about summary refs log tree commit diff stats
diff options
context:
space:
mode:
authorLars Hjemli2007-12-03 00:39:20 +0100
committerLars Hjemli2007-12-03 00:39:20 +0100
commit2216fd6472fe183439df1a39c1c06974abc3f150 (patch)
tree063180038252f9a7116bed384aab20717e4990e4
parentDefault repo description to "[no description]" (diff)
downloadcgit-2216fd6472fe183439df1a39c1c06974abc3f150.tar.gz
cgit-2216fd6472fe183439df1a39c1c06974abc3f150.zip
Compare string lengths when parsing the snapshot mask
We used to rely on the result from strncmp() without comparing the length of
the strings involved. Even worse, any single-character format specifier would
enable zip-format due to the optional '.'-prefix since the length of the
mask then would become zero.

Noticed-by: Evan Martin <sys@neugierig.org>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
-rw-r--r--ui-snapshot.c7
1 files changed, 4 insertions, 3 deletions
diff --git a/ui-snapshot.c b/ui-snapshot.c index 4d1aa88..dfedd8f 100644 --- a/ui-snapshot.c +++ b/ui-snapshot.c
@@ -130,7 +130,7 @@ int cgit_parse_snapshots_mask(const char *str)
130{ 130{
131 const struct snapshot_archive_t* sat; 131 const struct snapshot_archive_t* sat;
132 static const char *delim = " \t,:/|;"; 132 static const char *delim = " \t,:/|;";
133 int f, tl, rv = 0; 133 int f, tl, sl, rv = 0;
134 134
135 /* favor legacy setting */ 135 /* favor legacy setting */
136 if(atoi(str)) 136 if(atoi(str))
@@ -142,8 +142,9 @@ int cgit_parse_snapshots_mask(const char *str)
142 break; 142 break;
143 for(f=0; f<snapshot_archives_len; f++) { 143 for(f=0; f<snapshot_archives_len; f++) {
144 sat = &snapshot_archives[f]; 144 sat = &snapshot_archives[f];
145 if(!(strncmp(sat->suffix, str, tl) && 145 sl = strlen(sat->suffix);
146 strncmp(sat->suffix+1, str, tl-1))) { 146 if((tl == sl && !strncmp(sat->suffix, str, tl)) ||
147 (tl == sl-1 && !strncmp(sat->suffix+1, str, tl-1))) {
147 rv |= sat->bit; 148 rv |= sat->bit;
148 break; 149 break;
149 } 150 }