pcs 99/02/16 04:28:11
Modified: src/os/win32/installer/installdll install.c install.dsp
install.mak
Log:
Use ap_snprintf when writing printf formats to fixed length buffers,
so avoid potential buffer overruns.
Revision Changes Path
1.4 +79 -34 apache-1.3/src/os/win32/installer/installdll/install.c
Index: install.c
===================================================================
RCS file:
/export/home/cvs/apache-1.3/src/os/win32/installer/installdll/install.c,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- install.c 1999/02/16 12:09:21 1.3
+++ install.c 1999/02/16 12:28:10 1.4
@@ -7,6 +7,8 @@
* 16/02/99 PCS 1.003 Add logging to "install.log" in the installed directory
*/
+#define VERSION ( "1.003 " __DATE__ " " __TIME__ )
+
#include <windows.h>
#include <winsock.h>
#include <string.h>
@@ -14,6 +16,13 @@
#include <direct.h>
#include <time.h>
+#include "conf.h"
+#include "ap.h"
+
+#ifdef strftime
+#undef strftime
+#endif
+
/* Global to store the instance handle */
HINSTANCE hInstance = NULL;
@@ -34,9 +43,9 @@
va_list ap;
struct tm *tms;
time_t nowtime;
- int bufsize = 4000;
char *bp = buf;
- int rc;
+ int rv;
+ int free = sizeof(buf);
if (!fpLog) {
return;
@@ -44,14 +53,20 @@
nowtime = time(NULL);
tms = localtime(&nowtime);
- rc = strftime(buf, 4000, "%c", tms);
- bp += rc;
- *bp++ = ' ';
+ rv = strftime(bp, free, "%c", tms);
+ bp += rv;
+ free -= rv;
+ if (free) {
+ *bp++ = ' ';
+ free--;
+ }
va_start(ap, fmt);
- wvsprintf(bp, fmt, ap);
+ rv = ap_vsnprintf(bp, free, fmt, ap);
va_end(ap);
+ free -= rv;
+
fprintf(fpLog, "%s\n", buf);
}
@@ -70,9 +85,6 @@
* the output string. The output string is given as a printf-format
* and replacement arguments. The hWnd, title and mb_opt fields are
* passed on to the Win32 MessageBox() call.
- *
- * We shouldn't use a fixed length buffer to build up the printf
- * text. Umm.
*/
#define AP_WIN32ERROR 1
@@ -80,31 +92,64 @@
int MessageBox_error(HWND hWnd, int opt, char *title,
int mb_opt, char *fmt, ...)
{
- char buf[4000];
+ char buf[1000];
va_list ap;
+ int free = sizeof(buf); /* Number of bytes free in the buffer */
+ int rv;
char *p;
va_start(ap, fmt);
- wvsprintf(buf, fmt, ap);
+ rv = ap_vsnprintf(buf, sizeof(buf), fmt, ap);
va_end(ap);
- if (opt & AP_WIN32ERROR) {
- char *p;
+ free -= rv;
- strcat(buf, "\r\r(");
- FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM,
- NULL,
- GetLastError(),
- 0,
- buf + strlen(buf),
- 4000 - strlen(buf),
- NULL);
- p = buf+strlen(buf)-1;
- while (*p == '\r' || *p == '\n')
- p--;
- p++;
- *p = '\0';
- strcat(buf, ")");
+ if (opt & AP_WIN32ERROR && free > 3) {
+ /* We checked in the "if" that we have enough space in buf for
+ * at least three extra characters.
+ */
+ p = buf + strlen(buf);
+ *p++ = '\r';
+ *p++ = '\r';
+ *p++ = '(';
+ free -= 3;
+ /* NB: buf is now not null terminated */
+
+ /* Now put the error message straight into buf. This function
+ * takes the free buffer size as the 6th argument.
+ */
+ rv = FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM,
+ NULL,
+ GetLastError(),
+ 0,
+ p,
+ free,
+ NULL);
+
+ if (rv == 0) {
+ /* FormatMessage failed, so get rid of the "\r\r(" we just placed
+ * in the buffer, since there is no system error message.
+ */
+ p -= 3;
+ *p = '\0';
+ free += 3;
+ } else {
+ free -= rv;
+ p += rv;
+
+ /* Strip any trailing \r or \n characters to make it look nice on
+ * the screen.
