Fix likely stack buffer overflow

author Rémi Denis-Courmont <rem@videolan.org>

Sat, 29 Apr 2006 15:34:09 +0000 (15:34 +0000)

committer Rémi Denis-Courmont <rem@videolan.org>

Sat, 29 Apr 2006 15:34:09 +0000 (15:34 +0000)
author Rémi Denis-Courmont <rem@videolan.org>
Sat, 29 Apr 2006 15:34:09 +0000 (15:34 +0000)
committer Rémi Denis-Courmont <rem@videolan.org>
Sat, 29 Apr 2006 15:34:09 +0000 (15:34 +0000)
diff --git a/modules/control/http/mvar.c b/modules/control/http/mvar.c

index 145819ea71d4d376928679bd8e5108a5d58bfac6..aff3b6316291833b3206b3c00762e320f8766b07 100644 (file)
--- a/modules/control/http/mvar.c
+++ b/modules/control/http/mvar.c
@@ -126,26 +126,18 @@ void E_(mvar_RemoveVar)( mvar_t *v, mvar_t *f )
  
  mvar_t *E_(mvar_GetVar)( mvar_t *s, const char *name )
  {
-    int i;
-    char base[512], *field, *p;
-    int  i_index;
-
      /* format: name[index].field */
-
-    field = strchr( name, '.' );
-    if( field )
-    {
-        int i = field - name;
-        strncpy( base, name, i );
-        base[i] = '\0';
+    char *field = strchr( name, '.' );
+    int i = 1 + (field != NULL) ? (field - name) : strlen( name );
+    char base[i];
+    char *p;
+    int i_index;
+
+    strlcpy( base, name, i );
+    if( field != NULL )
          field++;
-    }
-    else
-    {
-        strcpy( base, name );
-    }
  
-    if( ( p = strchr( base, '[' ) ) )
+    if( ( p = strchr( base, '[' ) ) != NULL )
      {
          *p++ = '\0';
          sscanf( p, "%d]", &i_index );
author	Rémi Denis-Courmont <rem@videolan.org>
	Sat, 29 Apr 2006 15:34:09 +0000 (15:34 +0000)
committer	Rémi Denis-Courmont <rem@videolan.org>
	Sat, 29 Apr 2006 15:34:09 +0000 (15:34 +0000)