Rob,
If we do it like that, aren't we whacking the last character of content?
What do you think of this:
if (strlen(postdata) > 0) {
this->postdata = xmalloc(this->postlen + 1);
memset(this->postdata, '\0', this->postlen +1);
memcpy(this->postdata, postdata, this->postlen);
}
On Mon, Jul 6, 2015 at 9:59 PM, Rob Browning <r...@defaultvalue.org> wrote:
> Package: siege
> Version: 3.0.8-1
> Forwarded: Jeffrey Fulmer <j...@joedog.org>
>
> Fix a potential segfault in url_set_postdata by including a byte for
> the null terminator when allocating the result, and switch to xmalloc
> to catch allocation failures.
>
> ---
>
> The psuedo-headers above are just for the Debian bug tracker, and can
> of course be removed. In any case, hope this helps.
>
> src/url.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/src/url.c b/src/url.c
> index 191ba55..98f09a3 100644
> --- a/src/url.c
> +++ b/src/url.c
> @@ -182,7 +182,7 @@ url_set_postdata(URL this, char *postdata, size_t
> postlen)
> this->postlen = postlen;
>
> if (strlen(postdata) > 0) {
> - this->postdata = malloc(this->postlen);
> + this->postdata = xmalloc(this->postlen + 1);
> memcpy(this->postdata, postdata, this->postlen);
> this->postdata[this->postlen] = 0;
> }
> --
> 2.1.4
>
>
