Compare string lengths when parsing the snapshot mask

We used to rely on the result from strncmp() without comparing the length of
the strings involved. Even worse, any single-character format specifier would
enable zip-format due to the optional '.'-prefix since the length of the
mask then would become zero.

Noticed-by: Evan Martin <sys@neugierig.org>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>

diff --git a/ui-snapshot.c b/ui-snapshot.c
index 4d1aa886cc43d356b522e42b0e498d6c850b4ecd..dfedd8f490f344f06c2fb665c3af5e33b5239466 100644 (file)
--- a/ui-snapshot.c
+++ b/ui-snapshot.c
@@ -130,7 +130,7 @@ int cgit_parse_snapshots_mask(const char *str)
 {
        const struct snapshot_archive_t* sat;
        static const char *delim = " \t,:/|;";
-       int f, tl, rv = 0;
+       int f, tl, sl, rv = 0;
 
        /* favor legacy setting */
        if(atoi(str))
@@ -142,8 +142,9 @@ int cgit_parse_snapshots_mask(const char *str)
                        break;
                for(f=0; f<snapshot_archives_len; f++) {
                        sat = &snapshot_archives[f];
-                       if(!(strncmp(sat->suffix, str, tl) &&
-                            strncmp(sat->suffix+1, str, tl-1))) {
+                       sl = strlen(sat->suffix);
+                       if((tl == sl && !strncmp(sat->suffix, str, tl)) ||
+                          (tl == sl-1 && !strncmp(sat->suffix+1, str, tl-1))) {
                                rv |= sat->bit;
                                break;
                        }