Fixed more potential overflow bugs.

ChangeLog

@@ -1,5 +1,11 @@
 2001-01-15  Robert James Kaes  <rjkaes@flarenet.com>
 
+	* src/reqs.c (process_method): A potential stack overflow bug fixed.
+	Though, I do not actually think a stack overflow could have occurred
+	in this case. Better safe than sorry.
+
+	* src/stats.c (showstats): Another potential heap overflow bug fixed.
+
 	* src/utils.c (httperr): A heap overflow bug fixed.
 
 2000-12-07  Robert James Kaes  <rjkaes@flarenet.com>

src/reqs.c

@@ -1,4 +1,4 @@
-/* $Id: reqs.c,v 1.10 2000-11-23 04:46:25 rjkaes Exp $
+/* $Id: reqs.c,v 1.11 2001-01-15 17:11:57 rjkaes Exp $
  *
  * This is where all the work in tinyproxy is actually done. Incoming
  * connections have a new thread created for them. The thread then
@@ -170,12 +170,13 @@ static int process_method(struct conn_s *connptr)
 	if (!uri->scheme || strcasecmp(uri->scheme, "http") != 0) {
 		char *error_string;
 		if (uri->scheme) {
-			error_string = malloc(strlen(uri->scheme) + 64);
+			int error_string_len = strlen(uri->scheme) + 64;
+			error_string = malloc(error_string_len);
 			if (!error_string) {
 				log(LOG_CRIT, "Out of Memory!");
 				return -1;
 			}
-			sprintf(error_string,
+			snprintf(error_string, error_string_len,
 				"Invalid scheme (%s). Only HTTP is allowed.",
 				uri->scheme);
 		} else {

src/stats.c

@@ -1,4 +1,4 @@
-/* $Id: stats.c,v 1.1 2000-09-12 00:06:09 rjkaes Exp $
+/* $Id: stats.c,v 1.2 2001-01-15 17:11:57 rjkaes Exp $
  *
  * This module handles the statistics for tinyproxy. There are only two
  * public API functions. The reason for the functions, rather than just a
@@ -79,7 +79,7 @@ int showstats(struct conn_s *connptr)
 	}
 
 	LOCK();
-	sprintf(connptr->output_message, msg,
+	snprintf(connptr->output_message, MAXBUFFSIZE, msg,
 		PACKAGE, VERSION, PACKAGE, VERSION,
 		stats.num_open,
 		stats.num_reqs,