+ */
+ while (*(p-1) == '\r' || *(p-1) == '\n')
+ p--, free++;
+ *p = '\0';
+
+ /* Append a trailing ) */
+ if (free >= 1) {
+ *p++ = ')';
+ *p++ = '\0';
+ }
+ }
}
for (p = buf; *p; p++) {
@@ -112,7 +157,6 @@
*p = ' ';
}
}
-
LogMessage("MSG %s", buf);
return MessageBox(hWnd, buf, title, mb_opt);
@@ -318,8 +362,8 @@
FILE *infp;
FILE *outfp;
- sprintf(inFile, "%s\\%s", szInst, szinFile);
- sprintf(outFile, "%s\\%s", szInst, szoutFile);
+ ap_snprintf(inFile, sizeof(inFile), "%s\\%s", szInst, szinFile);
+ ap_snprintf(outFile, sizeof(outFile), "%s\\%s", szInst, szoutFile);
if (!(infp = fopen(inFile, "r"))) {
MessageBox_error(hwnd,
@@ -540,7 +584,8 @@
int end = 0;
OpenLog(szInst, "install.log");
- LogMessage("installdll started: src=%s support=%s inst=%s",
+ LogMessage("STARTED %s", VERSION);
+ LogMessage("src=%s support=%s inst=%s",
szSrcDir, szSupport, szInst);
FillInReplaceTable(hwnd, replaceHttpd, szInst);
@@ -571,7 +616,7 @@
case CMD_RM: {
char inFile[MAX_INPUT_LINE];
- sprintf(inFile, "%s\\%s", szInst, pactionItem->in);
+ ap_snprintf(inFile, sizeof(inFile), "%s\\%s", szInst,
pactionItem->in);
if (unlink(inFile) < 0 && !(pactionItem->options & OPT_SILENT)) {
MessageBox_error(hwnd, AP_WIN32ERROR, "Error during
configuration",
MB_ICONHAND,
@@ -585,7 +630,7 @@
case CMD_RMDIR: {
char inFile[MAX_INPUT_LINE];
- sprintf(inFile, "%s\\%s", szInst, pactionItem->in);
+ ap_snprintf(inFile, sizeof(inFile), "%s\\%s", szInst,
pactionItem->in);
if (rmdir(inFile) < 0) {
MessageBox_error(hwnd, AP_WIN32ERROR, "Error during
configuration",
MB_ICONHAND,
@@ -607,7 +652,7 @@
pactionItem++;
}
- LogMessage("install finished OK");
+ LogMessage("FINISHED OK");
CloseLog();
return 1;
1.2 +6 -2 apache-1.3/src/os/win32/installer/installdll/install.dsp
Index: install.dsp
===================================================================
RCS file:
/export/home/cvs/apache-1.3/src/os/win32/installer/installdll/install.dsp,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- install.dsp 1998/02/24 14:26:52 1.1
+++ install.dsp 1999/02/16 12:28:10 1.2
@@ -43,7 +43,7 @@
# PROP Ignore_Export_Lib 0
# PROP Target_Dir ""
# ADD BASE CPP /nologo /MT /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS"
/YX /FD /c
-# ADD CPP /nologo /MT /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /YX
/FD /c
+# ADD CPP /nologo /MT /W3 /GX /O2 /I "../../../../include" /D "WIN32" /D
"NDEBUG" /D "_WINDOWS" /YX /FD /c
# ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /o NUL /win32
# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /o NUL /win32
# ADD BASE RSC /l 0x809 /d "NDEBUG"
@@ -69,7 +69,7 @@
# PROP Ignore_Export_Lib 0
# PROP Target_Dir ""
# ADD BASE CPP /nologo /MTd /W3 /Gm /GX /Zi /Od /D "WIN32" /D "_DEBUG" /D
"_WINDOWS" /YX /FD /c
-# ADD CPP /nologo /MTd /W3 /Gm /GX /Zi /Od /D "WIN32" /D "_DEBUG" /D
"_WINDOWS" /YX /FD /c
+# ADD CPP /nologo /MTd /W3 /Gm /GX /Zi /Od /I "../../../../include" /D
"WIN32" /D "_DEBUG" /D "_WINDOWS" /YX /FD /c
# ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /o NUL /win32
# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /o NUL /win32
# ADD BASE RSC /l 0x809 /d "_DEBUG"
@@ -90,6 +90,10 @@
# Begin Group "Source Files"
# PROP Default_Filter ""
+# Begin Source File
+
+SOURCE=..\..\..\..\ap\ap_snprintf.c
+# End Source File
# Begin Source File
SOURCE=.\install.c
1.3 +144 -31 apache-1.3/src/os/win32/installer/installdll/install.mak
Index: install.mak
===================================================================
RCS file:
/export/home/cvs/apache-1.3/src/os/win32/installer/installdll/install.mak,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- install.mak 1998/05/07 13:23:37 1.2
+++ install.mak 1999/02/16 12:28:10 1.3
@@ -27,10 +27,6 @@
NULL=nul
!ENDIF
-CPP=cl.exe
-MTL=midl.exe
-RSC=rc.exe
-
!IF "$(CFG)" == "install - Win32 Release"
OUTDIR=.\Release
@@ -50,6 +46,7 @@
!ENDIF
CLEAN :
+ [EMAIL PROTECTED] "$(INTDIR)\ap_snprintf.obj"
[EMAIL PROTECTED] "$(INTDIR)\install.obj"
[EMAIL PROTECTED] "$(INTDIR)\vc50.idb"
[EMAIL PROTECTED] "$(OUTDIR)\install.dll"
@@ -59,11 +56,46 @@
"$(OUTDIR)" :
if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-CPP_PROJ=/nologo /MT /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS"\
- /Fp"$(INTDIR)\install.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c
+CPP=cl.exe
+CPP_PROJ=/nologo /MT /W3 /GX /O2 /I "../../../../include" /D "WIN32" /D\
+ "NDEBUG" /D "_WINDOWS" /Fp"$(INTDIR)\install.pch" /YX /Fo"$(INTDIR)\\"\
+ /Fd"$(INTDIR)\\" /FD /c
CPP_OBJS=.\Release/
CPP_SBRS=.
+
+.c{$(CPP_OBJS)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(CPP_OBJS)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(CPP_OBJS)}.obj::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.c{$(CPP_SBRS)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cpp{$(CPP_SBRS)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+.cxx{$(CPP_SBRS)}.sbr::
+ $(CPP) @<<
+ $(CPP_PROJ) $<
+<<
+
+MTL=midl.exe
MTL_PROJ=/nologo /D "NDEBUG" /mktyplib203 /o NUL /win32
+RSC=rc.exe
BSC32=bscmake.exe
BSC32_FLAGS=/nologo /o"$(OUTDIR)\install.bsc"
BSC32_SBRS= \
@@ -76,6 +108,7 @@
DEF_FILE= \
".\install.def"
LINK32_OBJS= \
+ "$(INTDIR)\ap_snprintf.obj" \
"$(INTDIR)\install.obj"
"$(OUTDIR)\install.dll" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
@@ -102,6 +135,7 @@
!ENDIF
CLEAN :
+ [EMAIL PROTECTED] "$(INTDIR)\ap_snprintf.obj"
[EMAIL PROTECTED] "$(INTDIR)\install.obj"
[EMAIL PROTECTED] "$(INTDIR)\vc50.idb"
[EMAIL PROTECTED] "$(INTDIR)\vc50.pdb"
@@ -114,33 +148,13 @@
"$(OUTDIR)" :
if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-CPP_PROJ=/nologo /MTd /W3 /Gm /GX /Zi /Od /D "WIN32" /D "_DEBUG" /D
"_WINDOWS"\
- /Fp"$(INTDIR)\install.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c
+CPP=cl.exe
+CPP_PROJ=/nologo /MTd /W3 /Gm /GX /Zi /Od /I "../../../../include" /D
"WIN32"\
+ /D "_DEBUG" /D "_WINDOWS" /Fp"$(INTDIR)\install.pch" /YX /Fo"$(INTDIR)\\"\
+ /Fd"$(INTDIR)\\" /FD /c
CPP_OBJS=.\Debug/
CPP_SBRS=.
