From: Tarmigan Casebolt Date: Sat, 14 Nov 2009 21:10:57 +0000 (-0800) Subject: http-backend: Fix access beyond end of string. X-Git-Tag: v1.6.6-rc0~22^2~1 X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;h=48aec1b1f14578ac7560c8be40890ebf52c91d78;p=git.git http-backend: Fix access beyond end of string. Found with valgrind while looking for Content-Length corruption in smart http. Signed-off-by: Tarmigan Casebolt Signed-off-by: Junio C Hamano --- diff --git a/http-backend.c b/http-backend.c index 7f48406d6..8e08f057d 100644 --- a/http-backend.c +++ b/http-backend.c @@ -615,7 +615,7 @@ int main(int argc, char **argv) if (regcomp(&re, c->pattern, REG_EXTENDED)) die("Bogus regex in service table: %s", c->pattern); if (!regexec(&re, dir, 1, out, 0)) { - size_t n = out[0].rm_eo - out[0].rm_so; + size_t n; if (strcmp(method, c->method)) { const char *proto = getenv("SERVER_PROTOCOL"); @@ -629,9 +629,10 @@ int main(int argc, char **argv) } cmd = c; + n = out[0].rm_eo - out[0].rm_so; cmd_arg = xmalloc(n); - strncpy(cmd_arg, dir + out[0].rm_so + 1, n); - cmd_arg[n] = '\0'; + memcpy(cmd_arg, dir + out[0].rm_so + 1, n-1); + cmd_arg[n-1] = '\0'; dir[out[0].rm_so] = 0; break; }