From a6bb3cf60a219222bd04164213fb91e013ca78fa Mon Sep 17 00:00:00 2001 From: Max Kellermann Date: Fri, 13 Nov 2015 21:02:33 +0100 Subject: command/queue: use StringIsEqual() instead of memcmp() memcmp() can overflow the buffer. --- src/command/QueueCommands.cxx | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'src/command') diff --git a/src/command/QueueCommands.cxx b/src/command/QueueCommands.cxx index 141c5170a..1d02c8191 100644 --- a/src/command/QueueCommands.cxx +++ b/src/command/QueueCommands.cxx @@ -34,6 +34,7 @@ #include "Partition.hxx" #include "BulkEdit.hxx" #include "util/ConstBuffer.hxx" +#include "util/StringAPI.hxx" #include "util/UriUtil.hxx" #include "util/NumberParser.hxx" #include "util/Error.hxx" @@ -85,7 +86,7 @@ CommandResult handle_add(Client &client, Request args, Response &r) { const char *uri = args.front(); - if (memcmp(uri, "/", 2) == 0) + if (StringIsEqual(uri, "/")) /* this URI is malformed, but some clients are buggy and use "add /" to add the whole database, which was never intended to work, but once did; in order -- cgit v1.2.3