You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Marc Slemko <ma...@znep.com> on 1997/01/20 02:04:56 UTC
[PATCH]: slightly updated buffer overflow patches
Here are my latest patches. The only difference between them and the
previous version is that I removed the mod_fastcgi changes and lowered
the size of a buffer in mod_info a bit, as discussed.
I think there is enough support to commit them for final testing now.
Once that is done, it would be a good time to double check compiling
on all platforms you can with all modules you can, with (if you
have snprintf) and without HAVE_SNPRINTF defined.
Index: buff.c
===================================================================
RCS file: /home/marcs/archive/apache/cvs/apache/src/buff.c,v
retrieving revision 1.13
diff -c -r1.13 buff.c
*** buff.c 1997/01/18 19:17:21 1.13
--- buff.c 1997/01/19 22:23:10
***************
*** 481,487 ****
if (fb->flags & B_CHUNK) {
char chunksize[16]; /* Big enough for practically anything */
! sprintf(chunksize, "%x\015\012", nbyte);
write(fb->fd, chunksize, strlen(chunksize));
}
r = write(fb->fd, buf, nbyte);
--- 481,487 ----
if (fb->flags & B_CHUNK) {
char chunksize[16]; /* Big enough for practically anything */
! ap_snprintf(chunksize, sizeof(chunksize), "%x\015\012", nbyte);
write(fb->fd, chunksize, strlen(chunksize));
}
r = write(fb->fd, buf, nbyte);
Index: http_config.c
===================================================================
RCS file: /home/marcs/archive/apache/cvs/apache/src/http_config.c,v
retrieving revision 1.40
diff -c -r1.40 http_config.c
*** http_config.c 1997/01/04 15:10:15 1.40
--- http_config.c 1997/01/12 07:25:02
***************
*** 236,242 ****
for(n=0 ; aMethods[n].offset >= 0 ; ++n)
if(aMethods[n].offset == offset)
break;
! sprintf(buf,"%s:%s",modp->name,aMethods[n].method);
return buf;
}
#else
--- 236,242 ----
for(n=0 ; aMethods[n].offset >= 0 ; ++n)
if(aMethods[n].offset == offset)
break;
! ap_snprintf(buf, sizeof(buf), "%s:%s",modp->name,aMethods[n].method);
return buf;
}
#else
Index: http_core.c
===================================================================
RCS file: /home/marcs/archive/apache/cvs/apache/src/http_core.c,v
retrieving revision 1.57
diff -c -r1.57 http_core.c
*** http_core.c 1997/01/01 18:10:17 1.57
--- http_core.c 1997/01/12 07:26:24
***************
*** 884,890 ****
const char *set_server_root (cmd_parms *cmd, void *dummy, char *arg) {
if (!is_directory (arg)) return "ServerRoot must be a valid directory";
! strcpy (server_root, arg);
return NULL;
}
--- 884,891 ----
const char *set_server_root (cmd_parms *cmd, void *dummy, char *arg) {
if (!is_directory (arg)) return "ServerRoot must be a valid directory";
! strncpy (server_root, arg, sizeof(server_root)-1);
! server_root[sizeof(server_root)-1] = '\0';
return NULL;
}
Index: http_main.c
===================================================================
RCS file: /home/marcs/archive/apache/cvs/apache/src/http_main.c,v
retrieving revision 1.106
diff -c -r1.106 http_main.c
*** http_main.c 1997/01/12 20:38:12 1.106
--- http_main.c 1997/01/18 07:50:02
***************
*** 193,206 ****
void
accept_mutex_init(pool *p)
{
! char lock_fname[30];
#ifdef __MACHTEN__
! strcpy(lock_fname, "/var/tmp/htlock.XXXXXX");
#else
! strcpy(lock_fname, "/usr/tmp/htlock.XXXXXX");
#endif
!
if (mktemp(lock_fname) == NULL || lock_fname[0] == '\0')
{
fprintf (stderr, "Cannot assign name to lock file!\n");
--- 193,207 ----
void
accept_mutex_init(pool *p)
{
! char lock_fname[256];
#ifdef __MACHTEN__
! strncpy(lock_fname, "/var/tmp/htlock.XXXXXX", sizeof(lock_fname)-1);
#else
! strncpy(lock_fname, "/usr/tmp/htlock.XXXXXX", sizeof(lock_fname)-1);
#endif
! lock_fname[sizeof(lock_fname)-1] = '\0';
!
if (mktemp(lock_fname) == NULL || lock_fname[0] == '\0')
{
fprintf (stderr, "Cannot assign name to lock file!\n");
***************
*** 251,259 ****
void
accept_mutex_init(pool *p)
{
! char lock_fname[30];
! strcpy(lock_fname, "/usr/tmp/htlock.XXXXXX");
if (mktemp(lock_fname) == NULL || lock_fname[0] == '\0')
{
--- 252,261 ----
void
accept_mutex_init(pool *p)
{
! char lock_fname[256];
! strncpy(lock_fname, "/usr/tmp/htlock.XXXXXX", sizeof(lock_fname)-1);
! lock_fname[sizeof(lock_fname)-1] = '\0';
if (mktemp(lock_fname) == NULL || lock_fname[0] == '\0')
{
***************
*** 411,421 ****
if (timeout_req != NULL) dirconf = timeout_req->per_dir_config;
else dirconf = current_conn->server->lookup_defaults;
if (sig == SIGPIPE) {
! sprintf(errstr,"%s lost connection to client %s",
timeout_name ? timeout_name : "request",
get_remote_host(current_conn, dirconf, REMOTE_NAME));
} else {
! sprintf(errstr,"%s timed out for %s",
timeout_name ? timeout_name : "request",
get_remote_host(current_conn, dirconf, REMOTE_NAME));
}
--- 413,423 ----
if (timeout_req != NULL) dirconf = timeout_req->per_dir_config;
else dirconf = current_conn->server->lookup_defaults;
if (sig == SIGPIPE) {
! ap_snprintf(errstr, sizeof(errstr), "%s lost connection to client %s",
timeout_name ? timeout_name : "request",
get_remote_host(current_conn, dirconf, REMOTE_NAME));
} else {
! ap_snprintf(errstr, sizeof(errstr), "%s timed out for %s",
timeout_name ? timeout_name : "request",
get_remote_host(current_conn, dirconf, REMOTE_NAME));
}
***************
*** 606,612 ****
exit(1);
}
! sprintf(errstr, "created shared memory segment #%d", shmid);
log_error(errstr, server_conf);
#ifdef MOVEBREAK
--- 608,614 ----
exit(1);
}
! ap_snprintf(errstr, sizeof(errstr), "created shared memory segment #%d", shmid);
log_error(errstr, server_conf);
#ifdef MOVEBREAK
***************
*** 658,664 ****
if (shmctl(shmid, IPC_RMID, NULL) != 0) {
perror("shmctl");
fprintf(stderr, "httpd: Could not delete segment #%d\n", shmid);
! sprintf(errstr, "could not remove shared memory segment #%d", shmid);
log_unixerr("shmctl","IPC_RMID",errstr, server_conf);
}
if (scoreboard_image == BADSHMAT) /* now bailout */
--- 660,666 ----
if (shmctl(shmid, IPC_RMID, NULL) != 0) {
perror("shmctl");
fprintf(stderr, "httpd: Could not delete segment #%d\n", shmid);
! ap_snprintf(errstr, sizeof(errstr), "could not remove shared memory segment #%d", shmid);
log_unixerr("shmctl","IPC_RMID",errstr, server_conf);
}
if (scoreboard_image == BADSHMAT) /* now bailout */
***************
*** 2020,2035 ****
ptrans = make_sub_pool(pconf);
server_argv0 = argv[0];
! strcpy (server_root, HTTPD_ROOT);
! strcpy (server_confname, SERVER_CONFIG_FILE);
while((c = getopt(argc,argv,"Xd:f:vhl")) != -1) {
switch(c) {
case 'd':
! strcpy (server_root, optarg);
break;
case 'f':
! strcpy (server_confname, optarg);
break;
case 'v':
printf("Server version %s.\n",SERVER_VERSION);
--- 2022,2041 ----
ptrans = make_sub_pool(pconf);
server_argv0 = argv[0];
! strncpy (server_root, HTTPD_ROOT, sizeof(server_root)-1);
! server_root[sizeof(server_root)-1] = '\0';
! strncpy (server_confname, SERVER_CONFIG_FILE, sizeof(server_root)-1);
! server_confname[sizeof(server_confname)-1] = '\0';
while((c = getopt(argc,argv,"Xd:f:vhl")) != -1) {
switch(c) {
case 'd':
! strncpy (server_root, optarg, sizeof(server_root)-1);
! server_root[sizeof(server_root)-1] = '\0';
break;
case 'f':
! strncpy (server_confname, optarg, sizeof(server_confname)-1);
! server_confname[sizeof(server_confname)-1] = '\0';
break;
case 'v':
printf("Server version %s.\n",SERVER_VERSION);
Index: http_protocol.c
===================================================================
RCS file: /home/marcs/archive/apache/cvs/apache/src/http_protocol.c,v
retrieving revision 1.90
diff -c -r1.90 http_protocol.c
*** http_protocol.c 1997/01/12 20:22:17 1.90
--- http_protocol.c 1997/01/18 08:15:40
***************
*** 140,150 ****
r->byterange = 1;
! sprintf(ts, "bytes %ld-%ld/%ld", range_start, range_end,
r->clength);
table_set(r->headers_out, "Content-Range",
pstrdup(r->pool, ts));
! sprintf(ts, "%ld", range_end - range_start + 1);
table_set(r->headers_out, "Content-Length", ts);
}
else {
--- 140,150 ----
r->byterange = 1;
! ap_snprintf(ts, sizeof(ts), "bytes %ld-%ld/%ld", range_start, range_end,
r->clength);
table_set(r->headers_out, "Content-Range",
pstrdup(r->pool, ts));
! ap_snprintf(ts, sizeof(ts), "%ld", range_end - range_start + 1);
table_set(r->headers_out, "Content-Length", ts);
}
else {
***************
*** 153,159 ****
r->byterange = 2;
table_unset(r->headers_out, "Content-Length");
! sprintf(boundary, "%lx%lx", r->request_time, (long)getpid());
r->boundary = pstrdup(r->pool, boundary);
}
--- 153,159 ----
r->byterange = 2;
table_unset(r->headers_out, "Content-Length");
! ap_snprintf(boundary, sizeof(boundary), "%lx%lx", r->request_time, (long)getpid());
r->boundary = pstrdup(r->pool, boundary);
}
***************
*** 181,187 ****
char *ct = r->content_type ? r->content_type : default_type(r);
char ts[MAX_STRING_LEN];
! sprintf(ts, "%ld-%ld/%ld", range_start, range_end, r->clength);
rvputs(r, "\015\012--", r->boundary, "\015\012Content-type: ",
ct, "\015\012Content-range: bytes ", ts, "\015\012\015\012",
NULL);
--- 181,187 ----
char *ct = r->content_type ? r->content_type : default_type(r);
char ts[MAX_STRING_LEN];
! ap_snprintf(ts, sizeof(ts), "%ld-%ld/%ld", range_start, range_end, r->clength);
rvputs(r, "\015\012--", r->boundary, "\015\012Content-type: ",
ct, "\015\012Content-range: bytes ", ts, "\015\012\015\012",
NULL);
***************
*** 198,204 ****
r->clength = clength;
! sprintf (ts, "%ld", clength);
table_set (r->headers_out, "Content-Length", pstrdup (r->pool, ts));
return 0;
--- 198,204 ----
r->clength = clength;
! ap_snprintf (ts, sizeof(ts), "%ld", clength);
table_set (r->headers_out, "Content-Length", pstrdup (r->pool, ts));
return 0;
***************
*** 225,231 ****
* that sets the output to chunked encoding if it is not already
* length-delimited. It is not a bug, though it is annoying.
*/
! char header[26];
int left = r->server->keep_alive - r->connection->keepalives;
r->connection->keepalive = 1;
--- 225,231 ----
* that sets the output to chunked encoding if it is not already
* length-delimited. It is not a bug, though it is annoying.
