$NetBSD: patch-ad,v 1.3 2004/11/20 22:07:49 jmmv Exp $

--- nanoftp.c.orig	2000-07-10 12:16:39.000000000 +0200
+++ nanoftp.c
@@ -65,6 +65,8 @@ static char hostname[100];
 #define FTP_GET_PASSWD		331
 #define FTP_BUF_SIZE		512
 
+#define XML_NANO_MAX_URLBUF	4096
+
 typedef struct xmlNanoFTPCtxt {
     char *protocol;	/* the protocol name */
     char *hostname;	/* the host name */
@@ -203,7 +205,7 @@ static void
 xmlNanoFTPScanURL(void *ctx, const char *URL) {
     xmlNanoFTPCtxtPtr ctxt = (xmlNanoFTPCtxtPtr) ctx;
     const char *cur = URL;
-    char buf[4096];
+    char buf[XML_NANO_MAX_URLBUF];
     int index = 0;
     int port = 0;
 
@@ -221,7 +223,7 @@ xmlNanoFTPScanURL(void *ctx, const char 
     }
     if (URL == NULL) return;
     buf[index] = 0;
-    while (*cur != 0) {
+    while ((*cur != 0) && (index < XML_NANO_MAX_URLBUF - 1)) {
         if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) {
 	    buf[index] = 0;
 	    ctxt->protocol = xmlMemStrdup(buf);
@@ -234,7 +236,7 @@ xmlNanoFTPScanURL(void *ctx, const char 
     if (*cur == 0) return;
 
     buf[index] = 0;
-    while (1) {
+    while (index < XML_NANO_MAX_URLBUF - 1) {
         if (cur[0] == ':') {
 	    buf[index] = 0;
 	    ctxt->hostname = xmlMemStrdup(buf);
@@ -263,7 +265,7 @@ xmlNanoFTPScanURL(void *ctx, const char 
     else {
         index = 0;
         buf[index] = 0;
-	while (*cur != 0)
+	while ((*cur != 0) && (index < XML_NANO_MAX_URLBUF-1))
 	    buf[index++] = *cur++;
 	buf[index] = 0;
 	ctxt->path = xmlMemStrdup(buf);
@@ -288,7 +290,7 @@ int
 xmlNanoFTPUpdateURL(void *ctx, const char *URL) {
     xmlNanoFTPCtxtPtr ctxt = (xmlNanoFTPCtxtPtr) ctx;
     const char *cur = URL;
-    char buf[4096];
+    char buf[XML_NANO_MAX_URLBUF];
     int index = 0;
     int port = 0;
 
@@ -301,7 +303,7 @@ xmlNanoFTPUpdateURL(void *ctx, const cha
     if (ctxt->hostname == NULL)
 	return(-1);
     buf[index] = 0;
-    while (*cur != 0) {
+    while ((*cur != 0) && (index < XML_NANO_MAX_URLBUF-1)) {
         if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) {
 	    buf[index] = 0;
 	    if (strcmp(ctxt->protocol, buf))
@@ -353,7 +355,7 @@ xmlNanoFTPUpdateURL(void *ctx, const cha
     else {
         index = 0;
         buf[index] = 0;
-	while (*cur != 0)
+	while ((*cur != 0) && (index < XML_NANO_MAX_URLBUF-1))
 	    buf[index++] = *cur++;
 	buf[index] = 0;
 	ctxt->path = xmlMemStrdup(buf);
@@ -374,7 +376,7 @@ xmlNanoFTPUpdateURL(void *ctx, const cha
 void
 xmlNanoFTPScanProxy(const char *URL) {
     const char *cur = URL;
-    char buf[4096];
+    char buf[XML_NANO_MAX_URLBUF];
     int index = 0;
     int port = 0;
 
@@ -393,7 +395,7 @@ xmlNanoFTPScanProxy(const char *URL) {
 #endif
     if (URL == NULL) return;
     buf[index] = 0;
-    while (*cur != 0) {
+    while ((*cur != 0) && (index < XML_NANO_MAX_URLBUF-1)) {
         if ((cur[0] == ':') && (cur[1] == '/') && (cur[2] == '/')) {
 	    buf[index] = 0;
 	    index = 0;
@@ -828,6 +830,11 @@ xmlNanoFTPConnect(void *ctx) {
     if (hp == NULL)
         return(-1);
 
+    if ((unsigned int) hp->h_length >
+	sizeof(((struct sockaddr_in *)&ctxt->ftpAddr)->sin_addr)) {
+	return (-1);
+    }
+
     /*
      * Prepare the socket
      */