Merge pull request #4 from alpire/master

src/libhttpd.c: fix heap buffer overflow in de_dotdot
blueness · Jun 8, 2017 · 2845bf5 · 2845bf5
2 parents 7e15761 + c0dc63a
commit 2845bf5
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/libhttpd.c b/src/libhttpd.c
@@ -2410,7 +2410,7 @@ de_dotdot( char* file )
     while ( strncmp( file, "./", 2 ) == 0 )
 	(void) memmove( file, file + 2, strlen( file ) - 1 );
     while ( ( cp = strstr( file, "/./") ) != (char*) 0 )
-	(void) memmove( cp, cp + 2, strlen( file ) - 1 );
+	(void) memmove( cp, cp + 2, strlen( cp ) - 1 );
 
     /* Alternate between removing leading ../ and removing xxx/../ */
     for (;;)