*/
! char header[256];
int left = r->server->keep_alive - r->connection->keepalives;
r->connection->keepalive = 1;
***************
*** 233,239 ****
/* If they sent a Keep-Alive token, send one back */
if (ka_sent) {
! sprintf(header, "timeout=%d, max=%d",
r->server->keep_alive_timeout, left);
rputs("Connection: Keep-Alive\015\012", r);
rvputs(r, "Keep-Alive: ", header, "\015\012", NULL);
--- 233,239 ----
/* If they sent a Keep-Alive token, send one back */
if (ka_sent) {
! ap_snprintf(header, sizeof(header), "timeout=%d, max=%d",
r->server->keep_alive_timeout, left);
rputs("Connection: Keep-Alive\015\012", r);
rvputs(r, "Keep-Alive: ", header, "\015\012", NULL);
***************
*** 280,289 ****
*/
if (r->finfo.st_mode != 0)
! sprintf(weak_etag, "W/\"%lx-%lx-%lx\"", (unsigned long)r->finfo.st_ino,
(unsigned long)r->finfo.st_size, (unsigned long)mtime);
else
! sprintf(weak_etag, "W/\"%lx\"", (unsigned long)mtime);
etag = weak_etag + ((r->request_time - mtime > 1) ? 2 : 0);
table_set (r->headers_out, "ETag", etag);
--- 280,291 ----
*/
if (r->finfo.st_mode != 0)
! ap_snprintf(weak_etag, sizeof(weak_etag), "W/\"%lx-%lx-%lx\"",
! (unsigned long)r->finfo.st_ino,
(unsigned long)r->finfo.st_size, (unsigned long)mtime);
else
! ap_snprintf(weak_etag, sizeof(weak_etag), "W/\"%lx\"",
! (unsigned long)mtime);
etag = weak_etag + ((r->request_time - mtime > 1) ? 2 : 0);
table_set (r->headers_out, "ETag", etag);
***************
*** 752,760 ****
void note_digest_auth_failure(request_rec *r)
{
! char nonce[10];
! sprintf(nonce, "%lu", r->request_time);
table_set (r->err_headers_out, "WWW-Authenticate",
pstrcat(r->pool, "Digest realm=\"", auth_name(r),
"\", nonce=\"", nonce, "\"", NULL));
--- 754,762 ----
void note_digest_auth_failure(request_rec *r)
{
! char nonce[256];
! ap_snprintf(nonce, sizeof(nonce), "%lu", r->request_time);
table_set (r->err_headers_out, "WWW-Authenticate",
pstrcat(r->pool, "Digest realm=\"", auth_name(r),
"\", nonce=\"", nonce, "\"", NULL));
***************
*** 1251,1257 ****
if (len_to_read == 0) { /* Last chunk indicated, get footers */
if (r->read_body == REQUEST_CHUNKED_DECHUNK) {
get_mime_headers(r);
! sprintf(buffer, "%ld", r->read_length);
table_unset(r->headers_in, "Transfer-Encoding");
table_set(r->headers_in, "Content-Length", buffer);
return 0;
--- 1253,1259 ----
if (len_to_read == 0) { /* Last chunk indicated, get footers */
if (r->read_body == REQUEST_CHUNKED_DECHUNK) {
get_mime_headers(r);
! ap_snprintf(buffer, bufsiz, "%ld", r->read_length);
table_unset(r->headers_in, "Transfer-Encoding");
table_set(r->headers_in, "Content-Length", buffer);
return 0;
***************
*** 1659,1666 ****
if (recursive_error) {
char x[80];
! sprintf (x, "Additionally, an error of type %d was encountered\n",
! recursive_error);
bputs(x, fd);
bputs("while trying to use an ErrorDocument to\n", fd);
bputs("handle the request.\n", fd);
--- 1661,1669 ----
if (recursive_error) {
char x[80];
! ap_snprintf (x, sizeof(x),
! "Additionally, an error of type %d was encountered\n",
! recursive_error);
bputs(x, fd);
bputs("while trying to use an ErrorDocument to\n", fd);
bputs("handle the request.\n", fd);
Index: http_request.c
===================================================================
RCS file: /home/marcs/archive/apache/cvs/apache/src/http_request.c,v
retrieving revision 1.37
diff -c -r1.37 http_request.c
*** http_request.c 1997/01/14 05:03:06 1.37
--- http_request.c 1997/01/18 07:50:07
***************
*** 999,1005 ****
request_rec *internal_internal_redirect (const char *new_uri, request_rec *r)
{
request_rec *new = (request_rec *)pcalloc(r->pool, sizeof(request_rec));
! char t[10]; /* Long enough... */
new->connection = r->connection;
new->server = r->server;
--- 999,1005 ----
request_rec *internal_internal_redirect (const char *new_uri, request_rec *r)
{
request_rec *new = (request_rec *)pcalloc(r->pool, sizeof(request_rec));
! char t[256]; /* Long enough... */
new->connection = r->connection;
new->server = r->server;
***************
*** 1045,1051 ****
*/
new->no_local_copy = r->no_local_copy;
! sprintf (t, "%d", r->status);
table_set (new->subprocess_env, "REDIRECT_STATUS", pstrdup (r->pool, t));
return new;
--- 1045,1051 ----
*/
new->no_local_copy = r->no_local_copy;
! ap_snprintf (t, sizeof(t), "%d", r->status);
table_set (new->subprocess_env, "REDIRECT_STATUS", pstrdup (r->pool, t));
return new;
Index: mod_auth.c
===================================================================
RCS file: /home/marcs/archive/apache/cvs/apache/src/mod_auth.c,v
retrieving revision 1.11
diff -c -r1.11 mod_auth.c
*** mod_auth.c 1997/01/01 18:10:26 1.11
--- mod_auth.c 1997/01/12 07:35:05
***************
*** 198,211 ****
if (!(real_pw = get_pw(r, c->user, sec->auth_pwfile))) {
if (!(sec->auth_authoritative))
return DECLINED;
! sprintf(errstr,"user %s not found",c->user);
log_reason (errstr, r->uri, r);
note_basic_auth_failure (r);
return AUTH_REQUIRED;
}
/* anyone know where the prototype for crypt is? */
if(strcmp(real_pw,(char *)crypt(sent_pw,real_pw))) {
! sprintf(errstr,"user %s: password mismatch",c->user);
log_reason (errstr, r->uri, r);
note_basic_auth_failure (r);
return AUTH_REQUIRED;
--- 198,211 ----
if (!(real_pw = get_pw(r, c->user, sec->auth_pwfile))) {
if (!(sec->auth_authoritative))
return DECLINED;
! ap_snprintf(errstr, sizeof(errstr), "user %s not found",c->user);
log_reason (errstr, r->uri, r);
note_basic_auth_failure (r);
return AUTH_REQUIRED;
}
/* anyone know where the prototype for crypt is? */
if(strcmp(real_pw,(char *)crypt(sent_pw,real_pw))) {
! ap_snprintf(errstr, sizeof(errstr), "user %s: password mismatch",c->user);
log_reason (errstr, r->uri, r);
note_basic_auth_failure (r);
return AUTH_REQUIRED;
Index: mod_auth_anon.c
===================================================================
RCS file: /home/marcs/archive/apache/cvs/apache/src/mod_auth_anon.c,v
retrieving revision 1.12
diff -c -r1.12 mod_auth_anon.c
*** mod_auth_anon.c 1997/01/01 18:10:27 1.12
--- mod_auth_anon.c 1997/01/12 07:35:43
***************
*** 239,252 ****
)
) {
if (sec->auth_anon_logemail) {
! sprintf(errstr,"Anonymous: Passwd <%s> Accepted",
send_pw ? send_pw : "\'none\'");
log_error (errstr, r->server );
}
return OK;
} else {
if (sec->auth_anon_authoritative) {
! sprintf(errstr,"Anonymous: Authoritative, Passwd <%s> not accepted",
send_pw ? send_pw : "\'none\'");
log_error(errstr,r->server);
return AUTH_REQUIRED;
--- 239,253 ----
)
) {
if (sec->auth_anon_logemail) {
! ap_snprintf(errstr, sizeof(errstr), "Anonymous: Passwd <%s> Accepted",
send_pw ? send_pw : "\'none\'");
log_error (errstr, r->server );
}
return OK;
} else {
if (sec->auth_anon_authoritative) {
! ap_snprintf(errstr, sizeof(errstr),
! "Anonymous: Authoritative, Passwd <%s> not accepted",
send_pw ? send_pw : "\'none\'");
log_error(errstr,r->server);
return AUTH_REQUIRED;
Index: mod_auth_db.c
===================================================================
RCS file: /home/marcs/archive/apache/cvs/apache/src/mod_auth_db.c,v
retrieving revision 1.9
diff -c -r1.9 mod_auth_db.c
*** mod_auth_db.c 1997/01/01 18:10:27 1.9
--- mod_auth_db.c 1997/01/12 07:38:10
***************
*** 201,207 ****
if(!(real_pw = get_db_pw(r, c->user, sec->auth_dbpwfile))) {
if (!(sec -> auth_dbauthoritative))
return DECLINED;
! sprintf(errstr,"DB user %s not found", c->user);
log_reason (errstr, r->filename, r);
note_basic_auth_failure (r);
return AUTH_REQUIRED;
--- 201,207 ----
if(!(real_pw = get_db_pw(r, c->user, sec->auth_dbpwfile))) {
if (!(sec -> auth_dbauthoritative))
return DECLINED;
! ap_snprintf(errstr, sizeof(errstr), "DB user %s not found", c->user);
log_reason (errstr, r->filename, r);
note_basic_auth_failure (r);
return AUTH_REQUIRED;
***************
*** 211,217 ****
if (colon_pw) *colon_pw='\0';
/* anyone know where the prototype for crypt is? */
if(strcmp(real_pw,(char *)crypt(sent_pw,real_pw))) {
! sprintf(errstr,"user %s: password mismatch",c->user);
log_reason (errstr, r->uri, r);
note_basic_auth_failure (r);
return AUTH_REQUIRED;
--- 211,218 ----
if (colon_pw) *colon_pw='\0';
/* anyone know where the prototype for crypt is? */
if(strcmp(real_pw,(char *)crypt(sent_pw,real_pw))) {
! ap_snprintf(errstr, sizeof(errstr),
! "user %s: password mismatch",c->user);
log_reason (errstr, r->uri, r);
note_basic_auth_failure (r);
return AUTH_REQUIRED;
***************
*** 253,260 ****
if (!(groups = get_db_grp(r, user, sec->auth_dbgrpfile))) {
if (!(sec->auth_dbauthoritative))
return DECLINED;
! sprintf(errstr,"user %s not in DB group file %s",
! user, sec->auth_dbgrpfile);
log_reason (errstr, r->filename, r);
note_basic_auth_failure (r);
return AUTH_REQUIRED;
--- 254,262 ----
if (!(groups = get_db_grp(r, user, sec->auth_dbgrpfile))) {
if (!(sec->auth_dbauthoritative))
return DECLINED;
! ap_snprintf(errstr, sizeof(errstr),
! "user %s not in DB group file %s",
! user, sec->auth_dbgrpfile);
log_reason (errstr, r->filename, r);
note_basic_auth_failure (r);
return AUTH_REQUIRED;
***************
*** 269,275 ****
return OK;
}
}
! sprintf(errstr,"user %s not in right group",user);
log_reason (errstr, r->filename, r);
note_basic_auth_failure(r);
return AUTH_REQUIRED;
--- 271,278 ----
return OK;
}
}
! ap_snprintf(errstr, sizeof(errstr),
! "user %s not in right group",user);
log_reason (errstr, r->filename, r);
note_basic_auth_failure(r);
return AUTH_REQUIRED;
Index: mod_auth_dbm.c
===================================================================
RCS file: /home/marcs/archive/apache/cvs/apache/src/mod_auth_dbm.c,v
retrieving revision 1.12
diff -c -r1.12 mod_auth_dbm.c
*** mod_auth_dbm.c 1997/01/01 18:10:28 1.12
--- mod_auth_dbm.c 1997/01/12 07:39:16
***************
*** 189,195 ****
if(!(real_pw = get_dbm_pw(r, c->user, sec->auth_dbmpwfile))) {
if (!(sec->auth_dbmauthoritative))
return DECLINED;
! sprintf(errstr,"DBM user %s not found", c->user);
log_reason (errstr, r->filename, r);
note_basic_auth_failure (r);
return AUTH_REQUIRED;
--- 189,195 ----
if(!(real_pw = get_dbm_pw(r, c->user, sec->auth_dbmpwfile))) {
if (!(sec->auth_dbmauthoritative))
return DECLINED;
! ap_snprintf(errstr, sizeof(errstr), "DBM user %s not found", c->user);
log_reason (errstr, r->filename, r);
note_basic_auth_failure (r);
return AUTH_REQUIRED;
***************
*** 199,205 ****
if (colon_pw) *colon_pw='\0';
/* anyone know where the prototype for crypt is? */
if(strcmp(real_pw,(char *)crypt(sent_pw,real_pw))) {
! sprintf(errstr,"user %s: password mismatch",c->user);
log_reason (errstr, r->uri, r);
note_basic_auth_failure (r);
return AUTH_REQUIRED;
--- 199,206 ----
if (colon_pw) *colon_pw='\0';
/* anyone know where the prototype for crypt is? */
if(strcmp(real_pw,(char *)crypt(sent_pw,real_pw))) {
! ap_snprintf(errstr, sizeof(errstr),
! "user %s: password mismatch",c->user);
log_reason (errstr, r->uri, r);
note_basic_auth_failure (r);
return AUTH_REQUIRED;
***************
*** 241,248 ****
if (!(groups = get_dbm_grp(r, user, sec->auth_dbmgrpfile))) {
if (!(sec->auth_dbmauthoritative))
return DECLINED;
! sprintf(errstr,"user %s not in DBM group file %s",
! user, sec->auth_dbmgrpfile);
log_reason (errstr, r->filename, r);
note_basic_auth_failure (r);
return AUTH_REQUIRED;
--- 242,250 ----
if (!(groups = get_dbm_grp(r, user, sec->auth_dbmgrpfile))) {
if (!(sec->auth_dbmauthoritative))
return DECLINED;
! ap_snprintf(errstr, sizeof(errstr),
! "user %s not in DBM group file %s",
! user, sec->auth_dbmgrpfile);
log_reason (errstr, r->filename, r);
note_basic_auth_failure (r);
return AUTH_REQUIRED;
***************
*** 257,263 ****
return OK;
}
}
! sprintf(errstr,"user %s not in right group",user);
log_reason (errstr, r->filename, r);
note_basic_auth_failure(r);
return AUTH_REQUIRED;
--- 259,266 ----
return OK;
}
}
! ap_snprintf(errstr, sizeof(errstr),
! "user %s not in right group",user);
log_reason (errstr, r->filename, r);
note_basic_auth_failure(r);
return AUTH_REQUIRED;
Index: mod_auth_msql.c
===================================================================
RCS file: /home/marcs/archive/apache/cvs/apache/src/mod_auth_msql.c,v
retrieving revision 1.17
diff -c -r1.17 mod_auth_msql.c
*** mod_auth_msql.c 1997/01/01 18:10:28 1.17
--- mod_auth_msql.c 1997/01/12 07:49:35
***************
*** 560,566 ****
/* does this fit ? */
if (j >= (MAX_FIELD_LEN-1)) {
! sprintf(msql_errstr,"Could not escape '%s', longer than %d",in,MAX_FIELD_LEN);
return NULL;
};
--- 560,567 ----
/* does this fit ? */
if (j >= (MAX_FIELD_LEN-1)) {
! ap_snprintf(msql_errstr, MAX_STRING_LENGTH,
! "Could not escape '%s', longer than %d",in,MAX_FIELD_LEN);
return NULL;
};
***************
*** 601,607 ****
/* (re) open if nessecary
*/
if (sock==-1) if ((sock=msqlConnect(host)) == -1) {
! sprintf (msql_errstr,
"mSQL: Could not connect to Msql DB %s (%s)",
(sec->auth_msql_host ? sec->auth_msql_host : "\'unset, assuming localhost!\'"),
msqlErrMsg);
--- 602,608 ----
/* (re) open if nessecary
*/
if (sock==-1) if ((sock=msqlConnect(host)) == -1) {
! ap_snprintf (msql_errstr, MAX_STRING_LENGTH,
"mSQL: Could not connect to Msql DB %s (%s)",
(sec->auth_msql_host ? sec->auth_msql_host : "\'unset, assuming localhost!\'"),
msqlErrMsg);
***************
*** 612,618 ****
* and is quite cheap anyway
*/
if (msqlSelectDB(sock,sec->auth_msql_database) == -1 ) {
! sprintf (msql_errstr,"mSQL: Could not select Msql Table \'%s\' on host \'%s\'(%s)",
(sec->auth_msql_database ? sec->auth_msql_database : "\'unset!\'"),
(sec->auth_msql_host ? sec->auth_msql_host : "\'unset, assuming localhost!\'"),
msqlErrMsg);
--- 613,620 ----
* and is quite cheap anyway
*/
if (msqlSelectDB(sock,sec->auth_msql_database) == -1 ) {
! ap_snprintf (msql_errstr, MAX_STRING_LENGTH,
! "mSQL: Could not select Msql Table \'%s\' on host \'%s\'(%s)",
(sec->auth_msql_database ? sec->auth_msql_database : "\'unset!\'"),
(sec->auth_msql_host ? sec->auth_msql_host : "\'unset, assuming localhost!\'"),
msqlErrMsg);
***************
*** 622,628 ****
}
if (msqlQuery(sock,query) == -1 ) {
! sprintf (msql_errstr,"mSQL: Could not Query database '%s' on host '%s' (%s) with query [%s]",
(sec->auth_msql_database ? sec->auth_msql_database : "\'unset!\'"),
(sec->auth_msql_host ? sec->auth_msql_host : "\'unset, assuming localhost!\'"),
msqlErrMsg,
--- 624,631 ----
}
if (msqlQuery(sock,query) == -1 ) {
! ap_snprintf (msql_errstr, MAX_STRING_LENGTH,
! "mSQL: Could not Query database '%s' on host '%s' (%s) with query [%s]",
(sec->auth_msql_database ? sec->auth_msql_database : "\'unset!\'"),
(sec->auth_msql_host ? sec->auth_msql_host : "\'unset, assuming localhost!\'"),
msqlErrMsg,
***************
*** 633,639 ****
}
if (!(results=msqlStoreResult())) {
! sprintf (msql_errstr,"mSQL: Could not get the results from mSQL database \'%s\' on \'%s\' (%s) with query [%s]",
(sec->auth_msql_database ? sec->auth_msql_database : "\'unset!\'"),
(sec->auth_msql_host ? sec->auth_msql_host : "\'unset, assuming localhost!\'"),
msqlErrMsg,
--- 636,643 ----
}
if (!(results=msqlStoreResult())) {
! ap_snprintf (msql_errstr, MAX_STRING_LENGTH,
! "mSQL: Could not get the results from mSQL database \'%s\' on \'%s\' (%s) with query [%s]",
(sec->auth_msql_database ? sec->auth_msql_database : "\'unset!\'"),
(sec->auth_msql_host ? sec->auth_msql_host : "\'unset, assuming localhost!\'"),
msqlErrMsg,
***************
*** 649,656 ****
/* complain if there are to many
* matches.
*/
! sprintf (msql_errstr,"mSQL: More than %d matches (%d) whith query [%s]",
! once,hit,( query ? query : "\'unset!\'") );
} else
/* if we have a it, try to get it
*/
--- 653,661 ----
/* complain if there are to many
* matches.
