Jacob reports a segfault when using HTTP proxying under Minefield.

It appears that this is because Visual C's sscanf works by first
calling strlen to get the length of the string, so that its internal
read-character routine can be sure of never overrunning the buffer.
Quite why the internal read-char routine can't detect \0 _itself_
rather than having to have it found for it in advance I have no
idea. Sigh.

[originally from svn r3844]

diff --git a/proxy.c b/proxy.c
index d970b2bf773f1f9ac606d84ed84dda1c0e57f0b4..dd5c428ce0daef4f4ef3f1fdf5cd77249788845b 100644 (file)
--- a/proxy.c
+++ b/proxy.c
@@ -590,8 +590,14 @@ int proxy_http_negotiate (Proxy_Socket p, int change)
            /* get the status line */
            len = bufchain_size(&p->pending_input_data);
            assert(len > 0);           /* or we wouldn't be here */
-           data = snewn(len, char);
+           data = snewn(len+1, char);
            bufchain_fetch(&p->pending_input_data, data, len);
+           /*
+            * We must NUL-terminate this data, because Windows
+            * sscanf appears to require a NUL at the end of the
+            * string because it strlens it _first_. Sigh.
+            */
+           data[len] = '\0';
 
            eol = get_line_end(data, len);
            if (eol < 0) {