applied fixes for a couple of potential security problems more fixes on

* nanoftp.c: applied fixes for a couple of potential security problems
* tree.c valid.c xmllint.c: more fixes on the string interning checks
Daniel

1 files changed, 13 insertions, 2 deletions

diff --git a/nanoftp.c b/nanoftp.c
index 7fe20952..27054c6e 100644
--- a/nanoftp.c
+++ b/nanoftp.c
@@ -355,8 +355,13 @@ xmlNanoFTPScanURL(void *ctx, const char *URL) {
 
 	if (cur[0] == '[') {
 	    cur++;
-	    while (cur[0] != ']')
+	    while ((cur[0] != ']') && (indx < XML_NANO_MAX_URLBUF-1))
 		buf[indx++] = *cur++;
+	    if (indx >= XML_NANO_MAX_URLBUF-1) {
+		xmlGenericError(xmlGenericErrorContext,
+		                "\nxmlNanoFTPScanURL: %s", "Syntax Error\n");
+		return;
+	    }
 
 	    if (!strchr (buf, ':')) {
 		xmlGenericError (xmlGenericErrorContext, "\nxmlNanoFTPScanURL: %s",
@@ -604,8 +609,14 @@ xmlNanoFTPScanProxy(const char *URL) {
 
 	if (cur[0] == '[') {
 	    cur++;
-	    while (cur[0] != ']')
+	    while ((cur[0] != ']') && (indx < XML_NANO_MAX_URLBUF-1))
 		buf[indx++] = *cur++;
+            if (indx >= XML_NANO_MAX_URLBUF-1) {
+		xmlGenericError (xmlGenericErrorContext,
+			  "\nxmlNanoFTPScanProxy: %s", "Syntax error\n");
+		return;
+	    }
+
 	    if (!strchr (buf, ':')) {
 		xmlGenericError (xmlGenericErrorContext, "\nxmlNanoFTPScanProxy: %s",
 			"Use [IPv6]/IPv4 format\n");