Rainer, On 10/25/2011 3:37 PM, Rainer Jung wrote: > On 25.10.2011 20:07, Christopher Schultz wrote: >> Rainer, >> >> On 10/23/2011 12:19 PM, rj...@apache.org wrote: >>> +static const char *find_path_in_uri(const char *uri, const char >>> *path) +{ + size_t len = strlen(path); + while (uri = >>> strchr(uri, '/')) { + uri++; + if (!strncmp(uri, >>> path, len) && + (*(uri + len) == '/' || + >>> strlen(uri) == len)) { + return uri; + } + >>> } >> >> Also, 'len' is never updated in the loop, so the call to strncmp >> could potentially cause a SIGSEGV -- but only in the cases where >> something truly nefarious is going on, anyway. > > Hmmm, I don't get that: path isn't changed, strncmp() will never > compare beyond terminating '0', and uri+len must be inside uri if > length of path is len, and uri and path coincide for len chars.
Yeah, I'm re-thinking my assertion: the code is probably safe. On the other hand, why bother using strNcmp instead of just strcmp given that you are trusting 'path' to be clean already. I guess there's no reason NOT to use strNcmp when you have a choice. > Of course *(uri+len) could be '0', but that's OK. Also nevermind about the // : strchr returns a pointer, not an index. :( -chris
signature.asc
Description: OpenPGP digital signature