Munge /r and /n in HTTP_HttpSendRequestA
Rolf Kalbermatter
rolf.kalbermatter at citeng.com
Mon Mar 15 00:58:47 CST 2004
Uwe Bonnes <bon at elektron.ikp.physik.tu-darmstadt.de> wrote:
>This makes Xilinx webupdate.exe see the Servicepack
>
>+ else
>+ /* remove \r and \n*/
>+ {
>+ int nLen = strlen(lpwhr->lpszPath);
>+ while ((lpwhr->lpszPath[nLen-1] == '\r')||(lpwhr->lpszPath[nLen-1] == '\n'))
>+ {
>+ nLen--;
>+ lpwhr->lpszPath[nLen]='\0';
>+ }
Mmmh, what happens if the passed in path would only exist of \r\n? A for or while loop
without a guaranteed termination condition always seems suspect to me. I guess this
would crash with an access violation, and most probably overwrite a few bytes of memory
with 0 before that happens. Not good I think although I think it couldn't be effectively
exploited as buffer overrun!
while (nLen > 0 && ((lpwhr->lpszPath[nLen-1] == '\r') || (lpwhr->lpszPath[nLen-1] == '\n')))
might be the better solution. Though I still wonder about the [nLen-1] in above term.
It seems [nLen] instead would be actually the right thing to do here which would make it
while (nLen >= 0 && ((lpwhr->lpszPath[nLen] == '\r') || (lpwhr->lpszPath[nLen] == '\n')))
Rolf Kalbermatter
More information about the wine-devel
mailing list