diff options
author | John Mark Bell <jmb@netsurf-browser.org> | 2007-03-23 22:39:10 +0000 |
---|---|---|
committer | John Mark Bell <jmb@netsurf-browser.org> | 2007-03-23 22:39:10 +0000 |
commit | 91cfb115927f43fa6dc90ae9c4abdb0ed767ccb7 (patch) | |
tree | 04a67df41b783863d78a2f3d2ee099a68aff70c9 /content | |
parent | 64b229d0d6fb3ab4c650fb4bc27618104e79f10c (diff) | |
download | netsurf-91cfb115927f43fa6dc90ae9c4abdb0ed767ccb7.tar.gz netsurf-91cfb115927f43fa6dc90ae9c4abdb0ed767ccb7.tar.bz2 |
Fix crash on WWW-Authenticate header with no realm (1686714)
svn path=/trunk/netsurf/; revision=3216
Diffstat (limited to 'content')
-rw-r--r-- | content/fetch.c | 25 |
1 files changed, 14 insertions, 11 deletions
diff --git a/content/fetch.c b/content/fetch.c index ddffef93a..dda6e2923 100644 --- a/content/fetch.c +++ b/content/fetch.c @@ -1167,21 +1167,24 @@ size_t fetch_curl_header(char *data, size_t size, size_t nmemb, } SKIP_ST(17); - while (i < (int) size && strncasecmp(data + i, "realm", 5)) + while (i < (int) size - 5 && + strncasecmp(data + i, "realm", 5)) i++; - while (i < (int)size && data[++i] != '"') + while (i < (int) size - 1 && data[++i] != '"') /* */; i++; - strncpy(f->realm, data + i, size - i); - f->realm[size - i] = '\0'; - for (i = size - i - 1; i >= 0 && - (f->realm[i] == ' ' || - f->realm[i] == '"' || - f->realm[i] == '\t' || - f->realm[i] == '\r' || - f->realm[i] == '\n'); --i) - f->realm[i] = '\0'; + if (i < (int) size) { + strncpy(f->realm, data + i, size - i); + f->realm[size - i] = '\0'; + for (i = size - i - 1; i >= 0 && + (f->realm[i] == ' ' || + f->realm[i] == '"' || + f->realm[i] == '\t' || + f->realm[i] == '\r' || + f->realm[i] == '\n'); --i) + f->realm[i] = '\0'; + } #endif } else if (5 < size && strncasecmp(data, "Date:", 5) == 0) { /* extract Date header */ |