*/
! ap_snprintf (msql_errstr, MAX_STRING_LENGTH,
! "mSQL: More than %d matches (%d) whith query [%s]",
! once,hit,( query ? query : "\'unset!\'") );
} else
/* if we have a it, try to get it
*/
***************
*** 658,664 ****
if ( (currow=msqlFetchRow(results)) != NULL) {
/* copy the first matching field value */
if (!(result=palloc(r->pool,strlen(currow[0])+1))) {
! sprintf (msql_errstr,"mSQL: Could not get memory for mSQL %s (%s) with [%s]",
(sec->auth_msql_database ? sec->auth_msql_database : "\'unset!\'"),
msqlErrMsg,
( query ? query : "\'unset!\'") );
--- 663,670 ----
if ( (currow=msqlFetchRow(results)) != NULL) {
/* copy the first matching field value */
if (!(result=palloc(r->pool,strlen(currow[0])+1))) {
! ap_snprintf (msql_errstr, MAX_STRING_LENGTH,
! "mSQL: Could not get memory for mSQL %s (%s) with [%s]",
(sec->auth_msql_database ? sec->auth_msql_database : "\'unset!\'"),
msqlErrMsg,
( query ? query : "\'unset!\'") );
***************
*** 695,701 ****
(!sec->auth_msql_pwd_field) ||
(!sec->auth_msql_uname_field)
) {
! sprintf(msql_errstr,
"mSQL: Missing parameters for password lookup: %s%s%s",
(sec->auth_msql_pwd_table ? "" : "Password table "),
(sec->auth_msql_pwd_field ? "" : "Password field name "),
--- 701,707 ----
(!sec->auth_msql_pwd_field) ||
(!sec->auth_msql_uname_field)
) {
! ap_snprintf(msql_errstr, MAX_STRING_LENGTH,
"mSQL: Missing parameters for password lookup: %s%s%s",
(sec->auth_msql_pwd_table ? "" : "Password table "),
(sec->auth_msql_pwd_field ? "" : "Password field name "),
***************
*** 705,715 ****
};
if (!(msql_escape(esc_user, user, msql_errstr))) {
! sprintf(msql_errstr,
"mSQL: Could not cope/escape the '%s' user_id value; ",user);
return NULL;
};
! sprintf(query,"select %s from %s where %s='%s'",
sec->auth_msql_pwd_field,
sec->auth_msql_pwd_table,
sec->auth_msql_uname_field,
--- 711,722 ----
};
if (!(msql_escape(esc_user, user, msql_errstr))) {
! ap_snprintf(msql_errstr, MAX_STRING_LENGTH,
"mSQL: Could not cope/escape the '%s' user_id value; ",user);
return NULL;
};
! ap_snprintf(query, sizeof(query),
! "select %s from %s where %s='%s'",
sec->auth_msql_pwd_field,
sec->auth_msql_pwd_table,
sec->auth_msql_uname_field,
***************
*** 731,737 ****
(!sec->auth_msql_grp_field) ||
(!sec->auth_msql_uname_field)
) {
! sprintf(msql_errstr,
"mSQL: Missing parameters for group lookup: %s%s%s",
(sec->auth_msql_grp_table ? "" : "Group table "),
(sec->auth_msql_grp_field ? "" : "GroupID field name "),
--- 738,744 ----
(!sec->auth_msql_grp_field) ||
(!sec->auth_msql_uname_field)
) {
! ap_snprintf(msql_errstr, MAX_STRING_LENGTH,
"mSQL: Missing parameters for group lookup: %s%s%s",
(sec->auth_msql_grp_table ? "" : "Group table "),
(sec->auth_msql_grp_field ? "" : "GroupID field name "),
***************
*** 741,759 ****
};
if (!(msql_escape(esc_user, user,msql_errstr))) {
! sprintf(msql_errstr,
"mSQL: Could not cope/escape the '%s' user_id value",user);
return NULL;
};
if (!(msql_escape(esc_group, group,msql_errstr))) {
! sprintf(msql_errstr,
"mSQL: Could not cope/escape the '%s' group_id value",group);
return NULL;
};
! sprintf(query,"select %s from %s where %s='%s' and %s='%s'",
sec->auth_msql_grp_field,
sec->auth_msql_grp_table,
sec->auth_msql_uname_field,esc_user,
--- 748,767 ----
};
if (!(msql_escape(esc_user, user,msql_errstr))) {
! ap_snprintf(msql_errstr, MAX_STRING_LENGTH,
"mSQL: Could not cope/escape the '%s' user_id value",user);
return NULL;
};
if (!(msql_escape(esc_group, group,msql_errstr))) {
! ap_snprintf(msql_errstr, MAX_STRING_LENGTH,
"mSQL: Could not cope/escape the '%s' group_id value",group);
return NULL;
};
! ap_snprintf(query, sizeof(query),
! "select %s from %s where %s='%s' and %s='%s'",
sec->auth_msql_grp_field,
sec->auth_msql_grp_table,
sec->auth_msql_uname_field,esc_user,
***************
*** 770,775 ****
--- 778,786 ----
(msql_auth_config_rec *)get_module_config (r->per_dir_config,
&msql_auth_module);
char msql_errstr[MAX_STRING_LEN];
+ /* msql_errstr must be MAX_STRING_LEN in size unless you
+ * change size in ap_snprintf() calls
+ */
conn_rec *c = r->connection;
char *sent_pw, *real_pw;
int res;
***************
*** 795,801 ****
if (sec->auth_msql_authoritative) {
/* insist that the user is in the database
*/
! sprintf(msql_errstr,"mSQL: Password for user %s not found", c->user);
note_basic_auth_failure (r);
res = AUTH_REQUIRED;
} else {
--- 806,813 ----
if (sec->auth_msql_authoritative) {
/* insist that the user is in the database
*/
! ap_snprintf(msql_errstr, MAX_STRING_LENGTH,
! "mSQL: Password for user %s not found", c->user);
note_basic_auth_failure (r);
res = AUTH_REQUIRED;
} else {
***************
*** 814,820 ****
if ((sec->auth_msql_nopasswd) && (!strlen(real_pw))) {
/*
! sprintf(msql_errstr,"mSQL: user %s: Empty/'any' password accepted",c->user);
log_reason (msql_errstr, r->uri, r);
*/
return OK;
--- 826,833 ----
if ((sec->auth_msql_nopasswd) && (!strlen(real_pw))) {
/*
! ap_snprintf(msql_errstr, MAX_STRING_LENGTH,
! "mSQL: user %s: Empty/'any' password accepted",c->user);
log_reason (msql_errstr, r->uri, r);
*/
return OK;
***************
*** 824,830 ****
* an arms length.
*/
if ((!strlen(real_pw)) || (!strlen(sent_pw))) {
! sprintf(msql_errstr,"mSQL: user %s: Empty Password(s) Rejected",c->user);
log_reason (msql_errstr, r->uri, r);
note_basic_auth_failure (r);
return AUTH_REQUIRED;
--- 837,844 ----
* an arms length.
*/
if ((!strlen(real_pw)) || (!strlen(sent_pw))) {
! ap_snprintf(msql_errstr, MAX_STRING_LENGTH,
! "mSQL: user %s: Empty Password(s) Rejected",c->user);
log_reason (msql_errstr, r->uri, r);
note_basic_auth_failure (r);
return AUTH_REQUIRED;
***************
*** 842,848 ****
};
if (strcmp(real_pw,sent_pw)) {
! sprintf(msql_errstr,"mSQL user %s: password mismatch",c->user);
log_reason (msql_errstr, r->uri, r);
note_basic_auth_failure (r);
return AUTH_REQUIRED;
--- 856,863 ----
};
if (strcmp(real_pw,sent_pw)) {
! ap_snprintf(msql_errstr, MAX_STRING_LENGTH,
! "mSQL user %s: password mismatch",c->user);
log_reason (msql_errstr, r->uri, r);
note_basic_auth_failure (r);
return AUTH_REQUIRED;
***************
*** 859,864 ****
--- 874,882 ----
(msql_auth_config_rec *)get_module_config (r->per_dir_config,
&msql_auth_module);
char msql_errstr[MAX_STRING_LEN];
+ /* msql_errstr must be MAX_STRING_LEN in size unless you
+ * change size in ap_snprintf() calls
+ */
char *user = r->connection->user;
int m = r->method_number;
array_header *reqs_arr = requires (r);
***************
*** 873,879 ****
if (!reqs_arr) {
if (sec->auth_msql_authoritative) {
! sprintf(msql_errstr,"user %s denied, no access rules specified (MSQL-Authoritative) ",user);
log_reason (msql_errstr, r->uri, r);
note_basic_auth_failure(r);
return AUTH_REQUIRED;
--- 891,897 ----
if (!reqs_arr) {
if (sec->auth_msql_authoritative) {
! ap_snprintf(msql_errstr, MAX_STRING_LENGTH, "user %s denied, no access rules specified (MSQL-Authoritative) ",user);
log_reason (msql_errstr, r->uri, r);
note_basic_auth_failure(r);
return AUTH_REQUIRED;
***************
*** 898,904 ****
};
}
if ((sec->auth_msql_authoritative) && ( user_result != OK)) {
! sprintf(msql_errstr,"User %s not found (MSQL-Auhtorative)",user);
log_reason (msql_errstr, r->uri, r);
note_basic_auth_failure(r);
return AUTH_REQUIRED;
--- 916,922 ----
};
}
if ((sec->auth_msql_authoritative) && ( user_result != OK)) {
! ap_snprintf(msql_errstr, MAX_STRING_LENGTH, "User %s not found (MSQL-Auhtorative)",user);
log_reason (msql_errstr, r->uri, r);
note_basic_auth_failure(r);
return AUTH_REQUIRED;
***************
*** 926,932 ****
};
if ( (sec->auth_msql_authoritative) && (group_result != OK) ) {
! sprintf(msql_errstr,"user %s not in right groups (MSQL-Authoritative) ",user);
log_reason (msql_errstr, r->uri, r);
note_basic_auth_failure(r);
return AUTH_REQUIRED;
--- 944,950 ----
};
if ( (sec->auth_msql_authoritative) && (group_result != OK) ) {
! ap_snprintf(msql_errstr, MAX_STRING_LENGTH, "user %s not in right groups (MSQL-Authoritative) ",user);
log_reason (msql_errstr, r->uri, r);
note_basic_auth_failure(r);
return AUTH_REQUIRED;
***************
*** 943,949 ****
* This really is not needed.
*/
if (((group_result == AUTH_REQUIRED) || (user_result == AUTH_REQUIRED)) && (sec->auth_msql_authoritative) ) {
! sprintf(msql_errstr,"mSQL-Authoritative: Access denied on %s %s rule(s) ",
(group_result == AUTH_REQUIRED) ? "USER" : "",
(user_result == AUTH_REQUIRED) ? "GROUP" : ""
);
--- 961,967 ----
* This really is not needed.
*/
if (((group_result == AUTH_REQUIRED) || (user_result == AUTH_REQUIRED)) && (sec->auth_msql_authoritative) ) {
! ap_snprintf(msql_errstr, MAX_STRING_LENGTH, "mSQL-Authoritative: Access denied on %s %s rule(s) ",
(group_result == AUTH_REQUIRED) ? "USER" : "",
(user_result == AUTH_REQUIRED) ? "GROUP" : ""
);
Index: mod_cgi.c
===================================================================
RCS file: /home/marcs/archive/apache/cvs/apache/src/mod_cgi.c,v
retrieving revision 1.27
diff -c -r1.27 mod_cgi.c
*** mod_cgi.c 1997/01/01 18:10:30 1.27
--- mod_cgi.c 1997/01/12 07:50:20
***************
*** 331,337 ****
* now, so that's what we use).
*/
! sprintf(err_string,
"exec of %s failed, errno is %d\n", r->filename, errno);
write(2, err_string, strlen(err_string));
exit(0);
--- 331,337 ----
* now, so that's what we use).
*/
! ap_snprintf(err_string, sizeof(err_string),
"exec of %s failed, errno is %d\n", r->filename, errno);
write(2, err_string, strlen(err_string));
exit(0);
Index: mod_digest.c
===================================================================
RCS file: /home/marcs/archive/apache/cvs/apache/src/mod_digest.c,v
retrieving revision 1.12
diff -c -r1.12 mod_digest.c
*** mod_digest.c 1997/01/01 18:10:30 1.12
--- mod_digest.c 1997/01/12 22:33:39
***************
*** 277,290 ****
return DECLINED;
if (!(a1 = get_hash(r, c->user, sec->pwfile))) {
! sprintf(errstr,"user %s not found",c->user);
log_reason (errstr, r->uri, r);
note_digest_auth_failure (r);
return AUTH_REQUIRED;
}
/* anyone know where the prototype for crypt is? */
if(strcmp(response->digest, find_digest(r, response, a1))) {
! sprintf(errstr,"user %s: password mismatch",c->user);
log_reason (errstr, r->uri, r);
note_digest_auth_failure (r);
return AUTH_REQUIRED;
--- 277,290 ----
return DECLINED;
if (!(a1 = get_hash(r, c->user, sec->pwfile))) {
! ap_snprintf(errstr, sizeof(errstr), "user %s not found",c->user);
log_reason (errstr, r->uri, r);
note_digest_auth_failure (r);
return AUTH_REQUIRED;
}
/* anyone know where the prototype for crypt is? */
if(strcmp(response->digest, find_digest(r, response, a1))) {
! ap_snprintf(errstr, sizeof(errstr), "user %s: password mismatch",c->user);
log_reason (errstr, r->uri, r);
note_digest_auth_failure (r);
return AUTH_REQUIRED;
Index: mod_expires.c
===================================================================
RCS file: /home/marcs/archive/apache/cvs/apache/src/mod_expires.c,v
retrieving revision 1.5
diff -c -r1.5 mod_expires.c
*** mod_expires.c 1997/01/01 18:10:32 1.5
--- mod_expires.c 1997/01/18 07:43:12
***************
*** 321,327 ****
word = getword_conf( pool, &code );
};
! sprintf( foo, "%c%d", base, modifier );
*real_code = pstrdup( pool, foo );
return NULL;
--- 321,327 ----
word = getword_conf( pool, &code );
};
! ap_snprintf(foo, sizeof(foo), "%c%d", base, modifier );
*real_code = pstrdup( pool, foo );
return NULL;
Index: mod_imap.c
===================================================================
RCS file: /home/marcs/archive/apache/cvs/apache/src/mod_imap.c,v
retrieving revision 1.14
diff -c -r1.14 mod_imap.c
*** mod_imap.c 1997/01/01 18:10:33 1.14
--- mod_imap.c 1997/01/12 23:12:14
***************
*** 354,360 ****
return(string - starting_pos); /* return the total characters read */
}
!
