Received: by taz.hyperreal.com (8.8.3/V2.0) id IAA18404; Sat, 7 Dec 1996 08:20:21 -0800 (PST) Received: from pooh.pageplus.com by taz.hyperreal.com (8.8.3/V2.0) with ESMTP id IAA18399; Sat, 7 Dec 1996 08:20:17 -0800 (PST) Received: from pooh.pageplus.com (hsf@localhost [127.0.0.1]) by pooh.pageplus.com (8.8.3/8.7.3) with ESMTP id KAA22979 for ; Sat, 7 Dec 1996 10:12:04 -0700 Message-Id: <199612071712.KAA22979@pooh.pageplus.com> To: new-httpd@hyperreal.com Subject: mod_include.c patches MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----- =_aaaaaaaaaa0" Content-ID: <20059.849941675.0@pooh.pageplus.com> From: Howard Fear Date: Sat, 07 Dec 1996 10:12:04 -0700 Sender: new-httpd-owner@apache.org Precedence: bulk Reply-To: new-httpd@hyperreal.com ------- =_aaaaaaaaaa0 Content-Type: text/plain; charset="us-ascii" Content-ID: <20059.849941675.1@pooh.pageplus.com> Here are several patches for mod_include.c to fix recent reports. I'm not sure how to submit multiple patches to the list and I'm also not sure just how good patch is, so... I created the patches in the order listed and they will apply that way. I don't know if one can be skipped and have everything else apply correctly. 1) The patch that I submitted a couple of days ago which recieved one +1 and fizzled. Fixes an ommision that caused include variables to not be parsed in config errmsg directives. Potential incompatibilites are the same as the extensions of mod_include generally. 2) Patch submitted by Ben Yoshino to allow backslash quoting of characters that would otherwise be taken as value terminators. Ex: Potential incompatibilities only to people who carelessly throw around '\'s. 3) Patch to fix the other part of the problem report submitted by Ben Yoshino . I took that approach outlined in my email this morning and added a flag to parse_string to pass the variable name through on the exec cmd directive when the variable hasn't been defined. It will still substitute a null value for all other directives. It will also substitute a null value if the variable has been defined with a null value: # substitutes null (if fails) # echo '$notset' # echo '' I believe that this approach minimizes the potential incompatibilties for current ssi and xssi users. 4) Patch to fix compiler warnings reported by perrot@lal.in2p3.fr. Changes are cosmetic and shouldn't effect logic. -- Howard Fear email1: howard_fear@pageplus.com email2: howard_fear@redcape.com http://www.pageplus.com/~hsf/ ------- =_aaaaaaaaaa0 Content-Type: text/basic; charset="us-ascii" Content-ID: <20059.849941675.2@pooh.pageplus.com> Content-Description: patch1 *** mod_include.c.dist Sun Dec 1 13:29:05 1996 --- mod_include.c Fri Dec 6 20:51:53 1996 *************** *** 664,672 **** while(1) { if(!(tag_val = get_tag(r->pool, in, tag, MAX_STRING_LEN, 0))) return 1; ! if(!strcmp(tag,"errmsg")) ! strcpy(error,tag_val); ! else if(!strcmp(tag,"timefmt")) { time_t date = r->request_time; parse_string(r, tag_val, parsed_string, MAX_STRING_LEN); strcpy(tf,parsed_string); --- 664,673 ---- while(1) { if(!