54 lines
2.2 KiB
Diff
54 lines
2.2 KiB
Diff
Backported of:
|
|
|
|
From c1bee7319a8b9e0d38f1988d70dc4fa5c52b83d1 Mon Sep 17 00:00:00 2001
|
|
From: Kevin Backhouse <kev@semmle.com>
|
|
Date: Tue, 30 Apr 2019 11:15:06 +0100
|
|
Subject: [PATCH] Avoid null pointer exception due to NULL return value from
|
|
strchr.
|
|
|
|
This fixes #793.
|
|
diff --git a/src/http.cpp b/src/http.cpp
|
|
index b8a429b..9c76f99 100644
|
|
--- a/src/http.cpp
|
|
+++ b/src/http.cpp
|
|
@@ -339,10 +339,14 @@ int Exiv2::http(dict_t& request,dict_t& response,std::string& errors)
|
|
|
|
// search for the body
|
|
for ( size_t b = 0 ; bSearching && b < lengthof(blankLines) ; b++ ) {
|
|
- if ( strstr(buffer,blankLines[b]) ) {
|
|
+ const char* blankLinePos = strstr(buffer,blankLines[b]);
|
|
+ if ( blankLinePos ) {
|
|
bSearching = false ;
|
|
- body = (int) ( strstr(buffer,blankLines[b]) - buffer ) + strlen(blankLines[b]) ;
|
|
- status = atoi(strchr(buffer,' ')) ;
|
|
+ body = blankLinePos - buffer + strlen(blankLines[b]);
|
|
+ const char* firstSpace = strchr(buffer,' ');
|
|
+ if (firstSpace) {
|
|
+ status = atoi(firstSpace);
|
|
+ }
|
|
}
|
|
}
|
|
|
|
@@ -352,9 +356,19 @@ int Exiv2::http(dict_t& request,dict_t& response,std::string& errors)
|
|
char N = '\n';
|
|
int i = 0 ; // initial byte in buffer
|
|
while(buffer[i] == N ) i++;
|
|
- h = strchr(h+i,N)+1;
|
|
+ h = strchr(h+i,N);
|
|
+ if (!h) {
|
|
+ status = 0;
|
|
+ break;
|
|
+ }
|
|
+ h++;
|
|
response[""]=std::string(buffer+i).substr(0,h-buffer-2);
|
|
- result = atoi(strchr(buffer,' '));
|
|
+ const char* firstSpace = strchr(buffer,' ');
|
|
+ if ( !firstSpace ) {
|
|
+ status = 0;
|
|
+ break;
|
|
+ }
|
|
+ result = atoi(firstSpace);
|
|
char* c = strchr(h,C);
|
|
char* n = strchr(h,N);
|
|
while ( c && n && c < n && h < buffer+body ) {
|