void imap_url(request_rec *r, char *base, char *value, char *url)
{
/* translates a value into a URL. */
--- 354,362 ----
return(string - starting_pos); /* return the total characters read */
}
! /*
! * url needs to point to a string with at least SMALLBUF memory allocated
! */
void imap_url(request_rec *r, char *base, char *value, char *url)
{
/* translates a value into a URL. */
***************
*** 366,389 ****
if ( ! strcasecmp(value, "map" ) || ! strcasecmp(value, "menu") ) {
if (r->server->port == 80 ) {
! sprintf(url, "http://%s%s", r->server->server_hostname, r->uri);
}
else {
! sprintf(url, "http://%s:%d%s", r->server->server_hostname,
r->server->port, r->uri);
}
return;
}
if ( ! strcasecmp(value, "nocontent") || ! strcasecmp(value, "error") ) {
! strncpy(url, value, SMALLBUF);
return; /* these are handled elsewhere, so just copy them */
}
if ( ! strcasecmp(value, "referer" ) ) {
referer = table_get(r->headers_in, "Referer");
if ( referer && *referer ) {
! strncpy(url, referer, SMALLBUF);
return;
}
else {
--- 368,394 ----
if ( ! strcasecmp(value, "map" ) || ! strcasecmp(value, "menu") ) {
if (r->server->port == 80 ) {
! ap_snprintf(url, SMALLBUF,
! "http://%s%s", r->server->server_hostname, r->uri);
}
else {
! ap_snprintf(url, SMALLBUF, "http://%s:%d%s", r->server->server_hostname,
r->server->port, r->uri);
}
return;
}
if ( ! strcasecmp(value, "nocontent") || ! strcasecmp(value, "error") ) {
! strncpy(url, value, SMALLBUF-1);
! url[SMALLBUF-1] = '\0';
return; /* these are handled elsewhere, so just copy them */
}
if ( ! strcasecmp(value, "referer" ) ) {
referer = table_get(r->headers_in, "Referer");
if ( referer && *referer ) {
! strncpy(url, referer, SMALLBUF-1);
! url[SMALLBUF-1] = '\0';
return;
}
else {
***************
*** 395,421 ****
while ( isalpha(*string_pos) )
string_pos++; /* go along the URL from the map until a non-letter */
if ( *string_pos == ':' ) {
! strncpy(url, value, SMALLBUF); /* if letters and then a colon (like http:) */
return; /* it's an absolute URL, so use it! */
}
if ( ! base || ! *base ) {
if ( value && *value ) {
! strncpy(url, value, SMALLBUF); /* no base: use what is given */
}
else {
if (r->server->port == 80 ) {
! sprintf(url, "http://%s/", r->server->server_hostname);
}
if (r->server->port != 80 ) {
! sprintf(url, "http://%s:%d/", r->server->server_hostname,
! r->server->port);
} /* no base, no value: pick a simple default */
}
return;
}
! strncpy(my_base, base, SMALLBUF); /* must be a relative URL to be combined with base */
string_pos = my_base;
while (*string_pos) {
if (*string_pos == '/' && *(string_pos+1) == '/') {
--- 400,429 ----
while ( isalpha(*string_pos) )
string_pos++; /* go along the URL from the map until a non-letter */
if ( *string_pos == ':' ) {
! strncpy(url, value, SMALLBUF-1); /* if letters and then a colon (like http:) */
! url[SMALLBUF-1] = '\0';
return; /* it's an absolute URL, so use it! */
}
if ( ! base || ! *base ) {
if ( value && *value ) {
! strncpy(url, value, SMALLBUF-1); /* no base: use what is given */
! url[SMALLBUF-1] = '\0';
}
else {
if (r->server->port == 80 ) {
! ap_snprintf(url, SMALLBUF, "http://%s/", r->server->server_hostname);
}
if (r->server->port != 80 ) {
! ap_snprintf(url, SMALLBUF, "http://%s:%d/",
! r->server->server_hostname, r->server->port);
} /* no base, no value: pick a simple default */
}
return;
}
! strncpy(my_base, base, sizeof(my_base)-1); /* must be a relative URL to be combined with base */
! my_base[sizeof(my_base)-1] = '\0';
string_pos = my_base;
while (*string_pos) {
if (*string_pos == '/' && *(string_pos+1) == '/') {
***************
*** 473,482 ****
} /* by this point, value does not start with '..' */
if ( value && *value ) {
! sprintf(url, "%s%s", my_base, value);
}
else {
! sprintf(url, "%s", my_base);
}
return;
}
--- 481,490 ----
} /* by this point, value does not start with '..' */
if ( value && *value ) {
! ap_snprintf(url, SMALLBUF, "%s%s", my_base, value);
}
else {
! ap_snprintf(url, SMALLBUF, "%s", my_base);
}
return;
}
***************
*** 600,605 ****
--- 608,616 ----
int imap_handler(request_rec *r)
{
char input[LARGEBUF] = {'\0'};
+ /* size of input can not be lowered without changing hard-coded
+ * checks
+ */
char href_text[SMALLBUF] = {'\0'};
char base[SMALLBUF] = {'\0'};
char redirect[SMALLBUF] = {'\0'};
***************
*** 675,681 ****
} /* blank lines and comments are ignored if we aren't printing a menu */
! if (sscanf(input, "%s %s", directive, value) != 2) {
continue; /* make sure we read two fields */
}
/* Now skip what we just read... we can't use ANSIism %n */
--- 686,692 ----
} /* blank lines and comments are ignored if we aren't printing a menu */
! if (sscanf(input, "%.200s %.200s", directive, value) != 2) {
continue; /* make sure we read two fields */
}
/* Now skip what we just read... we can't use ANSIism %n */
***************
*** 698,704 ****
imap_url(r, NULL, value, mapdflt);
if (showmenu) { /* print the default if there's a menu */
if (! *href_text) { /* if we didn't find a "href text" */
! strncpy(href_text, mapdflt, SMALLBUF); /* use the href itself as text */
}
imap_url(r, base, mapdflt, redirect);
menu_default(r, imap_menu, redirect, href_text);
--- 709,716 ----
imap_url(r, NULL, value, mapdflt);
if (showmenu) { /* print the default if there's a menu */
if (! *href_text) { /* if we didn't find a "href text" */
! strncpy(href_text, mapdflt, sizeof(href_text)-1); /* use the href itself as text */
! href_text[sizeof(href_text)-1] = '\0';
}
imap_url(r, base, mapdflt, redirect);
menu_default(r, imap_menu, redirect, href_text);
***************
*** 729,735 ****
if (showmenu) {
read_quoted(string_pos, href_text); /* href text could be here instead */
if (! *href_text) { /* if we didn't find a "href text" */
! strncpy(href_text, value, SMALLBUF); /* use the href itself in the menu */
}
imap_url(r, base, value, redirect);
menu_directive(r, imap_menu, redirect, href_text);
--- 741,748 ----
if (showmenu) {
read_quoted(string_pos, href_text); /* href text could be here instead */
if (! *href_text) { /* if we didn't find a "href text" */
! strncpy(href_text, value, sizeof(href_text)-1); /* use the href itself in the menu */
! href_text[sizeof(href_text)-1] = '\0';
}
imap_url(r, base, value, redirect);
menu_directive(r, imap_menu, redirect, href_text);
***************
*** 774,780 ****
if ( ! strcasecmp(directive, "point" ) ) { /* point */
if (is_closer(testpoint, pointarray, &closest_yet) ) {
! strncpy(closest, value, SMALLBUF); /* if the closest point yet save it */
}
continue;
--- 787,794 ----
if ( ! strcasecmp(directive, "point" ) ) { /* point */
if (is_closer(testpoint, pointarray, &closest_yet) ) {
! strncpy(closest, value, sizeof(closest)-1); /* if the closest point yet save it */
! closest[sizeof(closest)-1] = '\0';
}
continue;
Index: mod_include.c
===================================================================
RCS file: /home/marcs/archive/apache/cvs/apache/src/mod_include.c,v
retrieving revision 1.20
diff -c -r1.20 mod_include.c
*** mod_include.c 1997/01/01 18:10:35 1.20
--- mod_include.c 1997/01/18 07:48:20
***************
*** 98,104 ****
table_set(e, "USER_NAME", pw->pw_name);
} else {
char uid[16];
! sprintf(uid, "user#%lu", (unsigned long)r->finfo.st_uid);
table_set(e, "USER_NAME", uid);
}
--- 98,104 ----
table_set(e, "USER_NAME", pw->pw_name);
} else {
char uid[16];
! ap_snprintf(uid, sizeof(uid), "user#%lu", (unsigned long)r->finfo.st_uid);
table_set(e, "USER_NAME", uid);
}
***************
*** 261,267 ****
GET_CHAR(in,c,NULL,p);
} while (isspace(c));
if(c == '>') {
! strcpy(tag,"done");
return tag;
}
}
--- 261,268 ----
GET_CHAR(in,c,NULL,p);
} while (isspace(c));
if(c == '>') {
! strncpy(tag,"done", tagbuf_len-1);
! tag[tagbuf_len-1] = '\0';
return tag;
}
}
***************
*** 462,468 ****
if (tag[0] == 'f')
{ /* be safe; only files in this directory or below allowed */
char tmp[MAX_STRING_LEN+2];
! sprintf(tmp, "/%s/", parsed_string);
if (parsed_string[0] == '/' || strstr(tmp, "/../") != NULL)
error_fmt = "unable to include file %s in parsed file %s";
else
--- 463,469 ----
if (tag[0] == 'f')
{ /* be safe; only files in this directory or below allowed */
char tmp[MAX_STRING_LEN+2];
! ap_snprintf(tmp, sizeof(tmp), "/%s/", parsed_string);
if (parsed_string[0] == '/' || strstr(tmp, "/../") != NULL)
error_fmt = "unable to include file %s in parsed file %s";
else
***************
*** 567,574 ****
#ifdef DEBUG_INCLUDE_CMD
fprintf (dbg, "Exec failed\n");
#endif
! sprintf(err_string, "httpd: exec of %s failed, errno is %d\n",
! SHELL_PATH,errno);
write (2, err_string, strlen(err_string));
exit(0);
}
--- 568,576 ----
#ifdef DEBUG_INCLUDE_CMD
fprintf (dbg, "Exec failed\n");
#endif
! ap_snprintf(err_string, sizeof(err_string),
! "httpd: exec of %s failed, errno is %d\n",
! SHELL_PATH,errno);
write (2, err_string, strlen(err_string));
exit(0);
}
***************
*** 653,658 ****
--- 655,663 ----
}
}
+ /* error and tf must point to a string with room for at
+ * least MAX_STRING_LEN characters
+ */
int handle_config(FILE *in, request_rec *r, char *error, char *tf,
int *sizefmt) {
char tag[MAX_STRING_LEN];
***************
*** 665,675 ****
return 1;
if(!strcmp(tag,"errmsg")) {
parse_string(r, tag_val, parsed_string, MAX_STRING_LEN, 0);
! strcpy(error,parsed_string);
} else if(!strcmp(tag,"timefmt")) {
time_t date = r->request_time;
parse_string(r, tag_val, parsed_string, MAX_STRING_LEN, 0);
! strcpy(tf,parsed_string);
table_set (env, "DATE_LOCAL", ht_time(r->pool,date,tf,0));
table_set (env, "DATE_GMT", ht_time(r->pool,date,tf,1));
table_set (env, "LAST_MODIFIED", ht_time(r->pool,r->finfo.st_mtime,tf,0));
--- 670,682 ----
return 1;
if(!strcmp(tag,"errmsg")) {
parse_string(r, tag_val, parsed_string, MAX_STRING_LEN, 0);
! strncpy(error,parsed_string,MAX_STRING_LEN-1);
! error[MAX_STRING_LEN-1] = '\0';
} else if(!strcmp(tag,"timefmt")) {
time_t date = r->request_time;
parse_string(r, tag_val, parsed_string, MAX_STRING_LEN, 0);
! strncpy(tf,parsed_string,MAX_STRING_LEN-1);
! tf[MAX_STRING_LEN-1] = '\0';
table_set (env, "DATE_LOCAL", ht_time(r->pool,date,tf,0));
table_set (env, "DATE_GMT", ht_time(r->pool,date,tf,1));
table_set (env, "LAST_MODIFIED", ht_time(r->pool,r->finfo.st_mtime,tf,0));
***************
*** 759,767 ****
else {
int l,x;
#if defined(BSD) && BSD > 199305
! sprintf(tag,"%qd",finfo.st_size);
#else
! sprintf(tag,"%ld",finfo.st_size);
#endif
l = strlen(tag); /* grrr */
for(x=0;x<l;x++) {
--- 766,775 ----
else {
int l,x;
#if defined(BSD) && BSD > 199305
! /* ap_snprintf can't handle %qd */
! sprintf(tag,"%qd", finfo.st_size);
#else
! ap_snprintf(tag, sizeof(tag), "%ld",finfo.st_size);
#endif
l = strlen(tag); /* grrr */
for(x=0;x<l;x++) {
***************
*** 964,971 ****
switch(current->token.type) {
case token_string:
if (current->token.value[0] != '\0')
! strncat(current->token.value, " ", MAX_STRING_LEN-1);
! strncat(current->token.value, new->token.value, MAX_STRING_LEN-1);
break;
case token_eq:
case token_ne:
--- 972,981 ----
switch(current->token.type) {
case token_string:
if (current->token.value[0] != '\0')
! strncat(current->token.value, " ",
! MAX_STRING_LEN-strlen(current->token.value)-1);
! strncat(current->token.value, new->token.value,
! MAX_STRING_LEN-strlen(current->token.value)-1);
break;
case token_eq:
case token_ne:
***************
*** 1188,1193 ****
--- 1198,1204 ----
#endif
parse_string(r, current->token.value, buffer, MAX_STRING_LEN, 0);
strncpy(current->token.value, buffer, MAX_STRING_LEN-1);
+ current->token.value[MAX_STRING_LEN-1] = '\0';
current->value = (current->token.value[0] != '\0');
current->done = 1;
current = current->parent;
***************
*** 1212,1217 ****
--- 1223,1229 ----
buffer, MAX_STRING_LEN, 0);
strncpy(current->left->token.value, buffer,
MAX_STRING_LEN-1);
+ current->left->token.value[MAX_STRING_LEN-1] = '\0';
current->left->done = 1;
break;
default:
***************
*** 1226,1231 ****
--- 1238,1244 ----
buffer, MAX_STRING_LEN, 0);
strncpy(current->right->token.value, buffer,
MAX_STRING_LEN-1);
+ current->right->token.value[MAX_STRING_LEN-1] = '\0';
current->right->done = 1;
break;
default:
***************
*** 1267,1275 ****
--- 1280,1290 ----
parse_string(r, current->left->token.value,
buffer, MAX_STRING_LEN, 0);
strncpy(current->left->token.value, buffer, MAX_STRING_LEN-1);
+ current->left->token.value[MAX_STRING_LEN-1] = '\0';
parse_string(r, current->right->token.value,
buffer, MAX_STRING_LEN, 0);
strncpy(current->right->token.value, buffer, MAX_STRING_LEN-1);
+ current->right->token.value[MAX_STRING_LEN-1] = '\0';
if (current->right->token.value[0] == '/') {
int len;
len = strlen(current->right->token.value);
***************
*** 1537,1544 ****
int printing;
int conditional_status;
! strcpy(error,DEFAULT_ERROR_MSG);
! strcpy(timefmt,DEFAULT_TIME_FORMAT);
sizefmt = SIZEFMT_KMG;
/* Turn printing on */
--- 1552,1561 ----
int printing;
int conditional_status;
! strncpy(error,DEFAULT_ERROR_MSG, sizeof(error)-1);
! error[sizeof(error)-1] = '\0';
! strncpy(timefmt,DEFAULT_TIME_FORMAT, sizeof(timefmt)-1);
! timefmt[sizeof(timefmt)-1] = '\0';
sizefmt = SIZEFMT_KMG;
/* Turn printing on */
Index: mod_info.c
===================================================================
RCS file: /home/marcs/archive/apache/cvs/apache/src/mod_info.c,v
retrieving revision 1.9
diff -c -r1.9 mod_info.c
*** mod_info.c 1997/01/12 20:50:29 1.9
--- mod_info.c 1997/01/19 22:24:33
***************
*** 88,105 ****
char *mod_info_html_cmd_string(char *string) {
char *s,*t;
! static char ret[64]; /* What is the max size of a command? */
ret[0]='\0';
s = string;
t=ret;
! while(*s) {
! if(*s=='<') { strcat(t,"<"); t+=4*sizeof(char); }
! else if(*s=='>') { strcat(t,">"); t+=4*sizeof(char); }
else *t++=*s;
s++;
- *t='\0';
}
return(ret);
}
--- 88,110 ----
char *mod_info_html_cmd_string(char *string) {
char *s,*t;
