Eric Depagne (Eric.Depagne@obspm.fr) wrote:
>Looking at the archive, I read that there were new versions than 1.1.0.
The original version 1.1.0 for Unix was perfect. =:-)
The Windows-aware ports had a few small increments up to 1.1.3. The
differences were some user interface issues, small speed improvements...
Actually the following two minor changes were made in the Unix source:
1.
Changed:
fprintf(f, "Content-length: %d\r\n", strlen(payload));
to:
fprintf(f, "Content-length: %lu\r\n", (unsigned long)strlen(payload));
2.
Added a check just before the memcpy() at the very end, based on a
suggestion by Wil Harris of Redhat:
if ( entry->h_length < 0
|| (size_t)entry->h_length > sizeof(http_addr.sin_addr.s_addr)
) {
puts("Error: address buffer overflow!");
return -1;
} /* end if */
It is conceivable that a malicious intruder who has already taken over
chunks of your network could make use of a bogus length field here.
If you're paranoid, insert this check.
Bye,
Rob.
This archive was generated by hypermail 2b29 : Wed Jan 26 2000 - 18:41:15 MET