From: Martin Schanzenbach <mschanzenbach@posteo.de>
Date: Fri, 13 Jul 2012 22:20:58 +0000 (+0000)
Subject: -fix bo
X-Git-Tag: initial-import-from-subversion-38251~12507
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=7b41c0d38839006fafa1e691afc740b2b6088dc0;p=oweals%2Fgnunet.git

-fix bo
---

diff --git a/src/gns/gnunet-gns-proxy.c b/src/gns/gnunet-gns-proxy.c
index 080b27c27..d14e8f872 100644
--- a/src/gns/gnunet-gns-proxy.c
+++ b/src/gns/gnunet-gns-proxy.c
@@ -36,6 +36,7 @@
 
 #define GNUNET_GNS_PROXY_PORT 7777
 #define MHD_MAX_CONNECTIONS 300
+#define MAX_HTTP_URI_LENGTH 2048
 
 /* MHD/cURL defines */
 #define BUF_WAIT_FOR_CURL 0
@@ -200,7 +201,7 @@ struct ProxyCurlTask
   long curl_response_code;
 
   /* The URL to fetch */
-  char url[2048];
+  char url[MAX_HTTP_URI_LENGTH];
 
   /* The cURL write buffer / MHD read buffer */
   char buffer[CURL_MAX_WRITE_SIZE + CURL_BUF_PADDING];
@@ -421,7 +422,9 @@ get_uri_val_iter (void *cls,
                   const char *value)
 {
   char* buf = cls;
-
+  
+  if (strlen (buf) + strlen (value) + 3 > MAX_HTTP_URI_LENGTH)
+    return MHD_NO;
   sprintf (buf+strlen (buf), "?%s=%s", key, value);
 
   return MHD_YES;
@@ -1510,7 +1513,7 @@ create_response (void *cls,
   const char* page = "<html><head><title>gnoxy</title>"\
                       "</head><body>cURL fail</body></html>";
   
-  char curlurl[512]; // buffer overflow!
+  char curlurl[MAX_HTTP_URI_LENGTH]; // buffer overflow!
   int ret = MHD_YES;
 
   struct ProxyCurlTask *ctask;