Fixed heap breaches caused by our bult-in

electric fence code from death queries. Use HTTP/1.0 not 1.1 since we disabled keep-alive support a long time ago.
2024-10-04 04:07:13 +03:00 · 2013-08-10 09:51:14 -07:00 · 2013-08-10 09:51:14 -07:00 · 834128a076
commit 834128a076
parent 651b899453
2 changed files with 12 additions and 7 deletions
--- a/HttpMime.cpp
+++ b/HttpMime.cpp
@ -581,7 +581,7 @@ const char *HttpMime::getContentEncodingFromExtension ( char *ext ) {
 // make a redirect mime
 void HttpMime::makeRedirMime ( char *redir , long redirLen ) {
 	char *p = m_buf;
-	memcpy ( p , "HTTP/1.1 302 RD\r\nLocation: " , 27 );
+	memcpy ( p , "HTTP/1.0 302 RD\r\nLocation: " , 27 );
 	p += 27;
 	if ( redirLen > 600 ) redirLen = 600;
 	memcpy ( p , redir , redirLen );
@ -687,7 +687,7 @@ void HttpMime::makeMime  ( long    totalContentLen    ,
 		if ( ! charset ) charset = "utf-8";
 		//sprintf ( m_buf , 
 		p += sprintf ( p,
-			  "HTTP/1.1 %li%s\r\n"
+			  "HTTP/1.0 %li%s\r\n"
 			  "Date: %s\r\n"
 			       //"P3P: CP=\"CAO PSA OUR\"\r\n"
 			  "Server: Gigablast/1.0\r\n"
@ -715,7 +715,7 @@ void HttpMime::makeMime  ( long    totalContentLen    ,
 		if ( ! charset ) charset = "utf-8";
 		//sprintf ( m_buf , 
 		p += sprintf( p,
-			      "HTTP/1.1 %li Partial content\r\n"
+			      "HTTP/1.0 %li Partial content\r\n"
 			      "%s"
 			      "Content-Length: %li\r\n"
 			      "Content-Range: %li-%li(%li)\r\n"// added "bytes"
@ -745,7 +745,7 @@ void HttpMime::makeMime  ( long    totalContentLen    ,
 		if ( httpStatus == 200 ) smsg = " OK";
 		//sprintf ( m_buf , 
 		p += sprintf( p,
-			      "HTTP/1.1 %li%s\r\n"
+			      "HTTP/1.0 %li%s\r\n"
 			      // make it at least 4 spaces so we can change
 			      // the length of the content should we insert
 			      // a login bar in Proxy::storeLoginBar()
--- a/Query.cpp
+++ b/Query.cpp
@ -2660,7 +2660,12 @@ bool Query::setQWords ( char boolFlag ,
 		if ( pid ) {
 			long nw = phrases.getNumWordsInPhrase2(i);
 			long j;
-			for ( j = i ; j < i + nw ; j++ ) {
+			// search up to this far
+			long maxj = i + nw;
+			// but not past our truncated limit
+			if ( maxj > MAX_QUERY_WORDS ) maxj = MAX_QUERY_WORDS;
+
+			for ( j = i ; j < maxj ; j++ ) {
 				// skip punct
 				if ( words.isPunct(j)         ) continue;
 				// break out if not a stop word
@ -2670,12 +2675,12 @@ bool Query::setQWords ( char boolFlag ,
 			}
 			// if everybody in phrase #i was a signless stopword
 			// and the phrase was signless, make it have a '*' sign
-			if ( j >= i + nw && m_qwords[i].m_phraseSign == '\0' ) 
+			if ( j >= maxj && m_qwords[i].m_phraseSign == '\0' ) 
 				m_qwords[i].m_phraseSign = '*';
 			// . if a constituent has a - sign, then the whole 
 			//   phrase becomes negative, too
 			// . fixes 'apple -computer' truncation problem
-			for ( long j = i ; j < i + nw ; j++ )
+			for ( long j = i ; j < maxj ; j++ )
 				if ( m_qwords[j].m_wordSign == '-' )
 					qw->m_phraseSign = '-';
 		}