diff options
| author | Vsevolod Stakhov <vsevolod@rambler-co.ru> | 2012-09-14 20:59:23 +0400 |
|---|---|---|
| committer | Vsevolod Stakhov <vsevolod@rambler-co.ru> | 2012-09-14 20:59:23 +0400 |
| commit | 2d81eded1e64737d2ecca278efc2a84be7dbd8f5 (patch) | |
| tree | f9eab401bca807461a76911bcf0199bdb27f8e6d /src/protocol.c | |
| parent | ea68f17ec2f7bffbb8db9000a05d7208fb611204 (diff) | |
| download | rspamd-2d81eded1e64737d2ecca278efc2a84be7dbd8f5.tar.gz rspamd-2d81eded1e64737d2ecca278efc2a84be7dbd8f5.zip | |
* Initial approach to RESTful controller.
Fix security issues in fstring handling.
Diffstat (limited to 'src/protocol.c')
| -rw-r--r-- | src/protocol.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/src/protocol.c b/src/protocol.c index 4f6e0be38..7df9ae673 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -123,7 +123,7 @@ rspamc_proto_str (guint ver) } } -static gchar * +gchar * separate_command (f_str_t * in, gchar c) { guint r = 0; @@ -137,6 +137,11 @@ separate_command (f_str_t * in, gchar c) in->len -= r + 1; return b; } + else if (*p == '\0') { + /* Actually we cannot allow several \0 characters in string, so write to the log about it */ + msg_warn ("cannot separate command with \0 character, this can be an attack attempt"); + return NULL; + } p++; r++; } |