Memory overrun in http-push.c

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Good day!

Spotted the memory overrun in the http-push.c. Exists at least in
1.5.0.x, not sure about latest development branch. The patch is
attached.
-- 
Eygene
--- http-push.c.orig	Wed Feb 28 15:15:01 2007
+++ http-push.c	Wed Feb 28 15:15:21 2007
@@ -1295,7 +1295,7 @@
 	sprintf(url, "%s%s", remote->url, path);
 
 	/* Make sure leading directories exist for the remote ref */
-	ep = strchr(url + strlen(remote->url) + 11, '/');
+	ep = strchr(url + strlen(remote->url) + 1, '/');
 	while (ep) {
 		*ep = 0;
 		slot = get_active_slot();

[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]