httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From b..@hyperreal.org
Subject cvs commit: apache-1.3/src/os/win32 util_win32.c
Date Sat, 09 May 1998 15:00:50 GMT
ben         98/05/09 08:00:50

  Modified:    src/os/win32 util_win32.c
  Log:
  Check for buffer overflows.
  
  Revision  Changes    Path
  1.16      +20 -12    apache-1.3/src/os/win32/util_win32.c
  
  Index: util_win32.c
  ===================================================================
  RCS file: /export/home/cvs/apache-1.3/src/os/win32/util_win32.c,v
  retrieving revision 1.15
  retrieving revision 1.16
  diff -u -r1.15 -r1.16
  --- util_win32.c	1998/05/02 23:25:48	1.15
  +++ util_win32.c	1998/05/09 15:00:50	1.16
  @@ -1,11 +1,10 @@
   #include <windows.h>
  -#include <assert.h>
   #include <sys/stat.h>
   #include <stdarg.h>
   
   #include "httpd.h"
   
  -static void sub_canonical_filename(char *szCanon, const char *szFile)
  +static void sub_canonical_filename(char *szCanon, unsigned nCanon, const char *szFile)
   {
       char buf[HUGE_STRING_LEN];
       int n;
  @@ -14,8 +13,8 @@
       HANDLE h;
   
       n = GetFullPathName(szFile, sizeof buf, buf, &szFilePart);
  -    assert(n);
  -    assert(n < sizeof buf);
  +    ap_assert(n);
  +    ap_assert(n < sizeof buf);
   
       /* If we have \\machine\share, convert to \\machine\share\ */
       if (buf[0] == '\\' && buf[1] == '\\') {
  @@ -34,16 +33,17 @@
       }
   
       if (szFilePart < buf+3) {
  +	ap_assert(strlen(buf) < nCanon);
           strcpy(szCanon, buf);
   	if(szCanon[0] != '\\') { /* a \ at the start means it is UNC, otherwise it is x: */
  -	    assert(isalpha(szCanon[0]));
  -	    assert(szCanon[1] == ':');
  +	    ap_assert(isalpha(szCanon[0]));
  +	    ap_assert(szCanon[1] == ':');
   	    szCanon[2] = '/';
   	}
   	else {
   	    char *s;
   
  -	    assert(szCanon[1] == '\\');
  +	    ap_assert(szCanon[1] == '\\');
   	    for(s=szCanon ; *s ; ++s)
   		if(*s == '\\')
   		    *s='/';
  @@ -52,22 +52,27 @@
       }
       if (szFilePart != buf+3) {
           char b2[_MAX_PATH];
  -        assert(szFilePart > buf+3);
  +        ap_assert(szFilePart > buf+3);
   
           szFilePart[-1]='\0';
  -        sub_canonical_filename(b2, buf);
  +        sub_canonical_filename(b2, sizeof b2, buf);
   
  +	ap_assert(strlen(b2)+1 < nCanon);
           strcpy(szCanon, b2);
           strcat(szCanon, "/");
       }
       else {
  +	ap_assert(strlen(buf) < nCanon);
           strcpy(szCanon, buf);
           szCanon[2] = '/';
           szCanon[3] = '\0';
       }
  -    if (h == INVALID_HANDLE_VALUE)
  +    if (h == INVALID_HANDLE_VALUE) {
  +	ap_assert(strlen(szCanon)+strlen(szFilePart) < nCanon);
           strcat(szCanon, szFilePart);
  +    }
       else {
  +	ap_assert(strlen(szCanon)+strlen(d.cFileName) < nCanon);
           strlwr(d.cFileName);
           strcat(szCanon, d.cFileName);
       }
  @@ -83,16 +88,19 @@
       char b2[HUGE_STRING_LEN];
       char *s;
   
  +    ap_assert(strlen(szFile) < sizeof b2);
       strcpy(b2,szFile);
       for(s=b2 ; *s ; ++s)
   	if(*s == '/')
   	    *s='\\';
   
  -    sub_canonical_filename(buf, b2);
  +    sub_canonical_filename(buf, sizeof buf, b2);
       buf[0]=tolower(buf[0]);
   
  -    if (*szFile && szFile[strlen(szFile)-1] == '/' && buf[strlen(buf)-1]
!= '/')
  +    if (*szFile && szFile[strlen(szFile)-1] == '/' && buf[strlen(buf)-1]
!= '/') {
  +	ap_assert(strlen(buf)+1 < sizeof buf);
           strcat(buf, "/");
  +    }
   
       return ap_pstrdup(pPool, buf);
   }
  
  
  

Mime
View raw message