-1);
++		query_string[UDMSTRSIZ-1] = '\0';
+ 		if((env=getenv("REDIRECT_STATUS"))){
+ 
+ 			/* Check Apache internal redirect  */
+@@ -1316,8 +1317,10 @@
+ 		/* or under server which do not   */
+ 		/* pass an empty QUERY_STRING var */
+ 
+-		if(argv[1])
+-			sprintf(query_string,"q=%s",argv[1]);
++		if(argv[1]) {
++			strcpy(query_string, "q=");
++			strncat(query_string, argv[1], UDMSTRSIZ-1-2);
++		}
+ 		if(!template[0])
+ 			sprintf(template,"%s/%s", UDM_CONF_DIR,"search.htm");
+ 	}
author	Andrey A. Chernov <ache@FreeBSD.org>	2001-04-20 08:48:51 +0000
committer	Andrey A. Chernov <ache@FreeBSD.org>	2001-04-20 08:48:51 +0000
commit	68c3bfdbb2b4363e3c6c009a7704c130c8736cf2 (patch)
tree	a2cf98ae5188da36790b3c52fb9f6397ed7a2c84 /www/mnogosearch/files/patch-ac
parent	Default to KNF. (diff)