for (i=0;i<len;i++) {
switch (s[i]) {
case '<':
- strcpy(d, "<");
+ safe_strcpy(d, "<", len + n*6 - (d - ret));
d += 4;
break;
case '>':
- strcpy(d, ">");
+ safe_strcpy(d, ">", len + n*6 - (d - ret));
d += 4;
break;
case '&':
- strcpy(d, "&");
+ safe_strcpy(d, "&", len + n*6 - (d - ret));
d += 5;
break;
for (i=0;i<len;i++) {
if (strchr(qlist,s[i])) {
- sprintf(d, "%%%02X", (int)s[i]);
+ slprintf(d, len + n*2 - (d - ret), "%%%02X", (int)s[i]);
d += 3;
} else {
*d++ = s[i];
for (i=0;i<len;i++) {
switch (s[i]) {
case '"':
- strcpy(d, """);
+ safe_strcpy(d, """, len + n*6 - (d - ret));
d += 6;
break;
static void base64_decode(char *s)
{
char *b64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
- int bit_offset, byte_offset, idx, i;
+ int bit_offset, byte_offset, idx, i, n;
unsigned char *d = (unsigned char *)s;
char *p;
- i=0;
+ n=i=0;
while (*s && (p=strchr(b64,*s))) {
idx = (int)(p - b64);
d[byte_offset] &= ~((1<<(8-bit_offset))-1);
if (bit_offset < 3) {
d[byte_offset] |= (idx << (2-bit_offset));
+ n = byte_offset+1;
} else {
d[byte_offset] |= (idx >> (bit_offset-2));
d[byte_offset+1] = 0;
d[byte_offset+1] |= (idx << (8-(bit_offset-2))) & 0xFF;
+ n = byte_offset+2;
}
s++; i++;
}
+ /* null terminate */
+ d[n] = 0;
}
}
- return password_ok(user, pass, strlen(pass), NULL);
+ return pass_check(user, pass, strlen(pass), NULL, NULL);
}
/* sanitise the filename */
for (i=0;file[i];i++) {
- if (!isalnum(file[i]) && !strchr("/.-_", file[i])) {
+ if (!isalnum((int)file[i]) && !strchr("/.-_", file[i])) {
cgi_setup_error("404 File Not Found","",
"Illegal character in filename");
}