(tag_val = get_tag(r->pool, in, tag, MAX_STRING_LEN, 0))) return 1; ! if(!strcmp(tag,"errmsg")) { ! parse_string(r, tag_val, parsed_string, MAX_STRING_LEN); ! strcpy(error,parsed_string); ! } else if(!strcmp(tag,"timefmt")) { time_t date = r->request_time; parse_string(r, tag_val, parsed_string, MAX_STRING_LEN); strcpy(tf,parsed_string); ------- =_aaaaaaaaaa0 Content-Type: text/basic; charset="us-ascii" Content-ID: <20059.849941675.3@pooh.pageplus.com> Content-Description: patch2 *** mod_include.c.orig Sun Dec 1 10:29:05 1996 --- mod_include.c Thu Dec 5 18:31:52 1996 *************** *** 309,315 **** t[tagbuf_len - 1] = '\0'; return NULL; } ! if (c == term) break; *(t++) = c; } *t = '\0'; --- 309,321 ---- t[tagbuf_len - 1] = '\0'; return NULL; } ! /* Want to accept \" as a valid character within a string. */ ! if (c == '\\') { ! *(t++) = c; /* Add backslash */ ! GET_CHAR(in,c,NULL,p); ! if (c == term) /* Only if */ ! *(--t) = c; /* Replace backslash ONLY for terminator */ ! } else if (c == term) break; *(t++) = c; } *t = '\0'; ------- =_aaaaaaaaaa0 Content-Type: text/basic; charset="us-ascii" Content-ID: <20059.849941675.4@pooh.pageplus.com> Content-Description: patch3 Content-Transfer-Encoding: quoted-printable *** mod_include.c Fri Dec 6 23:19:53 1996 --- mod_include.c.3 Fri Dec 6 23:13:40 1996 *************** *** 347,353 **** /* * Do variable substitution on strings */ ! void parse_string(request_rec *r, char *in, char *out, int length) { char ch; char *next =3D out; --- 347,354 ---- /* * Do variable substitution on strings */ ! void parse_string(request_rec *r, char *in, char *out, int length, ! int leave_name) { char ch; char *next =3D out; *************** *** 391,405 **** in++; } = = - /* Leave single dollar signs like the shell does */ val =3D (char *)NULL; ! if (*var =3D=3D '\0') { ! if (strcmp(vtext, "$") =3D=3D 0) { ! var[0]=3D'$', var[1]=3D'\0'; ! val =3D &var[0]; ! } ! } else ! val =3D table_get (r->subprocess_env, &var[0]); = while ((val !=3D (char *)NULL) && (*val !=3D '\0')) { *next++ =3D *val++; if (++numchars =3D=3D (length -1)) break; --- 392,405 ---- in++; } = = val =3D (char *)NULL; ! if (var[0] =3D=3D '\0') { ! val =3D &vtext[0]; ! } else { ! val =3D table_get (r->subprocess_env, &var[0]); ! if (!val && leave_name) ! val =3D &vtext[0]; ! } while ((val !=3D (char *)NULL) && (*val !=3D '\0')) { *next++ =3D *val++; if (++numchars =3D=3D (length -1)) break; *************** *** 465,471 **** request_rec *rr=3DNULL; char *error_fmt =3D NULL; = ! parse_string(r, tag_val, parsed_string, MAX_STRING_LEN); if (tag[0] =3D=3D 'f') { /* be safe; only files in this directory or below allowed */ char tmp[MAX_STRING_LEN+2]; --- 465,471 ---- request_rec *rr=3DNULL; char *error_fmt =3D NULL; = ! parse_string(r, tag_val, parsed_string, MAX_STRING_LEN, 0); if (tag[0] =3D=3D 'f') { /* be safe; only files in this directory or below allowed */ char tmp[MAX_STRING_LEN+2]; *************** *** 609,615 **** if(!(tag_val =3D get_tag (r->pool, in, tag, MAX_STRING_LEN, 1))) return 1; if(!strcmp(tag,"cmd")) { ! parse_string(r, tag_val, parsed_string, MAX_STRING_LEN); if(include_cmd(parsed_string, r) =3D=3D -1) { log_printf(r->server, "unknown parameter %s to tag inclu= de in %s", tag, r->filename); --- 609,615 ---- if(!