gnustep/libs-base
0
0
Fork 0
mirror of https://github.com/gnustep/libs-base.git synced 2025-05-29 16:01:38 +00:00
Code Issues Projects Releases Packages Wiki Activity

Fix buffer overflow bug

Browse source 
git-svn-id: svn+ssh://svn.gna.org/svn/gnustep/libs/base/trunk@24158 72102866-910b-0410-8b05-ffd578937521
This commit is contained in:
Richard Frith-MacDonald 2006-11-25 05:40:19 +00:00
parent 6cdd9fb156
commit 821ceb17b3
3 changed files with 80 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

7
ChangeLog
View file

@ -1,3 +1,10 @@
2006-11-25 Richard Frith-Macdonald <rfm@gnu.org>
* Source/NSCalendarDate.m: Fix buffer oiveflow vulnerability when
parsing string ... really needs major rewrite for better locale
use and full unicode support though.
* Source/GSHTTPURLHandle.m: add a little more debug.
2006-11-21 Richard Frith-Macdonald <rfm@gnu.org>
* Source/NSURL.m:

19
Source/GSHTTPURLHandle.m
View file

@ -1205,6 +1205,10 @@ static void debugWrite(GSHTTPURLHandle *handle, NSData *data)
if (sock != nil)
{
if (debug)
{
NSLog(@"%@ check for reusable socket", NSStringFromSelector(_cmd));
}
/* An existing socket with keepalive may have been closed by the other
* end. The portable way to detect it is to run the runloop once to
* allow us to be sent a notification about end-of-file.
@ -1245,7 +1249,22 @@ static void debugWrite(GSHTTPURLHandle *handle, NSData *data)
DESTROY(sock);
}
}
else
{
DESTROY(sock);
}
#endif
if (debug)
{
if (sock == nil)
{
NSLog(@"%@ socket closed by remote", NSStringFromSelector(_cmd));
}
else
{
NSLog(@"%@ socket is still open", NSStringFromSelector(_cmd));
}
}
}
if (sock == nil)

74
Source/NSCalendarDate.m
View file

@ -654,8 +654,9 @@ static inline int getDigits(const char *from, char *to, int limit, BOOL *error)
unsigned formatLen;
unsigned formatIdx = 0;
unsigned sourceIdx = 0;
char tmpStr[20];
char tmpStr[120];
unsigned int tmpIdx;
unsigned int tmpEnd;
unsigned had = 0;
unsigned int pos;
BOOL hadPercent = NO;
@ -869,7 +870,10 @@ static inline int getDigits(const char *from, char *to, int limit, BOOL *error)
break;
case 'a':
// Are Short names three chars in all locales?????
/* FIXME ... Should look for all values from the locale,
* matching for longest values first, rather than (wrongly)
* assuming a fixed length of three characters.
*/
tmpStr[0] = toupper(source[sourceIdx]);
if (sourceIdx < sourceLen)
sourceIdx++;
@ -910,19 +914,28 @@ static inline int getDigits(const char *from, char *to, int limit, BOOL *error)
break;
case 'A':
for (tmpIdx = sourceIdx; tmpIdx < sourceLen; tmpIdx++)
/* FIXME ... Should look for all values from the locale,
* matching for longest values first, rather than (wrongly)
* assuming the name contains only western letters.
*/
tmpEnd = sizeof(tmpStr) - 1;
if (sourceLen - sourceIdx < tmpEnd)
{
if (isalpha(source[tmpIdx]))
tmpEnd = sourceLen - sourceIdx;
}
for (tmpIdx = 0; tmpIdx < tmpEnd; tmpIdx++)
{
if (isalpha(source[sourceIdx + tmpIdx]))
{
tmpStr[tmpIdx - sourceIdx] = source[tmpIdx];
tmpStr[tmpIdx] = source[sourceIdx + tmpIdx];
}
else
{
break;
}
}
tmpStr[tmpIdx - sourceIdx] = '\0';
sourceIdx += tmpIdx - sourceIdx;
tmpStr[tmpIdx] = '\0';
sourceIdx += tmpIdx;
{
NSString *currDay;
NSArray *dayNames;
@ -953,7 +966,10 @@ static inline int getDigits(const char *from, char *to, int limit, BOOL *error)
break;
case 'b':
// Are Short names three chars in all locales?????
/* FIXME ... Should look for all values from the locale,
* matching for longest values first, rather than (wrongly)
* assuming a fixed length of three characters.
*/
tmpStr[0] = toupper(source[sourceIdx]);
if (sourceIdx < sourceLen)
sourceIdx++;
@ -995,19 +1011,28 @@ static inline int getDigits(const char *from, char *to, int limit, BOOL *error)
break;
case 'B':
for (tmpIdx = sourceIdx; tmpIdx < sourceLen; tmpIdx++)
/* FIXME ... Should look for all values from the locale,
* matching for longest values first, rather than (wrongly)
* assuming the name contains only western letters.
*/
tmpEnd = sizeof(tmpStr) - 1;
if (sourceLen - sourceIdx < tmpEnd)
{
if (isalpha(source[tmpIdx]))
tmpEnd = sourceLen - sourceIdx;
}
for (tmpIdx = 0; tmpIdx < tmpEnd; tmpIdx++)
{
if (isalpha(source[sourceIdx + tmpIdx]))
{
tmpStr[tmpIdx - sourceIdx] = source[tmpIdx];
tmpStr[tmpIdx] = source[sourceIdx + tmpIdx];
}
else
{
break;
}
}
tmpStr[tmpIdx - sourceIdx] = '\0';
sourceIdx += tmpIdx - sourceIdx;
tmpStr[tmpIdx] = '\0';
sourceIdx += tmpIdx;
{
NSString *currMonth;
NSArray *monthNames;
@ -1077,8 +1102,10 @@ static inline int getDigits(const char *from, char *to, int limit, BOOL *error)
break;
case 'p':
// Questionable assumption that all am/pm indicators are 2
// characters and in upper case....
/* FIXME ... Should look for all values from the locale,
* matching for longest values first, rather than (wrongly)
* assuming the name is always two uppercase letters.
*/
tmpStr[0] = toupper(source[sourceIdx]);
if (sourceIdx < sourceLen)
sourceIdx++;
@ -1181,19 +1208,26 @@ static inline int getDigits(const char *from, char *to, int limit, BOOL *error)
break;
case 'Z':
for (tmpIdx = sourceIdx; tmpIdx < sourceLen; tmpIdx++)
/* Can we assume a timezone name is always space terminated?
*/
tmpEnd = sizeof(tmpStr) - 1;
if (sourceLen - sourceIdx < tmpEnd)
{
if (!isspace(source[tmpIdx]))
tmpEnd = sourceLen - sourceIdx;
}
for (tmpIdx = 0; tmpIdx < tmpEnd; tmpIdx++)
{
if (!isspace(source[sourceIdx + tmpIdx]))
{
tmpStr[tmpIdx - sourceIdx] = source[tmpIdx];
tmpStr[tmpIdx] = source[sourceIdx + tmpIdx];
}
else
{
break;
}
}
tmpStr[tmpIdx - sourceIdx] = '\0';
sourceIdx += tmpIdx - sourceIdx;
tmpStr[tmpIdx] = '\0';
sourceIdx += tmpIdx;
{
NSString *z = [NSString stringWithUTF8String: tmpStr];