! static char ret[256]; /* What is the max size of a command? */
ret[0]='\0';
s = string;
t=ret;
! while((*s) && (strlen(t) < 256)) {
! if(*s=='<') {
! strncat(t,"<", sizeof(ret)-strlen(ret));
! t+=4*sizeof(char);
! } else if(*s=='>') {
! strncat(t,">", sizeof(ret)-strlen(ret));
! t+=4*sizeof(char);
! }
else *t++=*s;
s++;
}
+ *t='\0';
return(ret);
}
***************
*** 244,250 ****
int display_info(request_rec *r) {
module *modp = NULL;
! char buf[256], *cfname;
command_rec *cmd=NULL;
handler_rec *hand=NULL;
server_rec *serv = r->server;
--- 249,255 ----
int display_info(request_rec *r) {
module *modp = NULL;
! char buf[512], *cfname;
command_rec *cmd=NULL;
handler_rec *hand=NULL;
server_rec *serv = r->server;
***************
*** 286,292 ****
if(!r->args) {
rputs("<tt><a href=\"#server\">Server Settings</a>, ",r);
for(modp = top_module; modp; modp = modp->next) {
! sprintf(buf,"<a href=\"#%s\">%s</a>",modp->name,modp->name);
rputs(buf, r);
if(modp->next) rputs(", ",r);
}
--- 291,297 ----
if(!r->args) {
rputs("<tt><a href=\"#server\">Server Settings</a>, ",r);
for(modp = top_module; modp; modp = modp->next) {
! ap_snprintf(buf, sizeof(buf), "<a href=\"#%s\">%s</a>",modp->name,modp->name);
rputs(buf, r);
if(modp->next) rputs(", ",r);
}
***************
*** 294,335 ****
}
if(!r->args || !strcasecmp(r->args,"server")) {
! sprintf(buf,"<a name=\"server\"><strong>Server Version:</strong> <font size=+1><tt>%s</tt></a></font><br>\n",SERVER_VERSION);
rputs(buf,r);
! sprintf(buf,"<strong>API Version:</strong> <tt>%d</tt><br>\n",MODULE_MAGIC_NUMBER);
rputs(buf,r);
! sprintf(buf,"<strong>Run Mode:</strong> <tt>%s</tt><br>\n",standalone?"standalone":"inetd");
rputs(buf,r);
! sprintf(buf,"<strong>User/Group:</strong> <tt>%s(%d)/%d</tt><br>\n",user_name,(int)user_id,(int)group_id);
rputs(buf,r);
! sprintf(buf,"<strong>Hostname/port:</strong> <tt>%s:%d</tt><br>\n",serv->server_hostname,serv->port);
rputs(buf,r);
! sprintf(buf,"<strong>Daemons:</strong> <tt>start: %d min idle: %d max idle: %d max: %d</tt><br>\n",daemons_to_start,daemons_min_free,daemons_max_free,daemons_limit);
rputs(buf,r);
! sprintf(buf,"<strong>Max Requests:</strong> <tt>per child: %d per connection: %d</tt><br>\n",max_requests_per_child,serv->keep_alive);
rputs(buf,r);
! sprintf(buf,"<strong>Timeouts:</strong> <tt>connection: %d keep-alive: %d</tt><br>",serv->timeout,serv->keep_alive_timeout);
rputs(buf,r);
! sprintf(buf,"<strong>Server Root:</strong> <tt>%s</tt><br>\n",server_root);
rputs(buf,r);
! sprintf(buf,"<strong>Config File:</strong> <tt>%s</tt><br>\n",server_confname);
rputs(buf,r);
! sprintf(buf,"<strong>PID File:</strong> <tt>%s</tt><br>\n",pid_fname);
rputs(buf,r);
! sprintf(buf,"<strong>Scoreboard File:</strong> <tt>%s</tt><br>\n",scoreboard_fname);
rputs(buf,r);
}
rputs("<hr><dl>",r);
for(modp = top_module; modp; modp = modp->next) {
if(!r->args || !strcasecmp(modp->name,r->args)) {
! sprintf(buf,"<dt><a name=\"%s\"><strong>Module Name:</strong> <font size=+1><tt>%s</tt></a></font>\n",modp->name,modp->name);
rputs(buf,r);
rputs("<dt><strong>Content-types affected:</strong>",r);
hand = modp->handlers;
if(hand) {
while(hand) {
if(hand->content_type) {
! sprintf(buf," <tt>%s</tt>\n",hand->content_type);
rputs(buf,r);
} else break;
hand++;
--- 299,340 ----
}
if(!r->args || !strcasecmp(r->args,"server")) {
! ap_snprintf(buf, sizeof(buf), "<a name=\"server\"><strong>Server Version:</strong> <font size=+1><tt>%s</tt></a></font><br>\n",SERVER_VERSION);
rputs(buf,r);
! ap_snprintf(buf, sizeof(buf), "<strong>API Version:</strong> <tt>%d</tt><br>\n",MODULE_MAGIC_NUMBER);
rputs(buf,r);
! ap_snprintf(buf, sizeof(buf), "<strong>Run Mode:</strong> <tt>%s</tt><br>\n",standalone?"standalone":"inetd");
rputs(buf,r);
! ap_snprintf(buf, sizeof(buf), "<strong>User/Group:</strong> <tt>%s(%d)/%d</tt><br>\n",user_name,(int)user_id,(int)group_id);
rputs(buf,r);
! ap_snprintf(buf, sizeof(buf), "<strong>Hostname/port:</strong> <tt>%s:%d</tt><br>\n",serv->server_hostname,serv->port);
rputs(buf,r);
! ap_snprintf(buf, sizeof(buf), "<strong>Daemons:</strong> <tt>start: %d min idle: %d max idle: %d max: %d</tt><br>\n",daemons_to_start,daemons_min_free,daemons_max_free,daemons_limit);
rputs(buf,r);
! ap_snprintf(buf, sizeof(buf), "<strong>Max Requests:</strong> <tt>per child: %d per connection: %d</tt><br>\n",max_requests_per_child,serv->keep_alive);
rputs(buf,r);
! ap_snprintf(buf, sizeof(buf), "<strong>Timeouts:</strong> <tt>connection: %d keep-alive: %d</tt><br>",serv->timeout,serv->keep_alive_timeout);
rputs(buf,r);
! ap_snprintf(buf, sizeof(buf), "<strong>Server Root:</strong> <tt>%s</tt><br>\n",server_root);
rputs(buf,r);
! ap_snprintf(buf, sizeof(buf), "<strong>Config File:</strong> <tt>%s</tt><br>\n",server_confname);
rputs(buf,r);
! ap_snprintf(buf, sizeof(buf), "<strong>PID File:</strong> <tt>%s</tt><br>\n",pid_fname);
rputs(buf,r);
! ap_snprintf(buf, sizeof(buf), "<strong>Scoreboard File:</strong> <tt>%s</tt><br>\n",scoreboard_fname);
rputs(buf,r);
}
rputs("<hr><dl>",r);
for(modp = top_module; modp; modp = modp->next) {
if(!r->args || !strcasecmp(modp->name,r->args)) {
! ap_snprintf(buf, sizeof(buf), "<dt><a name=\"%s\"><strong>Module Name:</strong> <font size=+1><tt>%s</tt></a></font>\n",modp->name,modp->name);
rputs(buf,r);
rputs("<dt><strong>Content-types affected:</strong>",r);
hand = modp->handlers;
if(hand) {
while(hand) {
if(hand->content_type) {
! ap_snprintf(buf, sizeof(buf), " <tt>%s</tt>\n",hand->content_type);
rputs(buf,r);
} else break;
hand++;
***************
*** 380,386 ****
if(cmd) {
while(cmd) {
if(cmd->name) {
! sprintf(buf,"<dd><tt>%s - <i>",mod_info_html_cmd_string(cmd->name));
rputs(buf,r);
if(cmd->errmsg) rputs(cmd->errmsg,r);
rputs("</i></tt>\n",r);
--- 385,391 ----
if(cmd) {
while(cmd) {
if(cmd->name) {
! ap_snprintf(buf, sizeof(buf), "<dd><tt>%s - <i>",mod_info_html_cmd_string(cmd->name));
rputs(buf,r);
if(cmd->errmsg) rputs(cmd->errmsg,r);
rputs("</i></tt>\n",r);
Index: mod_log_agent.c
===================================================================
RCS file: /home/marcs/archive/apache/cvs/apache/src/mod_log_agent.c,v
retrieving revision 1.8
diff -c -r1.8 mod_log_agent.c
*** mod_log_agent.c 1997/01/10 09:34:42 1.8
--- mod_log_agent.c 1997/01/15 06:46:57
***************
*** 170,176 ****
agent = table_get(orig->headers_in, "User-Agent");
if(agent != NULL)
{
! sprintf(str, "%s\n", agent);
write(cls->agent_fd, str, strlen(str));
}
--- 170,176 ----
agent = table_get(orig->headers_in, "User-Agent");
if(agent != NULL)
{
! ap_snprintf(str, sizeof(str), "%s\n", agent);
write(cls->agent_fd, str, strlen(str));
}
Index: mod_log_config.c
===================================================================
RCS file: /home/marcs/archive/apache/cvs/apache/src/mod_log_config.c,v
retrieving revision 1.21
diff -c -r1.21 mod_log_config.c
*** mod_log_config.c 1997/01/16 08:06:12 1.21
--- mod_log_config.c 1997/01/18 07:50:18
***************
*** 224,230 ****
char *format_integer(pool *p, int i)
{
char dummy[40];
! sprintf (dummy, "%d", i);
return pstrdup (p, dummy);
}
--- 224,230 ----
char *format_integer(pool *p, int i)
{
char dummy[40];
! ap_snprintf (dummy, sizeof(dummy), "%d", i);
return pstrdup (p, dummy);
}
***************
*** 271,277 ****
long int bs;
char dummy[40];
bgetopt(r->connection->client, BO_BYTECT, &bs);
! sprintf(dummy, "%ld", bs);
return pstrdup(r->pool, dummy);
}
}
--- 271,277 ----
long int bs;
char dummy[40];
bgetopt(r->connection->client, BO_BYTECT, &bs);
! ap_snprintf(dummy, sizeof(dummy), "%ld", bs);
return pstrdup(r->pool, dummy);
}
}
***************
*** 309,316 ****
if(timz < 0) timz = -timz;
strftime(tstr,MAX_STRING_LEN,"[%d/%b/%Y:%H:%M:%S ",t);
! sprintf (tstr + strlen(tstr), "%c%.2d%.2d]",
! sign, timz/60, timz%60);
}
return pstrdup (r->pool, tstr);
--- 309,316 ----
if(timz < 0) timz = -timz;
strftime(tstr,MAX_STRING_LEN,"[%d/%b/%Y:%H:%M:%S ",t);
! ap_snprintf (tstr + strlen(tstr), sizeof(tstr)-strlen(tstr),
! "%c%.2d%.2d]", sign, timz/60, timz%60);
}
return pstrdup (r->pool, tstr);
***************
*** 319,325 ****
char *log_request_duration (request_rec *r, char *a) {
char duration[22]; /* Long enough for 2^64 */
! sprintf(duration, "%ld", time(NULL) - r->request_time);
return pstrdup(r->pool, duration);
}
--- 319,325 ----
char *log_request_duration (request_rec *r, char *a) {
char duration[22]; /* Long enough for 2^64 */
! ap_snprintf(duration, sizeof(duration), "%ld", time(NULL) - r->request_time);
return pstrdup(r->pool, duration);
}
***************
*** 328,342 ****
}
char *log_server_port (request_rec *r, char *a) {
! char portnum[10];
! sprintf(portnum, "%d", r->server->port);
return pstrdup(r->pool, portnum);
}
char *log_child_pid (request_rec *r, char *a) {
! char pidnum[10];
! sprintf(pidnum, "%ld", (long)getpid());
return pstrdup(r->pool, pidnum);
}
/*****************************************************************
--- 328,342 ----
}
char *log_server_port (request_rec *r, char *a) {
! char portnum[22];
! ap_snprintf(portnum, sizeof(portnum), "%d", r->server->port);
return pstrdup(r->pool, portnum);
}
char *log_child_pid (request_rec *r, char *a) {
! char pidnum[22];
! ap_snprintf(pidnum, sizeof(pidnum), "%ld", (long)getpid());
return pstrdup(r->pool, pidnum);
}
/*****************************************************************
Index: mod_negotiation.c
===================================================================
RCS file: /home/marcs/archive/apache/cvs/apache/src/mod_negotiation.c,v
retrieving revision 1.29
diff -c -r1.29 mod_negotiation.c
*** mod_negotiation.c 1997/01/01 18:10:38 1.29
--- mod_negotiation.c 1997/01/15 06:49:55
***************
*** 1653,1661 ****
char *rec;
char qstr[6];
long len;
! char lenstr[20]; /* is this long enough? */
! sprintf(qstr, "%1.3f", variant->type_quality);
/* Strip trailing zeros (saves those valuable network bytes) */
if (qstr[4] == '0') {
--- 1653,1661 ----
char *rec;
char qstr[6];
long len;
! char lenstr[22]; /* enough for 2^64 */
! ap_snprintf(qstr, sizeof(qstr), "%1.3f", variant->type_quality);
/* Strip trailing zeros (saves those valuable network bytes) */
if (qstr[4] == '0') {
***************
*** 1699,1705 ****
vary_by_charset = 1;
}
if ((len = find_content_length(neg, variant)) != 0) {
! sprintf(lenstr, "%ld", len);
rec = pstrcat(r->pool, rec, " {length ", lenstr, "}", NULL);
}
--- 1699,1705 ----
vary_by_charset = 1;
}
if ((len = find_content_length(neg, variant)) != 0) {
! ap_snprintf(lenstr, sizeof(lenstr), "%ld", len);
rec = pstrcat(r->pool, rec, " {length ", lenstr, "}", NULL);
}
Index: mod_rewrite.c
===================================================================
RCS file: /home/marcs/archive/apache/cvs/apache/src/mod_rewrite.c,v
retrieving revision 1.14
diff -c -r1.14 mod_rewrite.c
*** mod_rewrite.c 1997/01/16 08:06:13 1.14
--- mod_rewrite.c 1997/01/18 08:54:16
***************
*** 891,897 ****
#endif
thisport = "";
else {
! sprintf(buf, ":%d", r->server->port);
thisport = pstrdup(r->pool, buf);
}
thisurl = table_get(r->subprocess_env, ENVVAR_SCRIPT_URL);
--- 891,897 ----
#endif
thisport = "";
else {
! ap_snprintf(buf, sizeof(buf), ":%d", r->server->port);
thisport = pstrdup(r->pool, buf);
}
thisurl = table_get(r->subprocess_env, ENVVAR_SCRIPT_URL);
***************
*** 1026,1032 ****
n = prefix_stat(r->filename, &finfo);
if (n == 0) {
if ((cp = document_root(r)) != NULL) {
! strcpy(docroot, cp);
/* allways NOT have a trailing slash */
l = strlen(docroot);
--- 1026,1033 ----
n = prefix_stat(r->filename, &finfo);
if (n == 0) {
if ((cp = document_root(r)) != NULL) {
! strncpy(docroot, cp, sizeof(docroot)-1);
! docroot[sizeof(docroot)-1] = '\0';
/* allways NOT have a trailing slash */
l = strlen(docroot);
***************
*** 1471,1489 ****
if (p->flags & RULEFLAG_PROXY) {
if (p->flags & RULEFLAG_NOTMATCH) {
output = pstrcat(r->pool, "proxy:", output, NULL);
! strcpy(newuri, output);
! expand_variables_inbuffer(r, newuri); /* expand %{...} */
! expand_map_lookups(r, newuri); /* expand ${...} */
}
else {
output = pstrcat(r->pool, "proxy:", output, NULL);
#ifdef HAS_APACHE_REGEX_LIB
! strcpy(newuri, pregsub(r->pool, output, uri, regexp->re_nsub+1, regmatch)); /* substitute in output */
#else
regsub(regexp, output, newuri); /* substitute in output */
#endif
! expand_variables_inbuffer(r, newuri); /* expand %{...} */
! expand_map_lookups(r, newuri); /* expand ${...} */
}
if (perdir == NULL)
rewritelog(r, 2, "rewrite %s -> %s", r->filename, newuri);
--- 1472,1492 ----
if (p->flags & RULEFLAG_PROXY) {
if (p->flags & RULEFLAG_NOTMATCH) {
output = pstrcat(r->pool, "proxy:", output, NULL);
! strncpy(newuri, output, sizeof(newuri)-1);
! newuri[sizeof(newuri)-1] = '\0';
! expand_variables_inbuffer(r, newuri, sizeof(newuri));/* expand %{...} */
! expand_map_lookups(r, newuri, sizeof(newuri)); /* expand ${...} */
}
else {
output = pstrcat(r->pool, "proxy:", output, NULL);
#ifdef HAS_APACHE_REGEX_LIB
! strncpy(newuri, pregsub(r->pool, output, uri, regexp->re_nsub+1, regmatch), sizeof(newuri)-1); /* substitute in output */
! newuri[sizeof(newuri)-1] = '\0';
#else
regsub(regexp, output, newuri); /* substitute in output */
#endif
! expand_variables_inbuffer(r, newuri, sizeof(newuri)); /* expand %{...} */
! expand_map_lookups(r, newuri, sizeof(newuri)); /* expand ${...} */
}
if (perdir == NULL)
rewritelog(r, 2, "rewrite %s -> %s", r->filename, newuri);
***************
*** 1503,1520 ****
if (perdir != NULL && strncmp(output, "http://", 7) == 0) {
#endif
if (p->flags & RULEFLAG_NOTMATCH) {
! strcpy(newuri, output);
! expand_variables_inbuffer(r, newuri); /* expand %{...} */
! expand_map_lookups(r, newuri); /* expand ${...} */
}
else {
#ifdef HAS_APACHE_REGEX_LIB
! strcpy(newuri, pregsub(r->pool, output, uri, regexp->re_nsub+1, regmatch)); /* substitute in output */
#else
regsub(regexp, output, newuri); /* substitute in output */
#endif