(tag_val =3D get_tag (r->pool, in, tag, MAX_STRING_LEN, 1))) return 1; if(!strcmp(tag,"cmd")) { ! parse_string(r, tag_val, parsed_string, MAX_STRING_LEN, 1); if(include_cmd(parsed_string, r) =3D=3D -1) { log_printf(r->server, "unknown parameter %s to tag inclu= de in %s", tag, r->filename); *************** *** 619,625 **** chdir_file(r->filename); } = else if(!strcmp(tag,"cgi")) { ! parse_string(r, tag_val, parsed_string, MAX_STRING_LEN); if(include_cgi(parsed_string, r) =3D=3D -1) { log_printf(r->server, "invalid CGI ref %s in %s",tag_val= ,file); rputs(error, r); --- 619,625 ---- chdir_file(r->filename); } = else if(!strcmp(tag,"cgi")) { ! parse_string(r, tag_val, parsed_string, MAX_STRING_LEN, 0); if(include_cgi(parsed_string, r) =3D=3D -1) { log_printf(r->server, "invalid CGI ref %s in %s",tag_val= ,file); rputs(error, r); *************** *** 671,688 **** if(!(tag_val =3D get_tag(r->pool, in, tag, MAX_STRING_LEN, 0))) return 1; if(!strcmp(tag,"errmsg")) { ! parse_string(r, tag_val, parsed_string, MAX_STRING_LEN); strcpy(error,parsed_string); } else if(!strcmp(tag,"timefmt")) { time_t date =3D r->request_time; ! parse_string(r, tag_val, parsed_string, MAX_STRING_LEN); strcpy(tf,parsed_string); table_set (env, "DATE_LOCAL", ht_time(r->pool,date,tf,0)); table_set (env, "DATE_GMT", ht_time(r->pool,date,tf,1)); table_set (env, "LAST_MODIFIED", ht_time(r->pool,r->finfo.st= _mtime,tf,0)); } else if(!strcmp(tag,"sizefmt")) { ! parse_string(r, tag_val, parsed_string, MAX_STRING_LEN); decodehtml(parsed_string); if(!strcmp(parsed_string,"bytes")) *sizefmt =3D SIZEFMT_BYTES; --- 671,688 ---- if(!(tag_val =3D get_tag(r->pool, in, tag, MAX_STRING_LEN, 0))) return 1; if(!strcmp(tag,"errmsg")) { ! parse_string(r, tag_val, parsed_string, MAX_STRING_LEN, 0); strcpy(error,parsed_string); } else if(!strcmp(tag,"timefmt")) { time_t date =3D r->request_time; ! parse_string(r, tag_val, parsed_string, MAX_STRING_LEN, 0); strcpy(tf,parsed_string); table_set (env, "DATE_LOCAL", ht_time(r->pool,date,tf,0)); table_set (env, "DATE_GMT", ht_time(r->pool,date,tf,1)); table_set (env, "LAST_MODIFIED", ht_time(r->pool,r->finfo.st= _mtime,tf,0)); } else if(!strcmp(tag,"sizefmt")) { ! parse_string(r, tag_val, parsed_string, MAX_STRING_LEN, 0); decodehtml(parsed_string); if(!strcmp(parsed_string,"bytes")) *sizefmt =3D SIZEFMT_BYTES; *************** *** 758,764 **** else if(!strcmp(tag,"done")) return 0; else { ! parse_string(r, tag_val, parsed_string, MAX_STRING_LEN); if(!find_file(r,"fsize",tag,parsed_string,&finfo,error)) { if(sizefmt =3D=3D SIZEFMT_KMG) { send_size(finfo.st_size, r); --- 758,764 ---- else if(!strcmp(tag,"done")) return 0; else { ! parse_string(r, tag_val, parsed_string, MAX_STRING_LEN, 0); if(!find_file(r,"fsize",tag,parsed_string,&finfo,error)) { if(sizefmt =3D=3D SIZEFMT_KMG) { send_size(finfo.st_size, r); *************** *** 796,802 **** else if(!strcmp(tag,"done")) return 0; else { ! parse_string(r, tag_val, parsed_string, MAX_STRING_LEN); if(!find_file(r,"flastmod",tag,parsed_string,&finfo,error)) rputs(ht_time(r->pool, finfo.st_mtime, tf, 0), r); } --- 796,802 ---- else if(!strcmp(tag,"done")) return 0; else { ! parse_string(r, tag_val, parsed_string, MAX_STRING_LEN, 0); if(!find_file(r,"flastmod",tag,parsed_string,&finfo,error)) rputs(ht_time(r->pool, finfo.st_mtime, tf, 0), r); } *************** *** 1193,1199 **** #ifdef DEBUG_INCLUDE rputs(" Evaluate string\n", r); #endif ! parse_string(r, current->token.value, buffer, MAX_STRING_LEN= ); strncpy(current->token.value, buffer, MAX_STRING_LEN-1); current->value =3D (current->token.value[0] !=3D '\0'); current->done =3D 1; --- 1193,1199 ---- #ifdef DEBUG_INCLUDE rputs(" Evaluate string\n", r); #endif ! parse_string(r, current->token.value, buffer, MAX_STRING_LEN= , 0); strncpy(current->token.value, buffer, MAX_STRING_LEN-1); current->value =3D (current->token.value[0] !