From fab4b71e38f73ee263987d31cd25c96e38232d0c Mon Sep 17 00:00:00 2001 From: msweet Date: Wed, 6 May 2015 21:32:18 +0000 Subject: Long cookies caused the web interface to stop working (STR #4619) git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@12621 a1ca3aef-8c08-0410-bb20-df032aa958be --- cgi-bin/var.c | 31 +++++++++++++++++++++++++------ 1 file changed, 25 insertions(+), 6 deletions(-) (limited to 'cgi-bin') diff --git a/cgi-bin/var.c b/cgi-bin/var.c index 408634dac..3935508fc 100644 --- a/cgi-bin/var.c +++ b/cgi-bin/var.c @@ -3,7 +3,7 @@ * * CGI form variable and array functions for CUPS. * - * Copyright 2007-2014 by Apple Inc. + * Copyright 2007-2015 by Apple Inc. * Copyright 1997-2005 by Easy Software Products. * * These coded instructions, statements, and computer programs are the @@ -626,6 +626,8 @@ cgi_initialize_cookies(void) while (*cookie) { + int skip = 0; /* Skip this cookie? */ + /* * Skip leading whitespace... */ @@ -641,9 +643,14 @@ cgi_initialize_cookies(void) for (ptr = name; *cookie && *cookie != '=';) if (ptr < (name + sizeof(name) - 1)) + { *ptr++ = *cookie++; + } else - break; + { + skip = 1; + cookie ++; + } if (*cookie != '=') break; @@ -659,26 +666,38 @@ cgi_initialize_cookies(void) { for (cookie ++, ptr = value; *cookie && *cookie != '\"';) if (ptr < (value + sizeof(value) - 1)) + { *ptr++ = *cookie++; + } else - break; + { + skip = 1; + cookie ++; + } if (*cookie == '\"') cookie ++; + else + skip = 1; } else { for (ptr = value; *cookie && *cookie != ';';) if (ptr < (value + sizeof(value) - 1)) + { *ptr++ = *cookie++; + } else - break; + { + skip = 1; + cookie ++; + } } if (*cookie == ';') cookie ++; else if (*cookie) - break; + skip = 1; *ptr = '\0'; @@ -687,7 +706,7 @@ cgi_initialize_cookies(void) * "$"... */ - if (name[0] != '$') + if (name[0] != '$' && !skip) num_cookies = cupsAddOption(name, value, num_cookies, &cookies); } } -- cgit v1.2.3