httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dean Gaudet <dgau...@arctic.org>
Subject [PATCH] mod_mime_magic small bug fixes
Date Fri, 19 Dec 1997 08:48:35 GMT
- fix an off-by-1 on read() which I think I introduced in an
    earlier cleanup

- fix case where m->desc[] may be left unterminated

- note some code which is not multithread safe

Dean

Index: modules/standard/mod_mime_magic.c
===================================================================
RCS file: /export/home/cvs/apachen/src/modules/standard/mod_mime_magic.c,v
retrieving revision 1.20
diff -u -r1.20 mod_mime_magic.c
--- mod_mime_magic.c	1997/11/16 01:52:23	1.20
+++ mod_mime_magic.c	1997/12/19 08:40:52
@@ -881,7 +881,7 @@
     /*
      * try looking at the first HOWMANY bytes
      */
-    if ((nbytes = read(fd, (char *) buf, sizeof(buf))) == -1) {
+    if ((nbytes = read(fd, (char *) buf, sizeof(buf) - 1)) == -1) {
 	aplog_error(APLOG_MARK, APLOG_ERR, r->server,
 		    MODNAME ": read failed: %s", r->filename);
 	return HTTP_INTERNAL_SERVER_ERROR;
@@ -1086,7 +1086,6 @@
  */
 static int parse(server_rec *serv, pool *p, char *l, int lineno)
 {
-    int i = 0;
     struct magic *m;
     char *t, *s;
     magic_server_config_rec *conf = (magic_server_config_rec *)
@@ -1297,14 +1296,13 @@
     }
     else
 	m->nospflag = 0;
-    while ((m->desc[i++] = *l++) != '\0' && i < MAXDESC)
-	/* NULLBODY */ ;
+    strncpy(m->desc, l, sizeof(m->desc) - 1);
+    m->desc[sizeof(m->desc) - 1] = '\0';
 
 #if MIME_MAGIC_DEBUG
     aplog_error(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, serv,
 		MODNAME ": parse line=%d m=%x next=%x cont=%d desc=%s",
-		lineno, m, m->next, m->cont_level,
-		m->desc ? m->desc : "NULL");
+		lineno, m, m->next, m->cont_level, m->desc);
 #endif /* MIME_MAGIC_DEBUG */
 
     return 0;
@@ -1650,7 +1648,7 @@
 			MODNAME ": line=%d mc=%x mc->next=%x cont=%d desc=%s",
 			    m_cont->lineno, m_cont,
 			    m_cont->next, m_cont->cont_level,
-			    m_cont->desc ? m_cont->desc : "NULL");
+			    m_cont->desc);
 #endif
 		/*
 		 * this trick allows us to keep *m in sync when the continue
@@ -1779,6 +1777,7 @@
     case DATE:
     case BEDATE:
     case LEDATE:
+	/* XXX: not multithread safe */
 	pp = ctime((time_t *) & p->l);
 	if ((rt = strchr(pp, '\n')) != NULL)
 	    *rt = '\0';
@@ -1842,10 +1841,10 @@
 		struct magic *m, int nbytes)
 {
     long offset = m->offset;
+
     if (offset + sizeof(union VALUETYPE) > nbytes)
 	          return 0;
 
-
     memcpy(p, s + offset, sizeof(union VALUETYPE));
 
     if (!mconvert(r, p, m))
@@ -2066,6 +2065,7 @@
     s = (unsigned char *) memcpy(nbuf, buf, small_nbytes);
     s[small_nbytes] = '\0';
     has_escapes = (memchr(s, '\033', small_nbytes) != NULL);
+    /* XXX: not multithread safe */
     while ((token = strtok((char *) s, " \t\n\r\f")) != NULL) {
 	s = NULL;		/* make strtok() keep on tokin' */
 	for (p = names; p < names + NNAMES; p++) {


Mime
View raw message