=3D '\0'); current->done =3D 1; *************** *** 1216,1222 **** switch(current->left->token.type) { case token_string: parse_string(r, current->left->token.value, ! buffer, MAX_STRING_LEN); strncpy(current->left->token.value, buffer, MAX_STRING_LEN-1); current->left->done =3D 1; --- 1216,1222 ---- switch(current->left->token.type) { case token_string: parse_string(r, current->left->token.value, ! buffer, MAX_STRING_LEN, 0); strncpy(current->left->token.value, buffer, MAX_STRING_LEN-1); current->left->done =3D 1; *************** *** 1230,1236 **** switch(current->right->token.type) { case token_string: parse_string(r, current->right->token.value, ! buffer, MAX_STRING_LEN); strncpy(current->right->token.value, buffer, MAX_STRING_LEN-1); current->right->done =3D 1; --- 1230,1236 ---- switch(current->right->token.type) { case token_string: parse_string(r, current->right->token.value, ! buffer, MAX_STRING_LEN, 0); strncpy(current->right->token.value, buffer, MAX_STRING_LEN-1); current->right->done =3D 1; *************** *** 1271,1279 **** rputs(error, r); goto RETURN; } ! parse_string(r, current->left->token.value, buffer, MAX_STRI= NG_LEN); strncpy(current->left->token.value, buffer, MAX_STRING_LEN-1= ); ! parse_string(r, current->right->token.value, buffer, MAX_STR= ING_LEN); strncpy(current->right->token.value, buffer, MAX_STRING_LEN-= 1); if (current->right->token.value[0] =3D=3D '/') { int len; --- 1271,1281 ---- rputs(error, r); goto RETURN; } ! parse_string(r, current->left->token.value, ! buffer, MAX_STRING_LEN, 0); strncpy(current->left->token.value, buffer, MAX_STRING_LEN-1= ); ! parse_string(r, current->right->token.value, ! buffer, MAX_STRING_LEN, 0); strncpy(current->right->token.value, buffer, MAX_STRING_LEN-= 1); if (current->right->token.value[0] =3D=3D '/') { int len; *************** *** 1500,1506 **** rputs(error, r); return -1; } = ! parse_string(r, tag_val, parsed_string, MAX_STRING_LEN); table_set (r->subprocess_env, var, parsed_string); } } --- 1502,1508 ---- rputs(error, r); return -1; } = ! parse_string(r, tag_val, parsed_string, MAX_STRING_LEN, 0); table_set (r->subprocess_env, var, parsed_string); } } ------- =_aaaaaaaaaa0 Content-Type: text/basic; charset="us-ascii" Content-ID: <20059.849941675.5@pooh.pageplus.com> Content-Description: patch4 Content-Transfer-Encoding: quoted-printable *** mod_include.c Fri Dec 6 23:28:59 1996 --- mod_include.c.4 Fri Dec 6 23:24:12 1996 *************** *** 765,775 **** } else { int l,x; ! #if defined(BSD) && BSD > 199305 sprintf(tag,"%qd",finfo.st_size); ! #else sprintf(tag,"%ld",finfo.st_size); ! #endif l =3D strlen(tag); /* grrr */ for(x=3D0;x 199305 sprintf(tag,"%qd",finfo.st_size); ! #else sprintf(tag,"%ld",finfo.st_size); ! #endif l =3D strlen(tag); /* grrr */ for(x=3D0;xserver, ! "unable to compile pattern %s [%s]", rexp, &err_string); return -1; } regex_error =3D regexec(&compiled, string, 0, (regmatch_t *)NULL, 0)= ; --- 813,819 ---- if (regex_error) { regerror(regex_error, &compiled, err_string, (size_t)MAX_STRING_= LEN); log_printf(r->server, ! "unable to compile pattern %s [%s]", rexp, err_string); return -1; } regex_error =3D regexec(&compiled, string, 0, (regmatch_t *)NULL, 0)= ; ------- =_aaaaaaaaaa0--