From 017e014b0291a414631e175d68eb3f61601ff0e4 Mon Sep 17 00:00:00 2001 From: Jan Kneschke Date: Mon, 15 Aug 2005 17:17:32 +0000 Subject: [PATCH] trust s_len in encode-html (merged [406]) git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-merge-1.4.x@548 152afb58-edef-0310-8abb-c4023f1b3aa9 --- src/buffer.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/src/buffer.c b/src/buffer.c index 01e665d2..a1598baa 100644 --- a/src/buffer.c +++ b/src/buffer.c @@ -750,7 +750,7 @@ int buffer_append_string_url_encoded(buffer *b, const char *s, size_t s_len) { int buffer_append_string_html_encoded(buffer *b, const char *s, size_t s_len) { unsigned char *ds, *d; - size_t d_len; + size_t d_len, i; if (!s || !b) return -1; @@ -762,17 +762,21 @@ int buffer_append_string_html_encoded(buffer *b, const char *s, size_t s_len) { if (s_len == 0) return 0; /* count to-be-encoded-characters */ - for (ds = (unsigned char *)s, d_len = 0; *ds; ds++) { + for (ds = (unsigned char *)s, d_len = 0, i = 0; i < s_len && *ds; ds++, i++) { d_len++; - if (*ds == '<' || *ds == '>') + if (*ds == '<' || *ds == '>') { d_len += 4 - 1; - else if (*ds == '&') + } else if (*ds == '&') { d_len += 5 - 1; + } } buffer_prepare_append(b, d_len); - for (ds = (unsigned char *)s, d = (unsigned char *)b->ptr + b->used - 1, d_len = 0; *ds; ds++) { + for (ds = (unsigned char *)s, + d = (unsigned char *)b->ptr + b->used - 1, + d_len = 0, + i = 0; i < s_len && *ds; ds++, i++) { switch (*ds) { case '>': d[d_len++] = '&';