diff options
author | msweet <msweet@a1ca3aef-8c08-0410-bb20-df032aa958be> | 2015-05-06 21:32:18 +0000 |
---|---|---|
committer | msweet <msweet@a1ca3aef-8c08-0410-bb20-df032aa958be> | 2015-05-06 21:32:18 +0000 |
commit | fab4b71e38f73ee263987d31cd25c96e38232d0c (patch) | |
tree | f4ea1b0407d4208610f931b8e15c4d25e0b9aad7 /cgi-bin | |
parent | d4cda727d53475332ecfac31449013cd439576cd (diff) |
Long cookies caused the web interface to stop working (STR #4619)
git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@12621 a1ca3aef-8c08-0410-bb20-df032aa958be
Diffstat (limited to 'cgi-bin')
-rw-r--r-- | cgi-bin/var.c | 31 |
1 files changed, 25 insertions, 6 deletions
diff --git a/cgi-bin/var.c b/cgi-bin/var.c index 408634dac..3935508fc 100644 --- a/cgi-bin/var.c +++ b/cgi-bin/var.c @@ -3,7 +3,7 @@ * * CGI form variable and array functions for CUPS. * - * Copyright 2007-2014 by Apple Inc. + * Copyright 2007-2015 by Apple Inc. * Copyright 1997-2005 by Easy Software Products. * * These coded instructions, statements, and computer programs are the @@ -626,6 +626,8 @@ cgi_initialize_cookies(void) while (*cookie) { + int skip = 0; /* Skip this cookie? */ + /* * Skip leading whitespace... */ @@ -641,9 +643,14 @@ cgi_initialize_cookies(void) for (ptr = name; *cookie && *cookie != '=';) if (ptr < (name + sizeof(name) - 1)) + { *ptr++ = *cookie++; + } else - break; + { + skip = 1; + cookie ++; + } if (*cookie != '=') break; @@ -659,26 +666,38 @@ cgi_initialize_cookies(void) { for (cookie ++, ptr = value; *cookie && *cookie != '\"';) if (ptr < (value + sizeof(value) - 1)) + { *ptr++ = *cookie++; + } else - break; + { + skip = 1; + cookie ++; + } if (*cookie == '\"') cookie ++; + else + skip = 1; } else { for (ptr = value; *cookie && *cookie != ';';) if (ptr < (value + sizeof(value) - 1)) + { *ptr++ = *cookie++; + } else - break; + { + skip = 1; + cookie ++; + } } if (*cookie == ';') cookie ++; else if (*cookie) - break; + skip = 1; *ptr = '\0'; @@ -687,7 +706,7 @@ cgi_initialize_cookies(void) * "$"... */ - if (name[0] != '$') + if (name[0] != '$' && !skip) num_cookies = cupsAddOption(name, value, num_cookies, &cookies); } } |