Browse Source
Fixed bug in GBUdbIgnoreList reader to prevent reading outside of the line buffer.
git-svn-id: https://svn.microneil.com/svn/SNFMulti/trunk@30 dc71a809-1921-45c4-985c-09c81d0142d9wx
1 changed files with 5 additions and 4 deletions
+ 5
- 4
GBUdb.cpp
View File
| MyDataset = BuildCompressedDataset.New(); // Put the new dataset in place. | MyDataset = BuildCompressedDataset.New(); // Put the new dataset in place. | ||||
| delete BuildCompressedDataset.Old(); // Delete the old dataset. | delete BuildCompressedDataset.Old(); // Delete the old dataset. | ||||
| } // All done, so we're unlocked. | } // All done, so we're unlocked. | ||||
| int GBUdb::readIgnoreList(const char* FileName) { // setIgnore for a list of IPs | int GBUdb::readIgnoreList(const char* FileName) { // setIgnore for a list of IPs | ||||
| int IPCount = 0; // Keep track of the IPs we read. | int IPCount = 0; // Keep track of the IPs we read. | ||||
| try { // Capture any exceptions. | try { // Capture any exceptions. | ||||
| char IPLineBuffer[256]; // Create a line buffer. | |||||
| char IPLineBuffer[256]; // Create a line buffer. | |||||
| const int SafeBufferSize = sizeof(IPLineBuffer) - 1; // Safe size always leaves a NULL on the end. | |||||
| ifstream ListFile(FileName, ios::in); // Open up the list file. | ifstream ListFile(FileName, ios::in); // Open up the list file. | ||||
| while(ListFile.good()) { // While we've got a good file (not eof) | while(ListFile.good()) { // While we've got a good file (not eof) | ||||
| memset(IPLineBuffer, 0, sizeof(IPLineBuffer)); // Clear the buffer. | memset(IPLineBuffer, 0, sizeof(IPLineBuffer)); // Clear the buffer. | ||||
| ListFile.getline(IPLineBuffer, sizeof(IPLineBuffer)); // Read the line. | |||||
| ListFile.getline(IPLineBuffer, SafeBufferSize); // Read the line. (safely NULL terminated) | |||||
| // Now we have an IP on a line (in theory). We will parse | // Now we have an IP on a line (in theory). We will parse | ||||
| // the ip and process any that parse correctly. | // the ip and process any that parse correctly. | ||||
| char* cursor = IPLineBuffer; // Start on the first byte. | char* cursor = IPLineBuffer; // Start on the first byte. | ||||
| if('#' == *cursor) continue; // Lines that start with # are comments. | if('#' == *cursor) continue; // Lines that start with # are comments. | ||||
| while(0 < *cursor && isspace(*cursor)) ++cursor; // Eat any leading spaces. | |||||
| // First octet. | // First octet. | ||||
| while(NULL!=cursor && !isdigit(*cursor)) ++cursor; // Eat any nondigits. | |||||
| if(!isdigit(*cursor)) continue; // If it's not a digit skip this line. | if(!isdigit(*cursor)) continue; // If it's not a digit skip this line. | ||||
| if(255 < atoi(cursor)) continue; // If the octet is out of range skip! | if(255 < atoi(cursor)) continue; // If the octet is out of range skip! | ||||
| IP += atoi(cursor); IP <<= 8; // Grab the first int and shift it. | IP += atoi(cursor); IP <<= 8; // Grab the first int and shift it. |
Loading…