Synchronet now requires the libarchive development package (e.g. libarchive-dev on Debian-based Linux distros, for more info) to build successfully.

Commit 37a23fea authored by Rob Swindell's avatar Rob Swindell 💬

Fix heap corruption that could occur when HSTS feature is enabled

At least on Windows, when realloc() is used to allocate a new buffer,
guess what's in that buffer initially? undefined values. So you can't
strcat() onto the end of that! Ouch. This was a fun one to track down.
parent 739ce579
Pipeline #367 passed with stage
in 17 minutes and 57 seconds
...@@ -2779,6 +2779,8 @@ static BOOL parse_headers(http_session_t * session) ...@@ -2779,6 +2779,8 @@ static BOOL parse_headers(http_session_t * session)
else { else {
if (session->req.vary_list) if (session->req.vary_list)
strcat(p, ", "); strcat(p, ", ");
*p = '\0';
strcat(p, get_header(HEAD_UPGRADEINSECURE)); strcat(p, get_header(HEAD_UPGRADEINSECURE));
session->req.vary_list = p; session->req.vary_list = p;
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment