b9859

http://www.squid-cache.org/Versions/v3/HEAD/changesets/b9859.patch

I skipped past it on commit, but looking at it for portage I think it's
wrong. The violation should be removed instead of plastered over with a
copy.

The login parse is only needing to perform read operations on the
non-terminated URL.
I think we need to be doing this instead:

=== modified file 'src/ftp.cc'
--- src/ftp.cc 2009-07-26 10:26:37 +0000
+++ src/ftp.cc 2009-07-29 02:49:18 +0000
@@ -539,17 +539,16 @@
     debugs(9, 9, HERE << ": IN : login='" << login << "', escaped=" <<
escaped << ", user=" << user << ", password=" << password);

     if ((s = strchr(login, ':'))) {
- *s = '\0';

         /* if there was a username part */
         if (s > login) {
- xstrncpy(user, login, MAX_URL);
+ xstrncpy(user, login, min((s-login),MAX_URL));
             if (escaped)
                 rfc1738_unescape(user);
         }

OR: min((s-login-1),MAX_URL) if the ':' gets included by that.

Amos
Received on Wed Jul 29 2009 - 02:51:26 MDT