You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by Brian Behlendorf <br...@hyperreal.com> on 1996/09/28 05:10:42 UTC
cvs commit: apache/src mod_imap.c
brian 96/09/27 20:10:41
Modified: src mod_imap.c
Log:
Changed strcpy's to use strncpy for security reasons. Also upped
SMALLBUF to 256, which is the URL length that HTTP applications
are supposed to support. Longterm, strncpy should be removed and
pool-based memory management used, and SMALLBUF should disappear.
Revision Changes Path
1.11 +10 -10 apache/src/mod_imap.c
Index: mod_imap.c
===================================================================
RCS file: /export/home/cvs/apache/src/mod_imap.c,v
retrieving revision 1.10
retrieving revision 1.11
diff -C3 -r1.10 -r1.11
*** mod_imap.c 1996/08/20 11:51:11 1.10
--- mod_imap.c 1996/09/28 03:10:37 1.11
***************
*** 50,56 ****
*
*/
! /* $Id: mod_imap.c,v 1.10 1996/08/20 11:51:11 paul Exp $ */
/*
* This imagemap module started as a port of the original imagemap.c
* written by Rob McCool (11/13/93 robm@ncsa.uiuc.edu).
--- 50,56 ----
*
*/
! /* $Id: mod_imap.c,v 1.11 1996/09/28 03:10:37 brian Exp $ */
/*
* This imagemap module started as a port of the original imagemap.c
* written by Rob McCool (11/13/93 robm@ncsa.uiuc.edu).
***************
*** 98,104 ****
#define IMAP_MAGIC_TYPE "application/x-httpd-imap"
#define LARGEBUF 500
! #define SMALLBUF 100
#define MAXVERTS 100
#define X 0
#define Y 1
--- 98,104 ----
#define IMAP_MAGIC_TYPE "application/x-httpd-imap"
#define LARGEBUF 500
! #define SMALLBUF 256
#define MAXVERTS 100
#define X 0
#define Y 1
***************
*** 377,390 ****
}
if ( ! strcasecmp(value, "nocontent") || ! strcasecmp(value, "error") ) {
! strcpy(url, value);
return; /* these are handled elsewhere, so just copy them */
}
if ( ! strcasecmp(value, "referer" ) ) {
referer = table_get(r->headers_in, "Referer");
if ( referer && *referer ) {
! strcpy(url, referer);
return;
}
else {
--- 377,390 ----
}
if ( ! strcasecmp(value, "nocontent") || ! strcasecmp(value, "error") ) {
! strncpy(url, value, SMALLBUF);
return; /* these are handled elsewhere, so just copy them */
}
if ( ! strcasecmp(value, "referer" ) ) {
referer = table_get(r->headers_in, "Referer");
if ( referer && *referer ) {
! strncpy(url, referer, SMALLBUF);
return;
}
else {
***************
*** 396,408 ****
while ( isalpha(*string_pos) )
string_pos++; /* go along the URL from the map until a non-letter */
if ( *string_pos == ':' ) {
! strcpy(url, value); /* if letters and then a colon (like http:) */
return; /* it's an absolute URL, so use it! */
}
if ( ! base || ! *base ) {
if ( value && *value ) {
! strcpy(url, value); /* no base: use what is given */
}
else {
if (r->server->port == 80 ) {
--- 396,408 ----
while ( isalpha(*string_pos) )
string_pos++; /* go along the URL from the map until a non-letter */
if ( *string_pos == ':' ) {
! strncpy(url, value, SMALLBUF); /* if letters and then a colon (like http:) */
return; /* it's an absolute URL, so use it! */
}
if ( ! base || ! *base ) {
if ( value && *value ) {
! strncpy(url, value, SMALLBUF); /* no base: use what is given */
}
else {
if (r->server->port == 80 ) {
***************
*** 416,422 ****
return;
}
! strcpy(my_base, base); /* must be a relative URL to be combined with base */
string_pos = my_base;
while (*string_pos) {
if (*string_pos == '/' && *(string_pos+1) == '/') {
--- 416,422 ----
return;
}
! strncpy(my_base, base, SMALLBUF); /* must be a relative URL to be combined with base */
string_pos = my_base;
while (*string_pos) {
if (*string_pos == '/' && *(string_pos+1) == '/') {
***************
*** 699,705 ****
imap_url(r, NULL, value, mapdflt);
if (showmenu) { /* print the default if there's a menu */
if (! *href_text) { /* if we didn't find a "href text" */
! strcpy(href_text, mapdflt); /* use the href itself as text */
}
imap_url(r, base, mapdflt, redirect);
menu_default(r, imap_menu, redirect, href_text);
--- 699,705 ----
imap_url(r, NULL, value, mapdflt);
if (showmenu) { /* print the default if there's a menu */
if (! *href_text) { /* if we didn't find a "href text" */
! strncpy(href_text, mapdflt, SMALLBUF); /* use the href itself as text */
}
imap_url(r, base, mapdflt, redirect);
menu_default(r, imap_menu, redirect, href_text);
***************
*** 730,736 ****
if (showmenu) {
read_quoted(string_pos, href_text); /* href text could be here instead */
if (! *href_text) { /* if we didn't find a "href text" */
! strcpy(href_text, value); /* use the href itself in the menu */
}
imap_url(r, base, value, redirect);
menu_directive(r, imap_menu, redirect, href_text);
--- 730,736 ----
if (showmenu) {
read_quoted(string_pos, href_text); /* href text could be here instead */
if (! *href_text) { /* if we didn't find a "href text" */
! strncpy(href_text, value, SMALLBUF); /* use the href itself in the menu */
}
imap_url(r, base, value, redirect);
menu_directive(r, imap_menu, redirect, href_text);
***************
*** 775,781 ****
if ( ! strcasecmp(directive, "point" ) ) { /* point */
if (is_closer(testpoint, pointarray, &closest_yet) ) {
! strcpy(closest, value); /* if the closest point yet save it */
}
continue;
--- 775,781 ----
if ( ! strcasecmp(directive, "point" ) ) { /* point */
if (is_closer(testpoint, pointarray, &closest_yet) ) {
! strncpy(closest, value, SMALLBUF); /* if the closest point yet save it */
}
continue;