dgaudet 97/12/19 15:53:02
Modified: src CHANGES
src/modules/standard mod_mime_magic.c
Log:
- fix an off-by-1 on read() which I think I introduced in an
earlier cleanup
- fix case where m->desc[] may be left unterminated
- note some code which is not multithread safe
Reviewed by: Jim Jagielski, Marc Slemko
Revision Changes Path
1.532 +3 -0 apachen/src/CHANGES
Index: CHANGES
===================================================================
RCS file: /export/home/cvs/apachen/src/CHANGES,v
retrieving revision 1.531
retrieving revision 1.532
diff -u -r1.531 -r1.532
--- CHANGES 1997/12/19 18:24:50 1.531
+++ CHANGES 1997/12/19 23:52:58 1.532
@@ -1,5 +1,8 @@
Changes with Apache 1.3b4
+ *) Fix an off-by-1, and an unterminated string error in
+ mod_mime_magic. [Dean Gaudet]
+
*) Fix a potential SEGV problem in mod_negotiation when dealing
with type-maps. [Dean Gaudet]
1.21 +8 -8 apachen/src/modules/standard/mod_mime_magic.c
Index: mod_mime_magic.c
===================================================================
RCS file: /export/home/cvs/apachen/src/modules/standard/mod_mime_magic.c,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -r1.20 -r1.21
--- mod_mime_magic.c 1997/11/16 01:52:23 1.20
+++ mod_mime_magic.c 1997/12/19 23:53:01 1.21
@@ -881,7 +881,7 @@
/*
* try looking at the first HOWMANY bytes
*/
- if ((nbytes = read(fd, (char *) buf, sizeof(buf))) == -1) {
+ if ((nbytes = read(fd, (char *) buf, sizeof(buf) - 1)) == -1) {
aplog_error(APLOG_MARK, APLOG_ERR, r->server,
MODNAME ": read failed: %s", r->filename);
return HTTP_INTERNAL_SERVER_ERROR;
@@ -1086,7 +1086,6 @@
*/
static int parse(server_rec *serv, pool *p, char *l, int lineno)
{
- int i = 0;
struct magic *m;
char *t, *s;
magic_server_config_rec *conf = (magic_server_config_rec *)
@@ -1297,14 +1296,13 @@
}
else
m->nospflag = 0;
- while ((m->desc[i++] = *l++) != '\0' && i < MAXDESC)
- /* NULLBODY */ ;
+ strncpy(m->desc, l, sizeof(m->desc) - 1);
+ m->desc[sizeof(m->desc) - 1] = '\0';
#if MIME_MAGIC_DEBUG
aplog_error(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, serv,
MODNAME ": parse line=%d m=%x next=%x cont=%d desc=%s",
- lineno, m, m->next, m->cont_level,
- m->desc ? m->desc : "NULL");
+ lineno, m, m->next, m->cont_level, m->desc);
#endif /* MIME_MAGIC_DEBUG */
return 0;
@@ -1650,7 +1648,7 @@
MODNAME ": line=%d mc=%x mc->next=%x cont=%d desc=%s",
m_cont->lineno, m_cont,
m_cont->next, m_cont->cont_level,
- m_cont->desc ? m_cont->desc : "NULL");
+ m_cont->desc);
#endif
/*
* this trick allows us to keep *m in sync when the continue
@@ -1779,6 +1777,7 @@
case DATE:
case BEDATE:
case LEDATE:
+ /* XXX: not multithread safe */
pp = ctime((time_t *) & p->l);
if ((rt = strchr(pp, '\n')) != NULL)
*rt = '\0';
@@ -1842,10 +1841,10 @@
struct magic *m, int nbytes)
{
long offset = m->offset;
+
if (offset + sizeof(union VALUETYPE) > nbytes)
return 0;
-
memcpy(p, s + offset, sizeof(union VALUETYPE));
if (!mconvert(r, p, m))
@@ -2066,6 +2065,7 @@
s = (unsigned char *) memcpy(nbuf, buf, small_nbytes);
s[small_nbytes] = '\0';
has_escapes = (memchr(s, '\033', small_nbytes) != NULL);
+ /* XXX: not multithread safe */
while ((token = strtok((char *) s, " \t\n\r\f")) != NULL) {
s = NULL; /* make strtok() keep on tokin' */
for (p = names; p < names + NNAMES; p++) {
