You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Dean Gaudet <dg...@arctic.org> on 1997/12/19 09:48:35 UTC

[PATCH] mod_mime_magic small bug fixes

- fix an off-by-1 on read() which I think I introduced in an
    earlier cleanup

- fix case where m->desc[] may be left unterminated

- note some code which is not multithread safe

Dean

Index: modules/standard/mod_mime_magic.c
===================================================================
RCS file: /export/home/cvs/apachen/src/modules/standard/mod_mime_magic.c,v
retrieving revision 1.20
diff -u -r1.20 mod_mime_magic.c
--- mod_mime_magic.c	1997/11/16 01:52:23	1.20
+++ mod_mime_magic.c	1997/12/19 08:40:52
@@ -881,7 +881,7 @@
     /*
      * try looking at the first HOWMANY bytes
      */
-    if ((nbytes = read(fd, (char *) buf, sizeof(buf))) == -1) {
+    if ((nbytes = read(fd, (char *) buf, sizeof(buf) - 1)) == -1) {
 	aplog_error(APLOG_MARK, APLOG_ERR, r->server,
 		    MODNAME ": read failed: %s", r->filename);
 	return HTTP_INTERNAL_SERVER_ERROR;
@@ -1086,7 +1086,6 @@
  */
 static int parse(server_rec *serv, pool *p, char *l, int lineno)
 {
-    int i = 0;
     struct magic *m;
     char *t, *s;
     magic_server_config_rec *conf = (magic_server_config_rec *)
@@ -1297,14 +1296,13 @@
     }
     else
 	m->nospflag = 0;
-    while ((m->desc[i++] = *l++) != '\0' && i < MAXDESC)
-	/* NULLBODY */ ;
+    strncpy(m->desc, l, sizeof(m->desc) - 1);
+    m->desc[sizeof(m->desc) - 1] = '\0';
 
 #if MIME_MAGIC_DEBUG
     aplog_error(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, serv,
 		MODNAME ": parse line=%d m=%x next=%x cont=%d desc=%s",
-		lineno, m, m->next, m->cont_level,
-		m->desc ? m->desc : "NULL");
+		lineno, m, m->next, m->cont_level, m->desc);
 #endif /* MIME_MAGIC_DEBUG */
 
     return 0;
@@ -1650,7 +1648,7 @@
 			MODNAME ": line=%d mc=%x mc->next=%x cont=%d desc=%s",
 			    m_cont->lineno, m_cont,
 			    m_cont->next, m_cont->cont_level,
-			    m_cont->desc ? m_cont->desc : "NULL");
+			    m_cont->desc);
 #endif
 		/*
 		 * this trick allows us to keep *m in sync when the continue
@@ -1779,6 +1777,7 @@
     case DATE:
     case BEDATE:
     case LEDATE:
+	/* XXX: not multithread safe */
 	pp = ctime((time_t *) & p->l);
 	if ((rt = strchr(pp, '\n')) != NULL)
 	    *rt = '\0';
@@ -1842,10 +1841,10 @@
 		struct magic *m, int nbytes)
 {
     long offset = m->offset;
+
     if (offset + sizeof(union VALUETYPE) > nbytes)
 	          return 0;
 
-
     memcpy(p, s + offset, sizeof(union VALUETYPE));
 
     if (!mconvert(r, p, m))
@@ -2066,6 +2065,7 @@
     s = (unsigned char *) memcpy(nbuf, buf, small_nbytes);
     s[small_nbytes] = '\0';
     has_escapes = (memchr(s, '\033', small_nbytes) != NULL);
+    /* XXX: not multithread safe */
     while ((token = strtok((char *) s, " \t\n\r\f")) != NULL) {
 	s = NULL;		/* make strtok() keep on tokin' */
 	for (p = names; p < names + NNAMES; p++) {

Re: [PATCH] mod_mime_magic small bug fixes

Posted by Marc Slemko <ma...@worldgate.com>.

+1.

