http-backend: Fix access beyond end of string.

Found with valgrind while looking for Content-Length corruption in smart http. Signed-off-by: Tarmigan Casebolt <tarmigan+git@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
author: Tarmigan Casebolt <tarmigan+git@gmail.com> 2009-11-14 21:10:57 (GMT)
committer: Junio C Hamano <gitster@pobox.com> 2009-11-16 06:14:51 (GMT)
commit: 48aec1b1f14578ac7560c8be40890ebf52c91d78 (patch)
tree: 6dc21f2786a198df8018550756d8018940d72e8d
parent: 4a5328d644b67be7fae1ff360e142d5dee4e63e9 (diff)
download: git-48aec1b1f14578ac7560c8be40890ebf52c91d78.zip
git-48aec1b1f14578ac7560c8be40890ebf52c91d78.tar.gz
git-48aec1b1f14578ac7560c8be40890ebf52c91d78.tar.bz2
1 files changed, 4 insertions, 3 deletions
diff --git a/http-backend.c b/http-backend.c
index 7f48406..8e08f05 100644
--- a/http-backend.c
+++ b/http-backend.c
@@ -615,7 +615,7 @@ int main(int argc, char **argv)
 		if (regcomp(&re, c->pattern, REG_EXTENDED))
 			die("Bogus regex in service table: %s", c->pattern);
 		if (!regexec(&re, dir, 1, out, 0)) {
-			size_t n = out[0].rm_eo - out[0].rm_so;
+			size_t n;
 
 			if (strcmp(method, c->method)) {
 				const char *proto = getenv("SERVER_PROTOCOL");
@@ -629,9 +629,10 @@ int main(int argc, char **argv)
 			}
 
 			cmd = c;
+			n = out[0].rm_eo - out[0].rm_so;
 			cmd_arg = xmalloc(n);
-			strncpy(cmd_arg, dir + out[0].rm_so + 1, n);
-			cmd_arg[n] = '\0';
+			memcpy(cmd_arg, dir + out[0].rm_so + 1, n-1);
+			cmd_arg[n-1] = '\0';
 			dir[out[0].rm_so] = 0;
 			break;
 		}
author	Tarmigan Casebolt <tarmigan+git@gmail.com>	2009-11-14 21:10:57 (GMT)
committer	Junio C Hamano <gitster@pobox.com>	2009-11-16 06:14:51 (GMT)
commit	48aec1b1f14578ac7560c8be40890ebf52c91d78 (patch)
tree	6dc21f2786a198df8018550756d8018940d72e8d
parent	4a5328d644b67be7fae1ff360e142d5dee4e63e9 (diff)
download	git-48aec1b1f14578ac7560c8be40890ebf52c91d78.zip git-48aec1b1f14578ac7560c8be40890ebf52c91d78.tar.gz git-48aec1b1f14578ac7560c8be40890ebf52c91d78.tar.bz2