From 2216fd6472fe183439df1a39c1c06974abc3f150 Mon Sep 17 00:00:00 2001
From: Lars Hjemli <hjemli@gmail.com>
Date: Mon, 3 Dec 2007 00:39:20 +0100
Subject: Compare string lengths when parsing the snapshot mask

We used to rely on the result from strncmp() without comparing the length of
the strings involved. Even worse, any single-character format specifier would
enable zip-format due to the optional '.'-prefix since the length of the
mask then would become zero.

Noticed-by: Evan Martin <sys@neugierig.org>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
---
 ui-snapshot.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/ui-snapshot.c b/ui-snapshot.c
index 4d1aa88..dfedd8f 100644
--- a/ui-snapshot.c
+++ b/ui-snapshot.c
@@ -130,7 +130,7 @@ int cgit_parse_snapshots_mask(const char *str)
 {
 	const struct snapshot_archive_t* sat;
 	static const char *delim = " \t,:/|;";
-	int f, tl, rv = 0;
+	int f, tl, sl, rv = 0;
 
 	/* favor legacy setting */
 	if(atoi(str))
@@ -142,8 +142,9 @@ int cgit_parse_snapshots_mask(const char *str)
 			break;
 		for(f=0; f<snapshot_archives_len; f++) {
 			sat = &snapshot_archives[f];
-			if(!(strncmp(sat->suffix, str, tl) &&
-			     strncmp(sat->suffix+1, str, tl-1))) {
+			sl = strlen(sat->suffix);
+			if((tl == sl && !strncmp(sat->suffix, str, tl)) ||
+			   (tl == sl-1 && !strncmp(sat->suffix+1, str, tl-1))) {
 				rv |= sat->bit;
 				break;
 			}
-- 
cgit 1.4.1

