diff options
author | Nathan Angelacos <nangel@alpinelinux.org> | 2014-06-07 18:28:55 +0000 |
---|---|---|
committer | Nathan Angelacos <nangel@alpinelinux.org> | 2014-06-07 18:28:55 +0000 |
commit | a34ea4fe74eed37c3550cb0ead159c85beba7090 (patch) | |
tree | c59aa617f8cd48a001a3ab9b9630000947a903d2 /src/rfc2388.c | |
parent | 403ad382e15ddc1d434c69e6d41992c824c22e09 (diff) | |
download | haserl-a34ea4fe74eed37c3550cb0ead159c85beba7090.tar.bz2 haserl-a34ea4fe74eed37c3550cb0ead159c85beba7090.tar.xz |
Fix vulnerabilites based on email:
[ISE-TPS-2014-008] Heap Overflow Vulnerability in Haserl 0.9.32
Diffstat (limited to 'src/rfc2388.c')
-rw-r--r-- | src/rfc2388.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/src/rfc2388.c b/src/rfc2388.c index 32c21df..600e11b 100644 --- a/src/rfc2388.c +++ b/src/rfc2388.c @@ -137,7 +137,7 @@ mime_tag_add (mime_var_t * obj, char *str) { a += strlen (tag[0]); b = strchr (a, '"'); - if (!obj->name) + if (!obj->name) && ( b ) obj->name = mime_substr (a, b - a); } @@ -146,7 +146,7 @@ mime_tag_add (mime_var_t * obj, char *str) { a += strlen (tag[1]); b = strchr (a, '"'); - if (!obj->filename) + if (!obj->filename) && ( b ) obj->filename = mime_substr (a, b - a); } @@ -399,6 +399,9 @@ rfc2388_handler (list_t * env) buffer_t buf; mime_var_t var; + /* prevent a potential unitialized free() - ISE-TPS-2014-008 */ + var.name = NULL; + /* get the boundary info */ str = getenv ("CONTENT_TYPE"); i = strlen (str) - 9; |