! expand_variables_inbuffer(r, newuri); /* expand %{...} */
! expand_map_lookups(r, newuri); /* expand ${...} */
}
rewritelog(r, 2, "[per-dir %s] redirect %s -> %s", perdir, r->filename, newuri);
r->filename = pstrdup(r->pool, newuri);
--- 1506,1525 ----
if (perdir != NULL && strncmp(output, "http://", 7) == 0) {
#endif
if (p->flags & RULEFLAG_NOTMATCH) {
! strncpy(newuri, output, sizeof(newuri)-1);
! newuri[sizeof(newuri)-1] = '\0';
! expand_variables_inbuffer(r, newuri, sizeof(newuri));/* expand %{...} */
! expand_map_lookups(r, newuri, sizeof(newuri)); /* expand ${...} */
}
else {
#ifdef HAS_APACHE_REGEX_LIB
! strncpy(newuri, pregsub(r->pool, output, uri, regexp->re_nsub+1, regmatch), sizeof(newuri)-1); /* substitute in output */
! newuri[sizeof(newuri)-1] = '\0';
#else
regsub(regexp, output, newuri); /* substitute in output */
#endif
! expand_variables_inbuffer(r, newuri, sizeof(newuri));/* expand %{...} */
! expand_map_lookups(r, newuri, sizeof(newuri)); /* expand ${...} */
}
rewritelog(r, 2, "[per-dir %s] redirect %s -> %s", perdir, r->filename, newuri);
r->filename = pstrdup(r->pool, newuri);
***************
*** 1532,1549 ****
if (p->flags & RULEFLAG_NOTMATCH) {
/* just overtake the URI */
! strcpy(newuri, output);
}
else {
/* substitute in output */
#ifdef HAS_APACHE_REGEX_LIB
! strcpy(newuri, pregsub(r->pool, output, uri, regexp->re_nsub+1, regmatch)); /* substitute in output */
#else
regsub(regexp, output, newuri); /* substitute in output */
#endif
}
! expand_variables_inbuffer(r, newuri); /* expand %{...} */
! expand_map_lookups(r, newuri); /* expand ${...} */
if (perdir == NULL)
rewritelog(r, 2, "rewrite %s -> %s", uri, newuri);
--- 1537,1556 ----
if (p->flags & RULEFLAG_NOTMATCH) {
/* just overtake the URI */
! strncpy(newuri, output, sizeof(newuri)-1);
! newuri[sizeof(newuri)-1] = '\0';
}
else {
/* substitute in output */
#ifdef HAS_APACHE_REGEX_LIB
! strncpy(newuri, pregsub(r->pool, output, uri, regexp->re_nsub+1, regmatch), sizeof(newuri)-1); /* substitute in output */
! newuri[sizeof(newuri-1)] = '\0';
#else
regsub(regexp, output, newuri); /* substitute in output */
#endif
}
! expand_variables_inbuffer(r, newuri, sizeof(newuri)); /* expand %{...} */
! expand_map_lookups(r, newuri, sizeof(newuri)); /* expand ${...} */
if (perdir == NULL)
rewritelog(r, 2, "rewrite %s -> %s", uri, newuri);
***************
*** 1586,1603 ****
#endif
strcpy(port, "");
else
! sprintf(port, ":%d", r->server->port);
if (r->filename[0] == '/')
#ifdef APACHE_SSL
! sprintf(newuri, "%s://%s%s%s", http_method(r), r->server->server_hostname, port, r->filename);
#else
! sprintf(newuri, "http://%s%s%s", r->server->server_hostname, port, r->filename);
#endif
else
#ifdef APACHE_SSL
! sprintf(newuri, "%s://%s%s/%s", http_method(r), r->server->server_hostname, port, r->filename);
#else
! sprintf(newuri, "http://%s%s/%s", r->server->server_hostname, port, r->filename);
#endif
if (perdir == NULL)
rewritelog(r, 2, "prepare forced redirect %s -> %s", r->filename, newuri);
--- 1593,1610 ----
#endif
strcpy(port, "");
else
! ap_snprintf(port, sizeof(port), ":%d", r->server->port);
if (r->filename[0] == '/')
#ifdef APACHE_SSL
! ap_snprintf(newuri, sizeof(newuri), "%s://%s%s%s", http_method(r), r->server->server_hostname, port, r->filename);
#else
! ap_snprintf(newuri, sizeof(newuri), "http://%s%s%s", r->server->server_hostname, port, r->filename);
#endif
else
#ifdef APACHE_SSL
! ap_snprintf(newuri, sizeof(newuri), "%s://%s%s/%s", http_method(r), r->server->server_hostname, port, r->filename);
#else
! ap_snprintf(newuri, sizeof(newuri), "http://%s%s/%s", r->server->server_hostname, port, r->filename);
#endif
if (perdir == NULL)
rewritelog(r, 2, "prepare forced redirect %s -> %s", r->filename, newuri);
***************
*** 1653,1664 ****
rc = (regexec(p->regexp, input, 0, NULL, 0) == 0);
#else
if (p->flags & CONDFLAG_NOCASE) {
! for (i = 0; input[i] != '\0'; i++)
inputbuf[i] = tolower(input[i]);
inputbuf[i] = '\0';
}
else {
! strcpy(inputbuf, input);
}
rc = (regexec(p->regexp, inputbuf) != 0);
#endif
--- 1660,1672 ----
rc = (regexec(p->regexp, input, 0, NULL, 0) == 0);
#else
if (p->flags & CONDFLAG_NOCASE) {
! for (i = 0; input[i] != '\0' && i < sizeof(inputbuf)-1 ; i++)
inputbuf[i] = tolower(input[i]);
inputbuf[i] = '\0';
}
else {
! strncpy(inputbuf, input, sizeof(inputbuf)-1);
! inputbuf[sizeof(inputbuf)-1] = '\0';
}
rc = (regexec(p->regexp, inputbuf) != 0);
#endif
***************
*** 1743,1759 ****
/* cut the hostname and port out of the URI */
#ifdef APACHE_SSL
! strcpy(buf, r->filename+strlen(http_method(r))+3);
#else
! strcpy(buf, r->filename+7);
#endif
hostp = buf;
for (cp = hostp; *cp != '\0' && *cp != '/' && *cp != ':'; cp++)
;
if (*cp == ':') {
/* set host */
*cp++ = '\0';
! strcpy(host, hostp);
/* set port */
portp = cp;
for (; *cp != '\0' && *cp != '/'; cp++)
--- 1751,1769 ----
/* cut the hostname and port out of the URI */
#ifdef APACHE_SSL
! strncpy(buf, r->filename+strlen(http_method(r))+3, sizeof(buf)-1);
#else
! strncpy(buf, r->filename+7, sizeof(buf)-1);
#endif
+ buf[sizeof(buf)-1] = '\0';
hostp = buf;
for (cp = hostp; *cp != '\0' && *cp != '/' && *cp != ':'; cp++)
;
if (*cp == ':') {
/* set host */
*cp++ = '\0';
! strncpy(host, hostp, sizeof(host)-1);
! host[sizeof(host)-1] = '\0';
/* set port */
portp = cp;
for (; *cp != '\0' && *cp != '/'; cp++)
***************
*** 1768,1774 ****
else if (*cp == '/') {
/* set host */
*cp = '\0';
! strcpy(host, hostp);
*cp = '/';
/* set port */
port = 80;
--- 1778,1785 ----
else if (*cp == '/') {
/* set host */
*cp = '\0';
! strncpy(host, hostp, sizeof(host)-1);
! host[sizeof(host)-1] = '\0';
*cp = '/';
/* set port */
port = 80;
***************
*** 1777,1783 ****
}
else {
/* set host */
! strcpy(host, hostp);
/* set port */
port = 80;
/* set remaining url */
--- 1788,1795 ----
}
else {
/* set host */
! strncpy(host, hostp, sizeof(host)-1);
! host[sizeof(host)-1] = '\0';
/* set port */
port = 80;
/* set remaining url */
***************
*** 1812,1818 ****
newuri = uri;
if (uri != NULL && strlen(uri) > 2 && uri[0] == '/' && uri[1] == '~') {
/* cut out the username */
! for (j = 0, i = 2; uri[i] != '\0' &&
( (uri[i] >= '0' && uri[i] <= '9')
|| (uri[i] >= 'a' && uri[i] <= 'z')
|| (uri[i] >= 'A' && uri[i] <= 'Z')); )
--- 1824,1830 ----
newuri = uri;
if (uri != NULL && strlen(uri) > 2 && uri[0] == '/' && uri[1] == '~') {
/* cut out the username */
! for (j = 0, i = 2; j < sizeof(user)-1 && uri[i] != '\0' &&
( (uri[i] >= '0' && uri[i] <= '9')
|| (uri[i] >= 'a' && uri[i] <= 'z')
|| (uri[i] >= 'A' && uri[i] <= 'Z')); )
***************
*** 1846,1852 ****
**
*/
! static void expand_map_lookups(request_rec *r, char *uri)
{
char newuri[MAX_STRING_LEN];
char *cpI;
--- 1858,1865 ----
**
*/
! #define limit_length(n) (n > LONG_STRING_LEN-1 ? LONG_STRING_LEN-1 : n)
! static void expand_map_lookups(request_rec *r, char *uri, int uri_len)
{
char newuri[MAX_STRING_LEN];
char *cpI;
***************
*** 1876,1902 ****
cpT = strchr(cpI, ':');
n = cpT-cpI;
! memcpy(mapname, cpI, n);
! mapname[n] = '\0';
cpI += n+1;
cpT2 = strchr(cpI, '|');
cpT = strchr(cpI, '}');
if (cpT2 != NULL && cpT2 < cpT) {
n = cpT2-cpI;
! memcpy(mapkey, cpI, n);
! mapkey[n] = '\0';
cpI += n+1;
n = cpT-cpI;
! memcpy(defaultvalue, cpI, n);
! defaultvalue[n] = '\0';
cpI += n+1;
}
else {
n = cpT-cpI;
! memcpy(mapkey, cpI, n);
! mapkey[n] = '\0';
cpI += n+1;
defaultvalue[0] = '\0';
--- 1889,1915 ----
cpT = strchr(cpI, ':');
n = cpT-cpI;
! memcpy(mapname, cpI, limit_length(n));
! mapname[limit_length(n)] = '\0';
cpI += n+1;
cpT2 = strchr(cpI, '|');
cpT = strchr(cpI, '}');
if (cpT2 != NULL && cpT2 < cpT) {
n = cpT2-cpI;
! memcpy(mapkey, cpI, limit_length(n));
! mapkey[limit_length(n)] = '\0';
cpI += n+1;
n = cpT-cpI;
! memcpy(defaultvalue, cpI, limit_length(n));
! defaultvalue[limit_length(n)] = '\0';
cpI += n+1;
}
else {
n = cpT-cpI;
! memcpy(mapkey, cpI, limit_length(n));
! mapkey[limit_length(n)] = '\0';
cpI += n+1;
defaultvalue[0] = '\0';
***************
*** 1905,1915 ****
--- 1918,1936 ----
cpT = lookup_map(r, mapname, mapkey);
if (cpT != NULL) {
n = strlen(cpT);
+ if (cpO + n >= newuri + sizeof(newuri)) {
+ log_printf(r->server, "insufficient space in expand_map_lookups, aborting");
+ return;
+ }
memcpy(cpO, cpT, n);
cpO += n;
}
else {
n = strlen(defaultvalue);
+ if (cpO + n >= newuri + sizeof(newuri)) {
+ log_printf(r->server, "insufficient space in expand_map_lookups, aborting");
+ return;
+ }
memcpy(cpO, defaultvalue, n);
cpO += n;
}
***************
*** 1919,1933 ****
if (cpT == NULL)
cpT = cpI+strlen(cpI);
n = cpT-cpI;
memcpy(cpO, cpI, n);
cpO += n;
cpI += n;
}
}
*cpO = '\0';
! strcpy(uri, newuri);
return;
}
--- 1940,1960 ----
if (cpT == NULL)
cpT = cpI+strlen(cpI);
n = cpT-cpI;
+ if (cpO + n >= newuri + sizeof(newuri)) {
+ log_printf(r->server, "insufficient space in expand_map_lookups, aborting");
+ return;
+ }
memcpy(cpO, cpI, n);
cpO += n;
cpI += n;
}
}
*cpO = '\0';
! strncpy(uri, newuri, uri_len-1);
! uri[uri_len-1] = '\0';
return;
}
+ #undef limit_length
***************
*** 2034,2040 ****
if ((fp = pfopen(r->pool, file, "r")) == NULL)
return NULL;
! strcpy(output, MAPFILE_OUTPUT);
while (fgets(line, sizeof(line), fp) != NULL) {
if (line[strlen(line)-1] == '\n')
line[strlen(line)-1] = '\0';
--- 2061,2068 ----
if ((fp = pfopen(r->pool, file, "r")) == NULL)
return NULL;
! strncpy(output, MAPFILE_OUTPUT, sizeof(output)-1);
! output[sizeof(output)-1] = '\0';
while (fgets(line, sizeof(line), fp) != NULL) {
if (line[strlen(line)-1] == '\n')
line[strlen(line)-1] = '\0';
***************
*** 2044,2050 ****
if (regexec(lookup_map_txtfile_regexp, line) != 0) {
#endif
#ifdef HAS_APACHE_REGEX_LIB
! strcpy(result, pregsub(r->pool, output, line, lookup_map_txtfile_regexp->re_nsub+1, lookup_map_txtfile_regmatch)); /* substitute in output */
#else
regsub(lookup_map_txtfile_regexp, output, result);
#endif
--- 2072,2079 ----
if (regexec(lookup_map_txtfile_regexp, line) != 0) {
#endif
#ifdef HAS_APACHE_REGEX_LIB
! strncpy(result, pregsub(r->pool, output, line, lookup_map_txtfile_regexp->re_nsub+1, lookup_map_txtfile_regmatch), sizeof(result)-1); /* substitute in output */
! result[sizeof(result)-1] = '\0';
#else
regsub(lookup_map_txtfile_regexp, output, result);
#endif
***************
*** 2073,2079 ****
char buf[MAX_STRING_LEN];
dbmkey.dptr = key;
! dbmkey.dsize = strlen(key);
if ((dbmfp = dbm_open(file, O_RDONLY, 0666)) != NULL) {
dbmval = dbm_fetch(dbmfp, dbmkey);
if (dbmval.dptr != NULL) {
--- 2102,2108 ----
char buf[MAX_STRING_LEN];
dbmkey.dptr = key;
! dbmkey.dsize = strlen(key) < sizeof(buf) - 1 : strlen(key) ? sizeof(buf)-1;
if ((dbmfp = dbm_open(file, O_RDONLY, 0666)) != NULL) {
dbmval = dbm_fetch(dbmfp, dbmkey);
if (dbmval.dptr != NULL) {
***************
*** 2099,2105 ****
/* read in the response value */
i = 0;
! while (read(fpout, &c, 1) == 1 && (i < LONG_STRING_LEN)) {
if (c == '\n')
break;
buf[i++] = c;
--- 2128,2134 ----
/* read in the response value */
i = 0;
! while (read(fpout, &c, 1) == 1 && (i < LONG_STRING_LEN-1)) {
if (c == '\n')
break;
buf[i++] = c;
***************
*** 2216,2236 ****
(connect->remote_logname != NULL ? connect->remote_logname : "-"), " ",
ruser,
NULL);
! vsprintf(str2, text, ap);
! if (r->main == NULL)
! strcpy(type, "initial");
! else
! strcpy(type, "subreq");
for (i = 0, req = r->prev; req != NULL; req = req->prev)
;
if (i == 0)
strcpy(redir, "");
else
! sprintf(redir, "/redir#%d", i);
! sprintf(str3, "%s %s [%s/sid#%x][rid#%x/%s%s] (%d) %s\n", str1, current_logtime(r), r->server->server_hostname, (unsigned int)(r->server), (unsigned int)r, type, redir, level, str2);
write(conf->rewritelogfp, str3, strlen(str3));
--- 2245,2268 ----
(connect->remote_logname != NULL ? connect->remote_logname : "-"), " ",
ruser,
NULL);
! ap_vsnprintf(str2, sizeof(str2), text, ap);
! if (r->main == NULL) {
! strncpy(type, "initial", sizeof(type)-1);
! type[sizeof(type)-1] = '\0';
! } else {
! strncpy(type, "subreq", sizeof(type)-1);
! type[sizeof(type)-1] = '\0';
! }
for (i = 0, req = r->prev; req != NULL; req = req->prev)
;
if (i == 0)
strcpy(redir, "");
else
! ap_snprintf(redir, sizeof(redir), "/redir#%d", i);
! ap_snprintf(str3, sizeof(str3), "%s %s [%s/sid#%x][rid#%x/%s%s] (%d) %s\n", str1, current_logtime(r), r->server->server_hostname, (unsigned int)(r->server), (unsigned int)r, type, redir, level, str2);
write(conf->rewritelogfp, str3, strlen(str3));
***************
*** 2254,2265 ****
if(timz < 0)
timz = -timz;
! strftime(tstr, MAX_STRING_LEN,"[%d/%b/%Y:%H:%M:%S ",t);
#ifdef IS_APACHE_12
! sprintf(tstr + strlen(tstr), "%c%.2d%.2d]", sign, timz/60, timz%60);
#else
! sprintf(tstr + strlen(tstr), "%c%02ld%02ld]", sign, timz/3600, timz%3600);
#endif
return pstrdup(r->pool, tstr);
--- 2286,2297 ----
if(timz < 0)
timz = -timz;
! strftime(tstr, 80,"[%d/%b/%Y:%H:%M:%S ",t);
#ifdef IS_APACHE_12
! ap_snprintf(tstr + strlen(tstr), 80-strlen(tstr), "%c%.2d%.2d]", sign, timz/60, timz%60);
#else
! ap_snprintf(tstr + strlen(tstr), 80-strlen(tstr), "%c%02ld%02ld]", sign, timz/3600, timz%3600);
#endif
return pstrdup(r->pool, tstr);
***************
*** 2341,2352 ****
*/
! static void expand_variables_inbuffer(request_rec *r, char *buf)
{
char *newbuf;
newbuf = expand_variables(r, buf);
! if (strcmp(newbuf, buf) != 0)
! strcpy(buf, newbuf);
return;
}
--- 2373,2386 ----
*/
! static void expand_variables_inbuffer(request_rec *r, char *buf, int buf_len)
{
char *newbuf;
newbuf = expand_variables(r, buf);
! if (strcmp(newbuf, buf) != 0) {
! strncpy(buf, newbuf, buf_len-1);
! buf[buf_len-1] = '\0';
! }
return;
}
***************
*** 2359,2383 ****
char *cp3;
int expanded;
! strcpy(input, str);
output[0] = '\0';
expanded = 0;
for (cp = input; cp < input+MAX_STRING_LEN; ) {
if ((cp2 = strstr(cp, "%{")) != NULL) {
if ((cp3 = strstr(cp2, "}")) != NULL) {
*cp2 = '\0';
! strcpy(&output[strlen(output)], cp);
!
