From d5b513f53d0faf307ccaf8ef5687a4c46bb82ed1 Mon Sep 17 00:00:00 2001
From: reyk <reyk@openbsd.org>
Date: Wed, 23 Jul 2014 23:10:27 +0000
Subject: [PATCH] When canonicalizing the path, it is better to fail on
 truncation.

Pointed out by Doug Hogan.
---
 usr.sbin/httpd/httpd.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/usr.sbin/httpd/httpd.c b/usr.sbin/httpd/httpd.c
index c5a968cc02e..c87c2ad847e 100644
--- a/usr.sbin/httpd/httpd.c
+++ b/usr.sbin/httpd/httpd.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: httpd.c,v 1.5 2014/07/23 22:56:00 reyk Exp $	*/
+/*	$OpenBSD: httpd.c,v 1.6 2014/07/23 23:10:27 reyk Exp $	*/
 
 /*
  * Copyright (c) 2014 Reyk Floeter <reyk@openbsd.org>
@@ -490,7 +490,11 @@ canonicalize_path(const char *root, const char *input, char *path, size_t len)
 	start = p;
 	end = p + (len - 1);
 
-	while (*i != '\0' && p < end) {
+	while (*i != '\0') {
+		/* Detect truncation */
+		if (p >= end)
+			return (NULL);
+
 		/* 1. check for special path elements */
 		if (i[0] == '/') {
 			if (i[1] == '/') {
-- 
2.20.1