commit 1fb3c013ff274639edec8afb04ff7f6eb0540a8e
parent 3359be363f84cdbc61f237185602d0cf730ee778
Author: Joris Vink <joris@coders.se>
Date: Thu, 26 Sep 2013 16:49:44 +0200
Use kore_mem_find() in kore_buf_replace_string(), fixes certain crashes
that could occur when calling kore_buf_replace_string() with patterns
that would be found at the end or start of the buffer.
Diffstat:
2 files changed, 4 insertions(+), 5 deletions(-)
diff --git a/includes/kore.h b/includes/kore.h
@@ -358,8 +358,7 @@ u_int8_t *kore_buf_release(struct kore_buf *, u_int32_t *);
void kore_buf_appendf(struct kore_buf *, const char *, ...);
void kore_buf_appendv(struct kore_buf *, struct buf_vec *, u_int16_t);
void kore_buf_appendb(struct kore_buf *, struct kore_buf *);
-void kore_buf_replace_string(struct kore_buf *, const char *,
- void *, size_t);
+void kore_buf_replace_string(struct kore_buf *, char *, void *, size_t);
struct spdy_header_block *spdy_header_block_create(int);
struct spdy_stream *spdy_stream_lookup(struct connection *, u_int32_t);
diff --git a/src/buf.c b/src/buf.c
@@ -98,8 +98,7 @@ kore_buf_free(struct kore_buf *buf)
}
void
-kore_buf_replace_string(struct kore_buf *b, const char *src,
- void *dst, size_t len)
+kore_buf_replace_string(struct kore_buf *b, char *src, void *dst, size_t len)
{
u_int32_t blen, off, off2;
size_t nlen, klen;
@@ -112,7 +111,8 @@ kore_buf_replace_string(struct kore_buf *b, const char *src,
nlen = blen + len;
p = (char *)b->data;
- if ((key = strstr((p + off), src)) == NULL)
+ key = kore_mem_find(p + off, b->offset - off, src, klen);
+ if (key == NULL)
break;
end = key + klen;