cp2 += 2;
*cp3 = '\0';
! strcpy(&output[strlen(output)], lookup_variable(r, cp2));
cp = cp3+1;
expanded = 1;
continue;
}
}
! strcpy(&output[strlen(output)], cp);
break;
}
return expanded ? pstrdup(r->pool, output) : str;
--- 2393,2418 ----
char *cp3;
int expanded;
! strncpy(input, str, sizeof(input)-1);
! input[sizeof(input)-1] = '\0';
output[0] = '\0';
expanded = 0;
for (cp = input; cp < input+MAX_STRING_LEN; ) {
if ((cp2 = strstr(cp, "%{")) != NULL) {
if ((cp3 = strstr(cp2, "}")) != NULL) {
*cp2 = '\0';
! strncpy(&output[strlen(output)], cp, sizeof(output)-strlen(output)-1);
cp2 += 2;
*cp3 = '\0';
! strncpy(&output[strlen(output)], lookup_variable(r, cp2), sizeof(output)-strlen(output)-1);
cp = cp3+1;
expanded = 1;
continue;
}
}
! strncpy(&output[strlen(output)], cp, sizeof(output)-strlen(output)-1);
! output[sizeof(output)-1] = '\0';
break;
}
return expanded ? pstrdup(r->pool, output) : str;
***************
*** 2468,2474 ****
result = r->server->server_hostname;
}
else if (strcasecmp(var, "SERVER_PORT") == 0) {
! sprintf(resultbuf, "%d", r->server->port);
result = resultbuf;
}
else if (strcasecmp(var, "SERVER_PROTOCOL") == 0) {
--- 2503,2509 ----
result = r->server->server_hostname;
}
else if (strcasecmp(var, "SERVER_PORT") == 0) {
! ap_snprintf(resultbuf, sizeof(resultbuf), "%d", r->server->port);
result = resultbuf;
}
else if (strcasecmp(var, "SERVER_PROTOCOL") == 0) {
***************
*** 2478,2484 ****
result = pstrdup(r->pool, SERVER_VERSION);
}
else if (strcasecmp(var, "API_VERSION") == 0) { /* non-standard */
! sprintf(resultbuf, "%d", MODULE_MAGIC_NUMBER);
result = resultbuf;
}
--- 2513,2519 ----
result = pstrdup(r->pool, SERVER_VERSION);
}
else if (strcasecmp(var, "API_VERSION") == 0) { /* non-standard */
! ap_snprintf(resultbuf, sizeof(resultbuf), "%d", MODULE_MAGIC_NUMBER);
result = resultbuf;
}
***************
*** 2486,2498 ****
else if (strcasecmp(var, "TIME_YEAR") == 0) {
tc = time(NULL);
tm = localtime(&tc);
! sprintf(resultbuf, "%02d%02d", (tm->tm_year / 100) + 19, tm->tm_year % 100);
result = resultbuf;
}
#define MKTIMESTR(format, tmfield) \
tc = time(NULL); \
tm = localtime(&tc); \
! sprintf(resultbuf, format, tm->tmfield); \
result = resultbuf;
else if (strcasecmp(var, "TIME_MON") == 0) {
MKTIMESTR("%02d", tm_mon+1)
--- 2521,2533 ----
else if (strcasecmp(var, "TIME_YEAR") == 0) {
tc = time(NULL);
tm = localtime(&tc);
! ap_snprintf(resultbuf, sizeof(resultbuf), "%02d%02d", (tm->tm_year / 100) + 19, tm->tm_year % 100);
result = resultbuf;
}
#define MKTIMESTR(format, tmfield) \
tc = time(NULL); \
tm = localtime(&tc); \
! ap_snprintf(resultbuf, sizeof(resultbuf), format, tm->tmfield); \
result = resultbuf;
else if (strcasecmp(var, "TIME_MON") == 0) {
MKTIMESTR("%02d", tm_mon+1)
***************
*** 2684,2690 ****
output = input;
/* first, remove the local directory prefix */
! strcpy(matchbuf, match);
/* allways have a trailing slash */
l = strlen(matchbuf);
if (matchbuf[l-1] != '/') {
--- 2719,2727 ----
output = input;
/* first, remove the local directory prefix */
! strncpy(matchbuf, match, sizeof(matchbuf)-1);
! matchbuf[sizeof(matchbuf)-1] = '\0';
!
/* allways have a trailing slash */
l = strlen(matchbuf);
if (matchbuf[l-1] != '/') {
***************
*** 2697,2703 ****
output = pstrdup(r->pool, output+l);
/* and now add the base-URL as replacement prefix */
! strcpy(substbuf, subst);
/* allways have a trailing slash */
l = strlen(substbuf);
if (substbuf[l-1] != '/') {
--- 2734,2741 ----
output = pstrdup(r->pool, output+l);
/* and now add the base-URL as replacement prefix */
! strncpy(substbuf, subst, sizeof(substbuf)-1);
! substbuf[sizeof(substbuf)-1] = '\0';
/* allways have a trailing slash */
l = strlen(substbuf);
if (substbuf[l-1] != '/') {
***************
*** 2806,2812 ****
char curpath[LONG_STRING_LEN];
char *cp;
! strcpy(curpath, path);
if (curpath[0] != '/')
return 0;
if ((cp = strchr(curpath+1, '/')) != NULL)
--- 2844,2851 ----
char curpath[LONG_STRING_LEN];
char *cp;
! strncpy(curpath, path, sizeof(curpath)-1);
! curpath[sizeof(curpath)-1] = '\0';
if (curpath[0] != '/')
return 0;
if ((cp = strchr(curpath+1, '/')) != NULL)
Index: mod_rewrite.h
===================================================================
RCS file: /home/marcs/archive/apache/cvs/apache/src/mod_rewrite.h,v
retrieving revision 1.14
diff -c -r1.14 mod_rewrite.h
*** mod_rewrite.h 1997/01/01 18:10:40 1.14
--- mod_rewrite.h 1997/01/18 07:23:15
***************
*** 333,339 ****
static void splitout_queryargs(request_rec *r);
static void reduce_uri(request_rec *r);
static char *expand_tildepaths(request_rec *r, char *uri);
! static void expand_map_lookups(request_rec *r, char *uri);
/* DBM hashfile support functions */
static char *lookup_map(request_rec *r, char *name, char *key);
--- 333,339 ----
static void splitout_queryargs(request_rec *r);
static void reduce_uri(request_rec *r);
static char *expand_tildepaths(request_rec *r, char *uri);
! static void expand_map_lookups(request_rec *r, char *uri, int uri_len);
/* DBM hashfile support functions */
static char *lookup_map(request_rec *r, char *name, char *key);
***************
*** 354,360 ****
static void rewritemap_program_child(void *cmd);
/* env variable support */
! static void expand_variables_inbuffer(request_rec *r, char *buf);
static char *expand_variables(request_rec *r, char *str);
static char *lookup_variable(request_rec *r, char *var);
static char *lookup_header(request_rec *r, const char *name);
--- 354,360 ----
static void rewritemap_program_child(void *cmd);
/* env variable support */
! static void expand_variables_inbuffer(request_rec *r, char *buf, int buf_len);
static char *expand_variables(request_rec *r, char *str);
static char *lookup_variable(request_rec *r, char *var);
static char *lookup_header(request_rec *r, const char *name);
Index: mod_usertrack.c
===================================================================
RCS file: /home/marcs/archive/apache/cvs/apache/src/mod_usertrack.c,v
retrieving revision 1.7
diff -c -r1.7 mod_usertrack.c
*** mod_usertrack.c 1997/01/01 18:10:42 1.7
--- mod_usertrack.c 1997/01/15 07:25:59
***************
*** 121,128 ****
cookie_log_state *cls = get_module_config (r->server->module_config,
&usertrack_module);
struct timeval tv;
! char *new_cookie = palloc( r->pool, 100); /* 100 = blurgh */
! char *cookiebuf = palloc( r->pool, 100);
char *dot;
const char *rname = pstrdup(r->pool,
get_remote_host(r->connection, r->per_dir_config,
--- 121,129 ----
cookie_log_state *cls = get_module_config (r->server->module_config,
&usertrack_module);
struct timeval tv;
! /* 1024 == hardcoded constants */
! char *new_cookie = palloc( r->pool, 1024);
! char *cookiebuf = palloc( r->pool, 1024);
char *dot;
const char *rname = pstrdup(r->pool,
get_remote_host(r->connection, r->per_dir_config,
***************
*** 133,139 ****
if ((dot = strchr(rname,'.'))) *dot='\0'; /* First bit of hostname */
gettimeofday(&tv, &tz);
! sprintf(cookiebuf, "%s%d%ld%d", rname, (int)getpid(),
(long)tv.tv_sec, (int)tv.tv_usec/1000);
if (cls->expires) {
--- 134,140 ----
if ((dot = strchr(rname,'.'))) *dot='\0'; /* First bit of hostname */
gettimeofday(&tv, &tz);
! ap_snprintf(cookiebuf, 1024, "%s%d%ld%d", rname, (int)getpid(),
(long)tv.tv_sec, (int)tv.tv_usec/1000);
if (cls->expires) {
***************
*** 154,160 ****
tms = gmtime(&when);
/* Cookie with date; as strftime '%a, %d-%h-%y %H:%M:%S GMT' */
! sprintf(new_cookie,
"%s%s; path=/; expires=%s, %.2d-%s-%.2d %.2d:%.2d:%.2d GMT",
COOKIE_NAME, cookiebuf, days[tms->tm_wday],
tms->tm_mday, month_snames[tms->tm_mon],
--- 155,161 ----
tms = gmtime(&when);
/* Cookie with date; as strftime '%a, %d-%h-%y %H:%M:%S GMT' */
! ap_snprintf(new_cookie, 1024,
"%s%s; path=/; expires=%s, %.2d-%s-%.2d %.2d:%.2d:%.2d GMT",
COOKIE_NAME, cookiebuf, days[tms->tm_wday],
tms->tm_mday, month_snames[tms->tm_mon],
***************
*** 162,168 ****
tms->tm_hour, tms->tm_min, tms->tm_sec);
}
else
! sprintf(new_cookie,"%s%s; path=/", COOKIE_NAME, cookiebuf);
table_set(r->headers_out,"Set-Cookie",new_cookie);
table_set(r->notes, "cookie", cookiebuf); /* log first time */
--- 163,169 ----
tms->tm_hour, tms->tm_min, tms->tm_sec);
}
else
! ap_snprintf(new_cookie, 1024, "%s%s; path=/", COOKIE_NAME, cookiebuf);
table_set(r->headers_out,"Set-Cookie",new_cookie);
table_set(r->notes, "cookie", cookiebuf); /* log first time */
Index: rfc1413.c
===================================================================
RCS file: /home/marcs/archive/apache/cvs/apache/src/rfc1413.c,v
retrieving revision 1.7
diff -c -r1.7 rfc1413.c
*** rfc1413.c 1997/01/01 18:10:43 1.7
--- rfc1413.c 1997/01/18 07:45:12
***************
*** 143,149 ****
return -1;
/* send the data */
! sprintf(buffer, "%u,%u\r\n", ntohs(rmt_sin->sin_port),
ntohs(our_sin->sin_port));
do i = write(sock, buffer, strlen(buffer));
while (i == -1 && errno == EINTR);
--- 143,149 ----
return -1;
/* send the data */
! ap_snprintf(buffer, sizeof(buffer), "%u,%u\r\n", ntohs(rmt_sin->sin_port),
ntohs(our_sin->sin_port));
do i = write(sock, buffer, strlen(buffer));
while (i == -1 && errno == EINTR);
Index: util.c
===================================================================
RCS file: /home/marcs/archive/apache/cvs/apache/src/util.c,v
retrieving revision 1.39
diff -c -r1.39 util.c
*** util.c 1997/01/10 11:43:08 1.39
--- util.c 1997/01/15 07:32:22
***************
*** 95,101 ****
tms = gmtime(&sec);
/* RFC date format; as strftime '%a, %d %b %Y %T GMT' */
! sprintf(ts, "%s, %.2d %s %d %.2d:%.2d:%.2d GMT", days[tms->tm_wday],
tms->tm_mday, month_snames[tms->tm_mon], tms->tm_year + 1900,
tms->tm_hour, tms->tm_min, tms->tm_sec);
--- 95,102 ----
tms = gmtime(&sec);
/* RFC date format; as strftime '%a, %d %b %Y %T GMT' */
! ap_snprintf(ts, sizeof(ts),
! "%s, %.2d %s %d %.2d:%.2d:%.2d GMT", days[tms->tm_wday],
tms->tm_mday, month_snames[tms->tm_mon], tms->tm_year + 1900,
tms->tm_hour, tms->tm_min, tms->tm_sec);
***************
*** 758,769 ****
}
char *construct_server(pool *p, const char *hostname, int port) {
! char portnum[10]; /* Long enough. Really! */
if (port == 80)
return (char *)hostname;
else {
! sprintf (portnum, "%d", port);
return pstrcat (p, hostname, ":", portnum, NULL);
}
}
--- 759,771 ----
}
char *construct_server(pool *p, const char *hostname, int port) {
! char portnum[22];
! /* Long enough, even if port > 16 bits for some reason */
if (port == 80)
return (char *)hostname;
else {
! ap_snprintf (portnum, sizeof(portnum), "%d", port);
return pstrcat (p, hostname, ":", portnum, NULL);
}
}
***************
*** 1307,1313 ****
int offset;
offset = 0;
! for (loop=0; loop < (strlen(path) + 1); loop++) {
if (path[loop] == '/') {
newpath[offset] = '\\';
/*
--- 1309,1315 ----
int offset;
offset = 0;
! for (loop=0; loop < (strlen(path) + 1) && loop < sizeof(newpath)-1; loop++) {
if (path[loop] == '/') {
newpath[offset] = '\\';
/*
Index: util_script.c
===================================================================
RCS file: /home/marcs/archive/apache/cvs/apache/src/util_script.c,v
retrieving revision 1.40
diff -c -r1.40 util_script.c
*** util_script.c 1997/01/16 07:57:29 1.40
--- util_script.c 1997/01/18 07:50:28
***************
*** 93,98 ****
--- 93,99 ----
av[idx] = escape_shell_cmd(r->pool, t);
