[vlc-devel] [PATCH 4/4] text/url: fix port handling in vlc_UrlParse
Filip Roséen
filip at atch.se
Fri Oct 28 16:31:56 CEST 2016
correction: `unsigned long` >= 32bit (not `int`).
On 2016-10-28 16:30, Filip Roséen wrote:
> And after some more investigation, `unsigned int` is guaranteed to be
> a minimum of 32-bits in C99. This means that the check to see if
> `port` fits inside `unsigned` is enough in terms checking for
> overflows, and given that we only care about at most 16-bits, we are
> fine.
>
> Attached updated (final) patch.
>
> On 2016-10-28 16:22, Filip Roséen wrote:
>
> > ...
> From cada019f4d15411c9b0e0a4db0865b52a98b974f Mon Sep 17 00:00:00 2001
> From: =?UTF-8?q?Filip=20Ros=C3=A9en?= <filip at atch.se>
> Date: Fri, 28 Oct 2016 14:46:10 +0200
> Subject: [PATCH] text/url: fix port handling in vlc_UrlParse
>
> Differences compared to the previous implementation:
>
> - accept URLs with empty port-specification (RFC3986, 3.2.3).
>
> - reject port-specification with leading sign (RFC3986 only
> allows *DIGIT).
>
> refs #17555
> ---
> src/text/url.c | 18 +++++++++---------
> 1 file changed, 9 insertions(+), 9 deletions(-)
>
> diff --git a/src/text/url.c b/src/text/url.c
> index 90a51cb..b9e7b41 100644
> --- a/src/text/url.c
> +++ b/src/text/url.c
> @@ -525,18 +525,18 @@ int vlc_UrlParse(vlc_url_t *restrict url, const char *str)
> }
>
> /* Port number */
> - if (next != NULL)
> + if (next != NULL && *next)
> {
> - char *end;
> - unsigned long u = strtoul(next, &end, 10);
> + char* end;
> + unsigned long port = strtoul(next, &end, 10);
>
> - url->i_port = u;
> - if (end == next || *end != '\0' || u == ULONG_MAX)
> - ret = -1;
> -#if (ULONG_MAX > UINT_MAX)
> - if (u > UINT_MAX)
> + if (strchr("0123456789", *next) == NULL || *end || port > UINT_MAX)
> + {
> + errno = EINVAL;
> ret = -1;
> -#endif
> + }
> +
> + url->i_port = port;
> }
>
> if (url->psz_path != NULL)
> --
> 2.10.1
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.videolan.org/pipermail/vlc-devel/attachments/20161028/bbf1f983/attachment.html>
More information about the vlc-devel
mailing list