http-backend: Fix access beyond end of string.

author Tarmigan Casebolt <tarmigan+git@gmail.com>

Sat, 14 Nov 2009 21:10:57 +0000 (13:10 -0800)

committer Junio C Hamano <gitster@pobox.com>

Mon, 16 Nov 2009 06:14:51 +0000 (22:14 -0800)
author Tarmigan Casebolt <tarmigan+git@gmail.com>
Sat, 14 Nov 2009 21:10:57 +0000 (13:10 -0800)
committer Junio C Hamano <gitster@pobox.com>
Mon, 16 Nov 2009 06:14:51 +0000 (22:14 -0800)
diff --git a/http-backend.c b/http-backend.c

index 7f48406d6dd8a3b67ade9a6b532a8c5764d61504..8e08f057dd6536b06d1ee017e4733ad1585e782e 100644 (file)
--- a/http-backend.c
+++ b/http-backend.c
@@ -615,7 +615,7 @@ int main(int argc, char **argv)
                 if (regcomp(&re, c->pattern, REG_EXTENDED))
                         die("Bogus regex in service table: %s", c->pattern);
                 if (!regexec(&re, dir, 1, out, 0)) {
-                       size_t n = out[0].rm_eo - out[0].rm_so;
+                       size_t n;
  
                         if (strcmp(method, c->method)) {
                                 const char *proto = getenv("SERVER_PROTOCOL");
@@ -629,9 +629,10 @@ int main(int argc, char **argv)
                         }
  
                         cmd = c;
+                       n = out[0].rm_eo - out[0].rm_so;
                         cmd_arg = xmalloc(n);
-                       strncpy(cmd_arg, dir + out[0].rm_so + 1, n);
-                       cmd_arg[n] = '\0';
+                       memcpy(cmd_arg, dir + out[0].rm_so + 1, n-1);
+                       cmd_arg[n-1] = '\0';
                         dir[out[0].rm_so] = 0;
                         break;
                 }
author	Tarmigan Casebolt <tarmigan+git@gmail.com>
	Sat, 14 Nov 2009 21:10:57 +0000 (13:10 -0800)
committer	Junio C Hamano <gitster@pobox.com>
	Mon, 16 Nov 2009 06:14:51 +0000 (22:14 -0800)