From 75c3fc2e8a8a63db0b31d4084cd199b6a44d73c7 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sun, 17 Oct 2010 20:12:54 +0300 Subject: [PATCH] WPS: Cleaned up URL parser not to modify const buffer There is no need to use '\0' termination here in string parsing, so we may as well clean this up to follow the const declaration. --- src/wps/wps_upnp.c | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/src/wps/wps_upnp.c b/src/wps/wps_upnp.c index 9108caa84..4825d2a96 100644 --- a/src/wps/wps_upnp.c +++ b/src/wps/wps_upnp.c @@ -3,7 +3,7 @@ * Copyright (c) 2000-2003 Intel Corporation * Copyright (c) 2006-2007 Sony Corporation * Copyright (c) 2008-2009 Atheros Communications - * Copyright (c) 2009, Jouni Malinen + * Copyright (c) 2009-2010, Jouni Malinen * * See below for more details on licensing and code history. */ @@ -293,7 +293,8 @@ static void subscr_addr_free_all(struct subscription *s) /* subscr_addr_add_url -- add address(es) for one url to subscription */ -static void subscr_addr_add_url(struct subscription *s, const char *url) +static void subscr_addr_add_url(struct subscription *s, const char *url, + size_t url_len) { int alloc_len; char *scratch_mem = NULL; @@ -309,17 +310,19 @@ static void subscr_addr_add_url(struct subscription *s, const char *url) int rerr; /* url MUST begin with http: */ - if (os_strncasecmp(url, "http://", 7)) + if (url_len < 7 || os_strncasecmp(url, "http://", 7)) goto fail; url += 7; + url_len -= 7; /* allocate memory for the extra stuff we need */ - alloc_len = (2 * (os_strlen(url) + 1)); + alloc_len = 2 * (url_len + 1); scratch_mem = os_zalloc(alloc_len); if (scratch_mem == NULL) goto fail; mem = scratch_mem; - strcpy(mem, url); + os_strncpy(mem, url, url_len); + wpa_printf(MSG_DEBUG, "WPS UPnP: Adding URL '%s'", mem); domain_and_port = mem; mem += 1 + os_strlen(mem); delim = os_strchr(domain_and_port, '/'); @@ -331,7 +334,7 @@ static void subscr_addr_add_url(struct subscription *s, const char *url) } domain = mem; strcpy(domain, domain_and_port); - delim = strchr(domain, ':'); + delim = os_strchr(domain, ':'); if (delim) { *delim++ = 0; /* null terminate domain */ if (isdigit(*delim)) @@ -386,7 +389,7 @@ static void subscr_addr_add_url(struct subscription *s, const char *url) if (path[0] != '/') *mem++ = '/'; strcpy(mem, path); - mem += 1 + strlen(mem); + mem += 1 + os_strlen(mem); os_memcpy(&a->saddr, rp->ai_addr, sizeof(a->saddr)); a->saddr.sin_port = htons(port); @@ -406,7 +409,8 @@ fail: static void subscr_addr_list_create(struct subscription *s, const char *url_list) { - char *end; + const char *end; + wpa_printf(MSG_DEBUG, "WPS UPnP: Parsing URL list '%s'", url_list); for (;;) { while (*url_list == ' ' || *url_list == '\t') url_list++; @@ -416,9 +420,8 @@ static void subscr_addr_list_create(struct subscription *s, end = os_strchr(url_list, '>'); if (end == NULL) break; - *end++ = 0; - subscr_addr_add_url(s, url_list); - url_list = end; + subscr_addr_add_url(s, url_list, end - url_list); + url_list = end + 1; } }