On Fri, 19 Dec 1997, Dean Gaudet wrote:

> - fix an off-by-1 on read() which I think I introduced in an
>     earlier cleanup
> 
> - fix case where m->desc[] may be left unterminated
> 
> - note some code which is not multithread safe
> 
> Dean
> 
> Index: modules/standard/mod_mime_magic.c
> ===================================================================
> RCS file: /export/home/cvs/apachen/src/modules/standard/mod_mime_magic.c,v
> retrieving revision 1.20
> diff -u -r1.20 mod_mime_magic.c
> --- mod_mime_magic.c	1997/11/16 01:52:23	1.20
> +++ mod_mime_magic.c	1997/12/19 08:40:52
> @@ -881,7 +881,7 @@
>      /*
>       * try looking at the first HOWMANY bytes
>       */
> -    if ((nbytes = read(fd, (char *) buf, sizeof(buf))) == -1) {
> +    if ((nbytes = read(fd, (char *) buf, sizeof(buf) - 1)) == -1) {
>  	aplog_error(APLOG_MARK, APLOG_ERR, r->server,
>  		    MODNAME ": read failed: %s", r->filename);
>  	return HTTP_INTERNAL_SERVER_ERROR;
> @@ -1086,7 +1086,6 @@
>   */
>  static int parse(server_rec *serv, pool *p, char *l, int lineno)
>  {
> -    int i = 0;
>      struct magic *m;
>      char *t, *s;
>      magic_server_config_rec *conf = (magic_server_config_rec *)
> @@ -1297,14 +1296,13 @@
>      }
>      else
>  	m->nospflag = 0;
> -    while ((m->desc[i++] = *l++) != '\0' && i < MAXDESC)
> -	/* NULLBODY */ ;
> +    strncpy(m->desc, l, sizeof(m->desc) - 1);
> +    m->desc[sizeof(m->desc) - 1] = '\0';
>  
>  #if MIME_MAGIC_DEBUG
>      aplog_error(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, serv,
>  		MODNAME ": parse line=%d m=%x next=%x cont=%d desc=%s",
> -		lineno, m, m->next, m->cont_level,
> -		m->desc ? m->desc : "NULL");
> +		lineno, m, m->next, m->cont_level, m->desc);
>  #endif /* MIME_MAGIC_DEBUG */
>  
>      return 0;
> @@ -1650,7 +1648,7 @@
>  			MODNAME ": line=%d mc=%x mc->next=%x cont=%d desc=%s",
>  			    m_cont->lineno, m_cont,
>  			    m_cont->next, m_cont->cont_level,
> -			    m_cont->desc ? m_cont->desc : "NULL");
> +			    m_cont->desc);
>  #endif
>  		/*
>  		 * this trick allows us to keep *m in sync when the continue
> @@ -1779,6 +1777,7 @@
>      case DATE:
>      case BEDATE:
>      case LEDATE:
> +	/* XXX: not multithread safe */
>  	pp = ctime((time_t *) & p->l);
>  	if ((rt = strchr(pp, '\n')) != NULL)
>  	    *rt = '\0';
> @@ -1842,10 +1841,10 @@
>  		struct magic *m, int nbytes)
>  {
>      long offset = m->offset;
> +
>      if (offset + sizeof(union VALUETYPE) > nbytes)
>  	          return 0;
>  
> -
>      memcpy(p, s + offset, sizeof(union VALUETYPE));
>  
>      if (!mconvert(r, p, m))
> @@ -2066,6 +2065,7 @@
>      s = (unsigned char *) memcpy(nbuf, buf, small_nbytes);
>      s[small_nbytes] = '\0';
>      has_escapes = (memchr(s, '\033', small_nbytes) != NULL);
> +    /* XXX: not multithread safe */
>      while ((token = strtok((char *) s, " \t\n\r\f")) != NULL) {
>  	s = NULL;		/* make strtok() keep on tokin' */
>  	for (p = names; p < names + NNAMES; p++) {
>