-MTL_PROJ=/nologo /D "_DEBUG" /mktyplib203 /o NUL /win32
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\install.bsc"
-BSC32_SBRS= \
-
-LINK32=link.exe
-LINK32_FLAGS=kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib\
- advapi32.lib shell32.lib wsock32.lib /nologo /subsystem:windows /dll\
- /incremental:yes /pdb:"$(OUTDIR)\install.pdb" /debug /machine:I386\
- /def:".\install.def" /out:"$(OUTDIR)\install.dll"\
- /implib:"$(OUTDIR)\install.lib" /pdbtype:sept
-DEF_FILE= \
- ".\install.def"
-LINK32_OBJS= \
- "$(INTDIR)\install.obj"
-"$(OUTDIR)\install.dll" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
- $(LINK32) @<<
- $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
-
-!ENDIF
-
.c{$(CPP_OBJS)}.obj::
$(CPP) @<<
$(CPP_PROJ) $<
@@ -171,13 +185,112 @@
$(CPP_PROJ) $<
<<
+MTL=midl.exe
+MTL_PROJ=/nologo /D "_DEBUG" /mktyplib203 /o NUL /win32
+RSC=rc.exe
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\install.bsc"
+BSC32_SBRS= \
+
+LINK32=link.exe
+LINK32_FLAGS=kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib\
+ advapi32.lib shell32.lib wsock32.lib /nologo /subsystem:windows /dll\
+ /incremental:yes /pdb:"$(OUTDIR)\install.pdb" /debug /machine:I386\
+ /def:".\install.def" /out:"$(OUTDIR)\install.dll"\
+ /implib:"$(OUTDIR)\install.lib" /pdbtype:sept
+DEF_FILE= \
+ ".\install.def"
+LINK32_OBJS= \
+ "$(INTDIR)\ap_snprintf.obj" \
+ "$(INTDIR)\install.obj"
+
+"$(OUTDIR)\install.dll" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+ $(LINK32) @<<
+ $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+
+!ENDIF
+
!IF "$(CFG)" == "install - Win32 Release" || "$(CFG)" ==\
"install - Win32 Debug"
+SOURCE=..\..\..\..\ap\ap_snprintf.c
+
+!IF "$(CFG)" == "install - Win32 Release"
+
+DEP_CPP_AP_SN=\
+ "..\..\..\..\include\alloc.h"\
+ "..\..\..\..\include\ap.h"\
+ "..\..\..\..\include\ap_config.h"\
+ "..\..\..\..\include\ap_ctype.h"\
+ "..\..\..\..\include\ap_mmn.h"\
+ "..\..\..\..\include\buff.h"\
+ "..\..\..\..\include\hsregex.h"\
+ "..\..\..\..\include\httpd.h"\
+ "..\..\..\..\include\util_uri.h"\
+ "..\..\os.h"\
+ "..\..\readdir.h"\
+
+
+"$(INTDIR)\ap_snprintf.obj" : $(SOURCE) $(DEP_CPP_AP_SN) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF "$(CFG)" == "install - Win32 Debug"
+
+DEP_CPP_AP_SN=\
+ "..\..\..\..\include\alloc.h"\
+ "..\..\..\..\include\ap.h"\
+ "..\..\..\..\include\ap_config.h"\
+ "..\..\..\..\include\ap_ctype.h"\
+ "..\..\..\..\include\ap_mmn.h"\
+ "..\..\..\..\include\buff.h"\
+ "..\..\..\..\include\hsregex.h"\
+ "..\..\..\..\include\httpd.h"\
+ "..\..\..\..\include\util_uri.h"\
+ "..\..\os.h"\
+ "..\..\readdir.h"\
+
+
+"$(INTDIR)\ap_snprintf.obj" : $(SOURCE) $(DEP_CPP_AP_SN) "$(INTDIR)"
+ $(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF
+
SOURCE=.\install.c
+
+!IF "$(CFG)" == "install - Win32 Release"
+
+DEP_CPP_INSTA=\
+ "..\..\..\..\include\ap.h"\
+ "..\..\..\..\include\ap_config.h"\
+ "..\..\..\..\include\ap_ctype.h"\
+ "..\..\..\..\include\ap_mmn.h"\
+ "..\..\..\..\include\conf.h"\
+ "..\..\..\..\include\hsregex.h"\
+ "..\..\os.h"\
+
+
+"$(INTDIR)\install.obj" : $(SOURCE) $(DEP_CPP_INSTA) "$(INTDIR)"
-"$(INTDIR)\install.obj" : $(SOURCE) "$(INTDIR)"
+!ELSEIF "$(CFG)" == "install - Win32 Debug"
+
+DEP_CPP_INSTA=\
+ "..\..\..\..\include\ap.h"\
+ "..\..\..\..\include\ap_config.h"\
+ "..\..\..\..\include\ap_ctype.h"\
+ "..\..\..\..\include\ap_mmn.h"\
+ "..\..\..\..\include\conf.h"\
+ "..\..\..\..\include\hsregex.h"\
+ "..\..\os.h"\
+
+
+"$(INTDIR)\install.obj" : $(SOURCE) $(DEP_CPP_INSTA) "$(INTDIR)"
+
+
+!ENDIF
!ENDIF
