From 7191cf03e2dd1b80c6f7d2734dd8951fad20a7b0 Mon Sep 17 00:00:00 2001
From: Andre Lorbach <alorbach@adiscon.com>
Date: Fri, 5 Aug 2011 13:45:16 +0200
Subject: bugfix: potential misadressing in property replacer

---
 runtime/msg.c | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

(limited to 'runtime')

diff --git a/runtime/msg.c b/runtime/msg.c
index d1e67aa2..8c8e9670 100644
--- a/runtime/msg.c
+++ b/runtime/msg.c
@@ -2868,6 +2868,7 @@ uchar *MsgGetProp(msg_t *pMsg, struct templateEntry *pTpe,
 		}
 	}
 
+dbgprintf("prop repl 4, pRes='%s', len %d\n", pRes, bufLen);
 	/* Take care of spurious characters to make the property safe
 	 * for a path definition
 	 */
@@ -2945,7 +2946,13 @@ uchar *MsgGetProp(msg_t *pMsg, struct templateEntry *pTpe,
 		}
 		
 		/* check for "." and ".." (note the parenthesis in the if condition!) */
-		if((*pRes == '.') && (*(pRes + 1) == '\0' || (*(pRes + 1) == '.' && *(pRes + 2) == '\0'))) {
+		if(*pRes == '\0') {
+			if(*pbMustBeFreed == 1)
+				free(pRes);
+			pRes = UCHAR_CONSTANT("_");
+			bufLen = 1;
+			*pbMustBeFreed = 0;
+		} else if((*pRes == '.') && (*(pRes + 1) == '\0' || (*(pRes + 1) == '.' && *(pRes + 2) == '\0'))) {
 			uchar *pTmp = pRes;
 
 			if(*(pRes + 1) == '\0')
@@ -2955,12 +2962,6 @@ uchar *MsgGetProp(msg_t *pMsg, struct templateEntry *pTpe,
 			if(*pbMustBeFreed == 1)
 				free(pTmp);
 			*pbMustBeFreed = 0;
-		} else if(*pRes == '\0') {
-			if(*pbMustBeFreed == 1)
-				free(pRes);
-			pRes = UCHAR_CONSTANT("_");
-			bufLen = 1;
-			*pbMustBeFreed = 0;
 		}
 	}
 
@@ -3032,6 +3033,7 @@ uchar *MsgGetProp(msg_t *pMsg, struct templateEntry *pTpe,
 		bufLen = ustrlen(pRes);
 	*pPropLen = bufLen;
 
+dbgprintf("end prop repl, pRes='%s', len %d\n", pRes, bufLen);
 	ENDfunc
 	return(pRes);
 }
-- 
cgit