You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Dean Gaudet <dg...@arctic.org> on 1997/12/19 09:48:35 UTC
[PATCH] mod_mime_magic small bug fixes
- fix an off-by-1 on read() which I think I introduced in an
earlier cleanup
- fix case where m->desc[] may be left unterminated
- note some code which is not multithread safe
Dean
Index: modules/standard/mod_mime_magic.c
===================================================================
RCS file: /export/home/cvs/apachen/src/modules/standard/mod_mime_magic.c,v
retrieving revision 1.20
diff -u -r1.20 mod_mime_magic.c
--- mod_mime_magic.c 1997/11/16 01:52:23 1.20
+++ mod_mime_magic.c 1997/12/19 08:40:52
@@ -881,7 +881,7 @@
/*
* try looking at the first HOWMANY bytes
*/
- if ((nbytes = read(fd, (char *) buf, sizeof(buf))) == -1) {
+ if ((nbytes = read(fd, (char *) buf, sizeof(buf) - 1)) == -1) {
aplog_error(APLOG_MARK, APLOG_ERR, r->server,
MODNAME ": read failed: %s", r->filename);
return HTTP_INTERNAL_SERVER_ERROR;
@@ -1086,7 +1086,6 @@
*/
static int parse(server_rec *serv, pool *p, char *l, int lineno)
{
- int i = 0;
struct magic *m;
char *t, *s;
magic_server_config_rec *conf = (magic_server_config_rec *)
@@ -1297,14 +1296,13 @@
}
else
m->nospflag = 0;
- while ((m->desc[i++] = *l++) != '\0' && i < MAXDESC)
- /* NULLBODY */ ;
+ strncpy(m->desc, l, sizeof(m->desc) - 1);
+ m->desc[sizeof(m->desc) - 1] = '\0';
#if MIME_MAGIC_DEBUG
aplog_error(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, serv,
MODNAME ": parse line=%d m=%x next=%x cont=%d desc=%s",
- lineno, m, m->next, m->cont_level,
- m->desc ? m->desc : "NULL");
+ lineno, m, m->next, m->cont_level, m->desc);
#endif /* MIME_MAGIC_DEBUG */
return 0;
@@ -1650,7 +1648,7 @@
MODNAME ": line=%d mc=%x mc->next=%x cont=%d desc=%s",
m_cont->lineno, m_cont,
m_cont->next, m_cont->cont_level,
- m_cont->desc ? m_cont->desc : "NULL");
+ m_cont->desc);
#endif
/*
* this trick allows us to keep *m in sync when the continue
@@ -1779,6 +1777,7 @@
case DATE:
case BEDATE:
case LEDATE:
+ /* XXX: not multithread safe */
pp = ctime((time_t *) & p->l);
if ((rt = strchr(pp, '\n')) != NULL)
*rt = '\0';
@@ -1842,10 +1841,10 @@
struct magic *m, int nbytes)
{
long offset = m->offset;
+
if (offset + sizeof(union VALUETYPE) > nbytes)
return 0;
-
memcpy(p, s + offset, sizeof(union VALUETYPE));
if (!mconvert(r, p, m))
@@ -2066,6 +2065,7 @@
s = (unsigned char *) memcpy(nbuf, buf, small_nbytes);
s[small_nbytes] = '\0';
has_escapes = (memchr(s, '\033', small_nbytes) != NULL);
+ /* XXX: not multithread safe */
while ((token = strtok((char *) s, " \t\n\r\f")) != NULL) {
s = NULL; /* make strtok() keep on tokin' */
for (p = names; p < names + NNAMES; p++) {
Re: [PATCH] mod_mime_magic small bug fixes
Posted by Marc Slemko <ma...@worldgate.com>.
+1.
On Fri, 19 Dec 1997, Dean Gaudet wrote:
> - fix an off-by-1 on read() which I think I introduced in an
> earlier cleanup
>
> - fix case where m->desc[] may be left unterminated
>
> - note some code which is not multithread safe
>
> Dean
>
> Index: modules/standard/mod_mime_magic.c
> ===================================================================
> RCS file: /export/home/cvs/apachen/src/modules/standard/mod_mime_magic.c,v
> retrieving revision 1.20
> diff -u -r1.20 mod_mime_magic.c
> --- mod_mime_magic.c 1997/11/16 01:52:23 1.20
> +++ mod_mime_magic.c 1997/12/19 08:40:52
> @@ -881,7 +881,7 @@
> /*
> * try looking at the first HOWMANY bytes
> */
> - if ((nbytes = read(fd, (char *) buf, sizeof(buf))) == -1) {
> + if ((nbytes = read(fd, (char *) buf, sizeof(buf) - 1)) == -1) {
> aplog_error(APLOG_MARK, APLOG_ERR, r->server,
> MODNAME ": read failed: %s", r->filename);
> return HTTP_INTERNAL_SERVER_ERROR;
> @@ -1086,7 +1086,6 @@
> */
> static int parse(server_rec *serv, pool *p, char *l, int lineno)
> {
> - int i = 0;
> struct magic *m;
> char *t, *s;
> magic_server_config_rec *conf = (magic_server_config_rec *)
> @@ -1297,14 +1296,13 @@
> }
> else
> m->nospflag = 0;
> - while ((m->desc[i++] = *l++) != '\0' && i < MAXDESC)
> - /* NULLBODY */ ;
> + strncpy(m->desc, l, sizeof(m->desc) - 1);
> + m->desc[sizeof(m->desc) - 1] = '\0';
>
> #if MIME_MAGIC_DEBUG
> aplog_error(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, serv,
> MODNAME ": parse line=%d m=%x next=%x cont=%d desc=%s",
> - lineno, m, m->next, m->cont_level,
> - m->desc ? m->desc : "NULL");
> + lineno, m, m->next, m->cont_level, m->desc);
> #endif /* MIME_MAGIC_DEBUG */
>
> return 0;
> @@ -1650,7 +1648,7 @@
> MODNAME ": line=%d mc=%x mc->next=%x cont=%d desc=%s",
> m_cont->lineno, m_cont,
> m_cont->next, m_cont->cont_level,
> - m_cont->desc ? m_cont->desc : "NULL");
> + m_cont->desc);
> #endif
> /*
> * this trick allows us to keep *m in sync when the continue
> @@ -1779,6 +1777,7 @@
> case DATE:
> case BEDATE:
> case LEDATE:
> + /* XXX: not multithread safe */
> pp = ctime((time_t *) & p->l);
> if ((rt = strchr(pp, '\n')) != NULL)
> *rt = '\0';
> @@ -1842,10 +1841,10 @@
> struct magic *m, int nbytes)
> {
> long offset = m->offset;
> +
> if (offset + sizeof(union VALUETYPE) > nbytes)
> return 0;
>
> -
> memcpy(p, s + offset, sizeof(union VALUETYPE));
>
> if (!mconvert(r, p, m))
> @@ -2066,6 +2065,7 @@
> s = (unsigned char *) memcpy(nbuf, buf, small_nbytes);
> s[small_nbytes] = '\0';
> has_escapes = (memchr(s, '\033', small_nbytes) != NULL);
> + /* XXX: not multithread safe */
> while ((token = strtok((char *) s, " \t\n\r\f")) != NULL) {
> s = NULL; /* make strtok() keep on tokin' */
> for (p = names; p < names + NNAMES; p++) {
>