 <a href='/cgit-pink/commit/tests/valgrind/bin?h=1.4.1&amp;id=441dac1d747dab43e3559ee68f18a273512064cd&amp;follow=1'>commit</a> <a href='/cgit-pink/diff/tests/valgrind/bin?h=1.4.1&amp;id=441dac1d747dab43e3559ee68f18a273512064cd&amp;follow=1'>diff</a></td><td class='form'><form class='right' method='get' action='/cgit-pink/log/tests/valgrind/bin'>
<input type='hidden' name='h' value='1.4.1'/><input type='hidden' name='id' value='441dac1d747dab43e3559ee68f18a273512064cd'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/cgit-pink/log/?h=1.4.1&amp;id=441dac1d747dab43e3559ee68f18a273512064cd&amp;follow=1'>root</a>/<a href='/cgit-pink/log/tests?h=1.4.1&amp;id=441dac1d747dab43e3559ee68f18a273512064cd&amp;follow=1'>tests</a>/<a href='/cgit-pink/log/tests/valgrind?h=1.4.1&amp;id=441dac1d747dab43e3559ee68f18a273512064cd&amp;follow=1'>valgrind</a>/<a href='/cgit-pink/log/tests/valgrind/bin?h=1.4.1&amp;id=441dac1d747dab43e3559ee68f18a273512064cd&amp;follow=1'>bin</a> (<a href='/cgit-pink/log/tests/valgrind/bin?h=1.4.1&amp;id=441dac1d747dab43e3559ee68f18a273512064cd'>unfollow</a>)</div><div class='content'><table class='list nowrap'><tr class='nohover'><th></th><th class='left'>Commit message (<a href='/cgit-pink/log/tests/valgrind/bin?h=1.4.1&amp;id=441dac1d747dab43e3559ee68f18a273512064cd&amp;showmsg=1&amp;follow=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2018-11-25 06:01:34 +0100'>2018-11-25</span></td><td><a href='/cgit-pink/commit/ui-shared.h?h=1.4.1&amp;id=898b9e19e0eacd67456ddcc91ff173055e1c0e99&amp;follow=1'>auth-filter: pass url with query string attached</a></td><td>Jason A. Donenfeld</td></tr>
<tr><td><span title='2018-11-21 02:30:41 +0100'>2018-11-21</span></td><td><a href='/cgit-pink/commit/Makefile?h=1.4.1&amp;id=a22855747e97e55a7b7a2622fe671b8ca9af0981&amp;follow=1'>git: use xz compressed archive for download</a></td><td>Christian Hesse</td></tr>
<tr><td><span title='2018-10-12 23:06:02 +0200'>2018-10-12</span></td><td><a href='/cgit-pink/commit/ui-tree.c?h=1.4.1&amp;id=2c9f56f3e1c754f60ccffbc6c745b9d5a81ea005&amp;follow=1'>git: update to v2.19.1</a></td><td>Christian Hesse</td></tr>
<tr><td><span title='2018-09-11 08:47:12 +0200'>2018-09-11</span></td><td><a href='/cgit-pink/commit/ui-ssdiff.c?h=1.4.1&amp;id=a96f2890f41e0b9b0ffa1bcdb1dddbef28c01662&amp;follow=1'>ui-ssdiff: ban strcat()</a></td><td>Christian Hesse</td></tr>
<tr><td><span title='2018-09-11 08:47:12 +0200'>2018-09-11</span></td><td><a href='/cgit-pink/commit/ui-ssdiff.c?h=1.4.1&amp;id=0899eb644fab415e9a3b304f53da9da50aaf91aa&amp;follow=1'>ui-ssdiff: ban strncpy()</a></td><td>Christian Hesse</td></tr>
<tr><td><span title='2018-09-11 08:47:12 +0200'>2018-09-11</span></td><td><a href='/cgit-pink/commit/ui-shared.c?h=1.4.1&amp;id=2fc008d6dea2456548825c973a5516b5cdfd9c8c&amp;follow=1'>ui-shared: ban strcat()</a></td><td>Christian Hesse</td></tr>
<tr><td><span title='2018-09-11 08:47:12 +0200'>2018-09-11</span></td><td><a href='/cgit-pink/commit/ui-patch.c?h=1.4.1&amp;id=edb3403f00f14ac5cc23b9ba3a122cb4ee8b81fa&amp;follow=1'>ui-patch: ban sprintf()</a></td><td>Christian Hesse</td></tr>
<tr><td><span title='2018-09-11 08:47:12 +0200'>2018-09-11</span></td><td><a href='/cgit-pink/commit/ui-log.c?h=1.4.1&amp;id=7f75647b5565076b70d7c619df08e6c64dac9386&amp;follow=1'>ui-log: ban strncpy()</a></td><td>Christian Hesse</td></tr>
<tr><td><span title='2018-09-11 08:47:12 +0200'>2018-09-11</span></td><td><a href='/cgit-pink/commit/ui-log.c?h=1.4.1&amp;id=71ba7187e5eeeaf2f66bc27bc3b48a2014d37bb7&amp;follow=1'>ui-log: ban strcpy()</a></td><td>Christian Hesse</td></tr>
<tr><td><span title='2018-09-11 08:47:12 +0200'>2018-09-11</span></td><td><a href='/cgit-pink/commit/parsing.c?h=1.4.1&amp;id=60a930044d57faae4fcb84cba9d85310b0c767a7&amp;follow=1'>parsing: ban sprintf()</a></td><td>Christian Hesse</td></tr>
<tr><td><span title='2018-09-11 08:47:12 +0200'>2018-09-11</span></td><td><a href='/cgit-pink/commit/parsing.c?h=1.4.1&amp;id=7cde5885d8ce53359ee665bb930b1da956e8369a&amp;follow=1'>parsing: ban strncpy()</a></td><td>Christian Hesse</td></tr>
<tr><td><span title='2018-08-28 14:37:19 +0200'>2018-08-28</span></td><td><a href='/cgit-pink/commit/filters/html-converters/md2html?h=1.4.1&amp;id=b0fc647fe61c19338aec65ffcab513cc84599b18&amp;follow=1'>filters: generate anchor links from markdown</a></td><td>Christian Hesse</td></tr>
<tr><td><span title='2018-08-03 17:04:03 +0200'>2018-08-03</span></td><td><a href='/cgit-pink/commit/Makefile?h=1.4.1&amp;id=824138e59194acaf5efe53690d4ef6eaf38e1549&amp;follow=1'>Bump version.</a></td><td>Jason A. Donenfeld</td></tr>
<tr><td><span title='2018-08-03 17:04:03 +0200'>2018-08-03</span></td><td><a href='/cgit-pink/commit/ui-clone.c?h=1.4.1&amp;id=53efaf30b50f095cad8c160488c74bba3e3b2680&amp;follow=1'>clone: fix directory traversal</a></td><td>Jason A. Donenfeld</td></tr>
<tr><td><span title='2018-08-03 16:12:21 +0200'>2018-08-03</span></td><td><a href='/cgit-pink/commit/cgit.c?h=1.4.1&amp;id=c679d9010451b986bae719a6abe0458af2b2dfb9&amp;follow=1'>config: record repo.snapshot-prefix in the per-repo config</a></td><td>Konstantin Ryabitsev
	Commit message (Expand)	Author
2018-11-25	auth-filter: pass url with query string attached	Jason A. Donenfeld
2018-11-21	git: use xz compressed archive for download	Christian Hesse
2018-10-12	git: update to v2.19.1	Christian Hesse
2018-09-11	ui-ssdiff: ban strcat()	Christian Hesse
2018-09-11	ui-ssdiff: ban strncpy()	Christian Hesse
2018-09-11	ui-shared: ban strcat()	Christian Hesse
2018-09-11	ui-patch: ban sprintf()	Christian Hesse
2018-09-11	ui-log: ban strncpy()	Christian Hesse
2018-09-11	ui-log: ban strcpy()	Christian Hesse
2018-09-11	parsing: ban sprintf()	Christian Hesse
2018-09-11	parsing: ban strncpy()	Christian Hesse
2018-08-28	filters: generate anchor links from markdown	Christian Hesse
2018-08-03	Bump version.	Jason A. Donenfeld
2018-08-03	clone: fix directory traversal	Jason A. Donenfeld
2018-08-03	config: record repo.snapshot-prefix in the per-repo config	Konstantin Ryabitsev