[settings] Handle errors in fetchf_uristring()
fetchf_uristring() was failing to handle error values from fetch_setting(), resulting in its attempting to allocate extremely large temporary buffers on the stack (and so overrunning the stack and locking up the machine). Problem reported by Shao Miller <Shao.Miller@yrdsb.edu.on.ca>.
This commit is contained in:
parent
8e960eb67c
commit
4e6b62c946
|
@ -825,12 +825,15 @@ static int storef_uristring ( struct settings *settings,
|
||||||
static int fetchf_uristring ( struct settings *settings,
|
static int fetchf_uristring ( struct settings *settings,
|
||||||
struct setting *setting,
|
struct setting *setting,
|
||||||
char *buf, size_t len ) {
|
char *buf, size_t len ) {
|
||||||
size_t raw_len;
|
ssize_t raw_len;
|
||||||
|
|
||||||
/* We need to always retrieve the full raw string to know the
|
/* We need to always retrieve the full raw string to know the
|
||||||
* length of the encoded string.
|
* length of the encoded string.
|
||||||
*/
|
*/
|
||||||
raw_len = fetch_setting ( settings, setting, NULL, 0 );
|
raw_len = fetch_setting ( settings, setting, NULL, 0 );
|
||||||
|
if ( raw_len < 0 )
|
||||||
|
return raw_len;
|
||||||
|
|
||||||
{
|
{
|
||||||
char raw_buf[ raw_len + 1 ];
|
char raw_buf[ raw_len + 1 ];
|
||||||
|
|
||||||
|
|
Reference in New Issue