av[idx] = t;
idx++;
+ if (idx >= APACHE_ARG_MAX-1) break;
while ((t = strtok(NULL, "+")) != NULL) {
unescape_url(t);
***************
*** 100,111 ****
av[idx] = escape_shell_cmd(r->pool, t);
av[idx] = t;
idx++;
}
va_end(args);
}
va_end(args);
! av[idx] = NULL;
return av;
}
--- 101,113 ----
av[idx] = escape_shell_cmd(r->pool, t);
av[idx] = t;
idx++;
+ if (idx >= APACHE_ARG_MAX-1) break;
}
va_end(args);
}
va_end(args);
! av[idx] = '\0';
return av;
}
***************
*** 177,183 ****
table_set (e, http2env (r->pool, hdrs[i].key), hdrs[i].val);
}
! sprintf(port, "%d", s->port);
if(!(env_path = getenv("PATH")))
env_path=DEFAULT_PATH;
--- 179,185 ----
table_set (e, http2env (r->pool, hdrs[i].key), hdrs[i].val);
}
! ap_snprintf(port, sizeof(port), "%d", s->port);
if(!(env_path = getenv("PATH")))
env_path=DEFAULT_PATH;
***************
*** 193,199 ****
table_set (e, "SERVER_ADMIN", s->server_admin); /* Apache */
table_set (e, "SCRIPT_FILENAME", r->filename); /* Apache */
! sprintf(port, "%d", ntohs(c->remote_addr.sin_port));
table_set (e, "REMOTE_PORT", port); /* Apache */
if (c->user) table_set(e, "REMOTE_USER", c->user);
--- 195,201 ----
table_set (e, "SERVER_ADMIN", s->server_admin); /* Apache */
table_set (e, "SCRIPT_FILENAME", r->filename); /* Apache */
! ap_snprintf(port, sizeof(port), "%d", ntohs(c->remote_addr.sin_port));
table_set (e, "REMOTE_PORT", port); /* Apache */
if (c->user) table_set(e, "REMOTE_USER", c->user);
***************
*** 389,399 ****
else if(size < 1024)
strcpy(ss, " 1k");
else if(size < 1048576)
! sprintf(ss, "%4dk", (size + 512) / 1024);
else if(size < 103809024)
! sprintf(ss, "%4.1fM", size / 1048576.0);
else
! sprintf(ss, "%4dM", (size + 524288) / 1048576);
rputs(ss, r);
}
--- 391,401 ----
else if(size < 1024)
strcpy(ss, " 1k");
else if(size < 1048576)
! ap_snprintf(ss, sizeof(ss), "%4dk", (size + 512) / 1024);
else if(size < 103809024)
! ap_snprintf(ss, sizeof(ss), "%4.1fM", size / 1048576.0);
else
! ap_snprintf(ss, sizeof(ss), "%4dM", (size + 524288) / 1048576);
rputs(ss, r);
}
***************
*** 473,479 ****
program = fopen (r->filename, "r");
if (!program) {
char err_string[HUGE_STRING_LEN];
! sprintf(err_string, "open of %s failed, errno is %d\n", r->filename, errno);
/* write(2, err_string, strlen(err_string)); */
/* exit(0); */
log_unixerr("fopen", NULL, err_string, r->server);
--- 475,481 ----
program = fopen (r->filename, "r");
if (!program) {
char err_string[HUGE_STRING_LEN];
! ap_snprintf(err_string, sizeof(err_string), "open of %s failed, errno is %d\n", r->filename, errno);
/* write(2, err_string, strlen(err_string)); */
/* exit(0); */
log_unixerr("fopen", NULL, err_string, r->server);
Index: modules/proxy/proxy_cache.c
===================================================================
RCS file: /home/marcs/archive/apache/cvs/apache/src/modules/proxy/proxy_cache.c,v
retrieving revision 1.8
diff -c -r1.8 proxy_cache.c
*** proxy_cache.c 1997/01/01 18:20:01 1.8
--- proxy_cache.c 1997/01/18 04:37:25
***************
*** 194,200 ****
struct gc_ent *fent;
int nfiles=0;
! sprintf(cachedir,"%s%s",cachebasedir,cachesubdir);
Explain1("GC Examining directory %s",cachedir);
dir = opendir(cachedir);
if (dir == NULL)
--- 194,200 ----
struct gc_ent *fent;
int nfiles=0;
! ap_snprintf(cachedir, sizeof(cachedir), "%s%s",cachebasedir,cachesubdir);
Explain1("GC Examining directory %s",cachedir);
dir = opendir(cachedir);
if (dir == NULL)
***************
*** 251,260 ****
{
char newcachedir[HUGE_STRING_LEN];
close(fd);
! sprintf(newcachedir,"%s%s/",cachesubdir,ent->d_name);
if(!sub_garbage_coll(r,files,cachebasedir,newcachedir))
{
! sprintf(newcachedir,"%s%s",cachedir,ent->d_name);
#if TESTING
fprintf(stderr,"Would remove directory %s\n",newcachedir);
#else
--- 251,262 ----
{
char newcachedir[HUGE_STRING_LEN];
close(fd);
! ap_snprintf(newcachedir, sizeof(newcachedir),
! "%s%s/",cachesubdir,ent->d_name);
if(!sub_garbage_coll(r,files,cachebasedir,newcachedir))
{
! ap_snprintf(newcachedir, sizeof(newcachedir),
! "%s%s",cachedir,ent->d_name);
#if TESTING
fprintf(stderr,"Would remove directory %s\n",newcachedir);
#else
***************
*** 383,389 ****
if (q == NULL)
{
p = palloc(pool, 15);
! sprintf(p, "%u", c->len);
proxy_add_header(c->hdrs, "Content-Length", p, HDR_REP);
}
}
--- 385,391 ----
if (q == NULL)
{
p = palloc(pool, 15);
! ap_snprintf(p, 15, "%u", c->len);
proxy_add_header(c->hdrs, "Content-Length", p, HDR_REP);
}
}
Index: modules/proxy/proxy_ftp.c
===================================================================
RCS file: /home/marcs/archive/apache/cvs/apache/src/modules/proxy/proxy_ftp.c,v
retrieving revision 1.7
diff -c -r1.7 proxy_ftp.c
*** proxy_ftp.c 1997/01/07 21:51:57 1.7
--- proxy_ftp.c 1997/01/18 08:23:57
***************
*** 158,164 ****
/* now, rebuild URL */
! if (port != DEFAULT_FTP_PORT) sprintf(sport, ":%d", port);
else sport[0] = '\0';
r->filename = pstrcat(pool, "proxy:ftp://", (user != NULL) ? user : "",
--- 158,164 ----
/* now, rebuild URL */
! if (port != DEFAULT_FTP_PORT) ap_snprintf(sport, sizeof(sport), ":%d", port);
else sport[0] = '\0';
r->filename = pstrcat(pool, "proxy:ftp://", (user != NULL) ? user : "",
***************
*** 221,232 ****
char buf[IOBUFSIZE];
char buf2[IOBUFSIZE];
char *filename;
! char urlptr[100];
long total_bytes_sent;
register int n, o, w;
conn_rec *con = r->connection;
! sprintf(buf,"<HTML><HEAD><TITLE>%s</TITLE></HEAD><BODY><H1>Directory %s</H1><HR><PRE>", url, url);
bwrite(con->client, buf, strlen(buf));
if (f2 != NULL) bwrite(f2, buf, strlen(buf));
total_bytes_sent=strlen(buf);
--- 221,232 ----
char buf[IOBUFSIZE];
char buf2[IOBUFSIZE];
char *filename;
! char urlptr[HUGE_STRING_LEN];
long total_bytes_sent;
register int n, o, w;
conn_rec *con = r->connection;
! ap_snprintf(buf, sizeof(buf), "<HTML><HEAD><TITLE>%s</TITLE></HEAD><BODY><H1>Directory %s</H1><HR><PRE>", url, url);
bwrite(con->client, buf, strlen(buf));
if (f2 != NULL) bwrite(f2, buf, strlen(buf));
total_bytes_sent=strlen(buf);
***************
*** 248,256 ****
do filename--; while (filename[0]!=' ');
*(filename++)=0;
*(link++)=0;
! sprintf(urlptr, "%s%s%s",url,(url[strlen(url)-1]=='/' ? "" : "/"), filename);
! sprintf(buf2, "%s <A HREF=\"%s\">%s %s</A>\015\012", buf, urlptr, filename, link);
! strcpy(buf, buf2);
n=strlen(buf);
}
else if(buf[0]=='d' || buf[0]=='-' || buf[0]=='l')
--- 248,257 ----
do filename--; while (filename[0]!=' ');
*(filename++)=0;
*(link++)=0;
! ap_snprintf(urlptr, sizeof(urlptr), "%s%s%s",url,(url[strlen(url)-1]=='/' ? "" : "/"), filename);
! ap_snprintf(buf2, sizeof(urlptr), "%s <A HREF=\"%s\">%s %s</A>\015\012", buf, urlptr, filename, link);
! strncpy(buf, buf2, sizeof(buf)-1);
! buf[sizeof(buf)-1] = '\0';
n=strlen(buf);
}
else if(buf[0]=='d' || buf[0]=='-' || buf[0]=='l')
***************
*** 261,268 ****
/* Special handling for '.' and '..' */
if (!strcmp(filename, "."))
{
! sprintf(urlptr, "%s",url);
! sprintf(buf2, "%s <A HREF=\"%s\">%s</A>\015\012", buf, urlptr, filename);
}
else if (!strcmp(filename, ".."))
{
--- 262,269 ----
/* Special handling for '.' and '..' */
if (!strcmp(filename, "."))
{
! ap_snprintf(urlptr, sizeof(urlptr), "%s",url);
! ap_snprintf(buf2, sizeof(buf2), "%s <A HREF=\"%s\">%s</A>\015\012", buf, urlptr, filename);
}
else if (!strcmp(filename, ".."))
{
***************
*** 270,276 ****
char newpath[200];
char *method, *host, *path, *newfile;
! strcpy(temp,url);
method=temp;
host=strchr(method,':');
--- 271,278 ----
char newpath[200];
char *method, *host, *path, *newfile;
! strncpy(temp, url, sizeof(temp)-1);
! temp[sizeof(temp)-1] = '\0';
method=temp;
host=strchr(method,':');
***************
*** 282,301 ****
if (path == NULL) path="";
else *(path++)=0;
! strcpy(newpath,path);
newfile=strrchr(newpath,'/');
if (newfile) *(newfile)=0;
else newpath[0]=0;
! sprintf(urlptr,"%s://%s/%s",method,host,newpath);
! sprintf(buf2, "%s <A HREF=\"%s\">%s</A>\015\012", buf, urlptr, filename);
}
else
{
! sprintf(urlptr, "%s%s%s",url,(url[strlen(url)-1]=='/' ? "" : "/"), filename);
! sprintf(buf2, "%s <A HREF=\"%s\">%s</A>\015\012", buf, urlptr, filename);
}
! strcpy(buf, buf2);
n=strlen(buf);
}
--- 284,305 ----
if (path == NULL) path="";
else *(path++)=0;
! strncpy(newpath, path, sizeof(newpath)-1);
! newpath[sizeof(newpath)-1] = '\0';
newfile=strrchr(newpath,'/');
if (newfile) *(newfile)=0;
else newpath[0]=0;
! ap_snprintf(urlptr, sizeof(urlptr), "%s://%s/%s",method,host,newpath);
! ap_snprintf(buf2, sizeof(buf2), "%s <A HREF=\"%s\">%s</A>\015\012", buf, urlptr, filename);
}
else
{
! ap_snprintf(urlptr, sizeof(urlptr), "%s%s%s",url,(url[strlen(url)-1]=='/' ? "" : "/"), filename);
! ap_snprintf(buf2, sizeof(buf2), "%s <A HREF=\"%s\">%s</A>\015\012", buf, urlptr, filename);
}
! strncpy(buf, buf2, sizeof(buf));
! buf[sizeof(buf)-1] = '\0';
n=strlen(buf);
}
***************
*** 314,320 ****
o+=w;
}
}
! sprintf(buf,"</PRE><HR><I><A HREF=\"http://www.apache.org\">%s</A></I></BODY></HTML>", SERVER_VERSION);
bwrite(con->client, buf, strlen(buf));
if (f2 != NULL) bwrite(f2, buf, strlen(buf));
total_bytes_sent+=strlen(buf);
--- 318,324 ----
o+=w;
}
}
! ap_snprintf(buf, sizeof(buf), "</PRE><HR><I><A HREF=\"http://www.apache.org\">%s</A></I></BODY></HTML>", SERVER_VERSION);
bwrite(con->client, buf, strlen(buf));
if (f2 != NULL) bwrite(f2, buf, strlen(buf));
total_bytes_sent+=strlen(buf);
***************
*** 660,666 ****
{
char buff[22];
! sprintf(buff, "%s:%d", inet_ntoa(server.sin_addr), server.sin_port);
proxy_log_uerror("bind", buff,
"proxy: error binding to ftp data socket", r->server);
pclosef(pool, sock);
--- 664,670 ----
{
char buff[22];
! ap_snprintf(buff, sizeof(buff), "%s:%d", inet_ntoa(server.sin_addr), server.sin_port);
proxy_log_uerror("bind", buff,
"proxy: error binding to ftp data socket", r->server);
pclosef(pool, sock);
Index: modules/proxy/proxy_http.c
===================================================================
RCS file: /home/marcs/archive/apache/cvs/apache/src/modules/proxy/proxy_http.c,v
retrieving revision 1.12
diff -c -r1.12 proxy_http.c
*** proxy_http.c 1997/01/07 21:51:58 1.12
--- proxy_http.c 1997/01/18 04:44:20
***************
*** 100,106 ****
} else
search = NULL;
! if (port != def_port) sprintf(sport, ":%d", port);
else sport[0] = '\0';
r->filename = pstrcat(r->pool, "proxy:", scheme, "://", host, sport, "/",
--- 100,106 ----
} else
search = NULL;
! if (port != def_port) ap_snprintf(sport, sizeof(sport), ":%d", port);
else sport[0] = '\0';
r->filename = pstrcat(r->pool, "proxy:", scheme, "://", host, sport, "/",
Index: modules/proxy/proxy_util.c
===================================================================
RCS file: /home/marcs/archive/apache/cvs/apache/src/modules/proxy/proxy_util.c,v
retrieving revision 1.6
diff -c -r1.6 proxy_util.c
*** proxy_util.c 1997/01/01 18:20:03 1.6
--- proxy_util.c 1997/01/18 04:45:30
***************
*** 297,303 ****
if (mon == 12) return x;
if (strlen(x) < 31) x = palloc(p, 31);
! sprintf(x, "%s, %.2d %s %d %.2d:%.2d:%.2d GMT", wday[wk], mday,
months[mon], year, hour, min, sec);
return x;
}
--- 297,303 ----
if (mon == 12) return x;
if (strlen(x) < 31) x = palloc(p, 31);
! ap_snprintf(x, strlen(x)+1, "%s, %.2d %s %d %.2d:%.2d:%.2d GMT", wday[wk], mday,
months[mon], year, hour, min, sec);
return x;
}