[mapguide-commits] r10089 - branches/4.0/MgDev/Web/src/HttpHandler
svn_mapguide at osgeo.org
svn_mapguide at osgeo.org
Mon Jul 29 09:00:14 PDT 2024
Author: jng
Date: 2024-07-29 09:00:13 -0700 (Mon, 29 Jul 2024)
New Revision: 10089
Modified:
branches/4.0/MgDev/Web/src/HttpHandler/OgcServer.cpp
branches/4.0/MgDev/Web/src/HttpHandler/OgcWfsException.cpp
branches/4.0/MgDev/Web/src/HttpHandler/OgcWmsException.cpp
Log:
Buffer overflow fixes in OGC Server. Fixes #2878
Modified: branches/4.0/MgDev/Web/src/HttpHandler/OgcServer.cpp
===================================================================
--- branches/4.0/MgDev/Web/src/HttpHandler/OgcServer.cpp 2024-07-29 13:24:00 UTC (rev 10088)
+++ branches/4.0/MgDev/Web/src/HttpHandler/OgcServer.cpp 2024-07-29 16:00:13 UTC (rev 10089)
@@ -265,11 +265,11 @@
void WriteTo(CStream& Response) const
{
- SZBUF szTypeAttribute[64];
+ SZBUF szTypeAttribute[64] = { 0 };
// Rudimentary buffer overrun check.
ASSERT(szlen(this->Type()) + 8 /* "type=''" + EOS */ < char_sizeof(szTypeAttribute));
- szsprintf(szTypeAttribute,sizeof(szTypeAttribute),kpszAttributeTypeFormat,this->Type());
+ szsprintf(szTypeAttribute,char_sizeof(szTypeAttribute),kpszAttributeTypeFormat,this->Type());
MgXmlElementEmitter Error(Response,this->ElementName(),szTypeAttribute);
if(this->Message() != NULL)
@@ -852,8 +852,8 @@
bool MgOgcServer::IsIterationInSubset(int iNum,STRING sSubset,CPSZ pszDefinition)
{
// Stringify the number; we almost always need this.
- SZBUF szInteger[32];
- szsprintf(szInteger,sizeof(szInteger),_("%d"),iNum);
+ SZBUF szInteger[32] = { 0 };
+ szsprintf(szInteger,char_sizeof(szInteger),_("%d"),iNum);
// Let's be optimistic. Will it be in the set? Probably.
bool bInclude = true;
@@ -1460,8 +1460,8 @@
bool MgOgcServer::AddDefinition(CPSZ pszItem,int iValue)
{
- SZBUF szInteger[32];
- szsprintf(szInteger,sizeof(szInteger),_("%d"),iValue);
+ SZBUF szInteger[32] = { 0 };
+ szsprintf(szInteger,char_sizeof(szInteger),_("%d"),iValue);
return AddDefinition(pszItem,szInteger);
}
Modified: branches/4.0/MgDev/Web/src/HttpHandler/OgcWfsException.cpp
===================================================================
--- branches/4.0/MgDev/Web/src/HttpHandler/OgcWfsException.cpp 2024-07-29 13:24:00 UTC (rev 10088)
+++ branches/4.0/MgDev/Web/src/HttpHandler/OgcWfsException.cpp 2024-07-29 16:00:13 UTC (rev 10089)
@@ -33,7 +33,7 @@
// Rudimentary buffer overrun check.
ASSERT(szlen(this->Type()) + 8 /* "type=''" + EOS */ < char_sizeof(szTypeAttribute));
- szsprintf(szTypeAttribute,sizeof(szTypeAttribute),_("type='%s'"),this->Type());
+ szsprintf(szTypeAttribute,char_sizeof(szTypeAttribute),_("type='%s'"),this->Type());
MgXmlElementEmitter Error(Response,this->ElementName(),szTypeAttribute);
if(this->Message() != NULL)
Modified: branches/4.0/MgDev/Web/src/HttpHandler/OgcWmsException.cpp
===================================================================
--- branches/4.0/MgDev/Web/src/HttpHandler/OgcWmsException.cpp 2024-07-29 13:24:00 UTC (rev 10088)
+++ branches/4.0/MgDev/Web/src/HttpHandler/OgcWmsException.cpp 2024-07-29 16:00:13 UTC (rev 10089)
@@ -46,11 +46,11 @@
void MgOgcWmsException::WriteTo(CStream& Response) const
{
- SZBUF szTypeAttribute[64];
+ SZBUF szTypeAttribute[64] = { 0 };
// Rudimentary buffer overrun check.
ASSERT(szlen(this->Type()) + 8 /* "type=''" + EOS */ < char_sizeof(szTypeAttribute));
- szsprintf(szTypeAttribute,sizeof(szTypeAttribute),_("type='%s'"),this->Type());
+ szsprintf(szTypeAttribute,char_sizeof(szTypeAttribute),_("type='%s'"),this->Type());
MgXmlElementEmitter Error(Response,this->ElementName(),szTypeAttribute);
if(this->Message() != NULL)
More information about the mapguide-commits
mailing list