httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rodent of Unusual Size <Ken.C...@Golux.Com>
Subject [PATCH] Fixing ap_escape_quotes
Date Fri, 19 Jun 1998 03:46:52 GMT
I'd like to get the attached patch (or a version of it) into 1.3.1.
The main thing it does is make libap httpd-neutral again, so other
things (like stuff in src/support) can use libap routines without
dragging in a lot of httpd-specific crud.  I'd just commit this,
but it changes MMN because it alters the ap_escape_quotes()
semantics.

It speeds ap_escape_quotes() up by a factor of about two, at
the cost of some memory.  In this case, 8K on the stack when
an AuthName directive is being processed.

Since 1.3.1 is supposed to go out to-morrow (19 June) according
to STATUS, I can see this not going in.  Dean will probably
spot either some errors or some massive improvements.  I leave
it up to the RM, Jim, whether this should go in.

#ken	P-)}

Ken Coar                    <http://Web.Golux.Com/coar/>
Apache Group member         <http://www.apache.org/>
"Apache Server for Dummies" <http://Web.Golux.Com/coar/ASFD/>

Index: ap/ap_strings.c
===================================================================
RCS file: /export/home/cvs/apache-1.3/src/ap/ap_strings.c,v
retrieving revision 1.5
diff -u -r1.5 ap_strings.c
--- ap_strings.c        1998/04/11 12:00:17     1.5
+++ ap_strings.c        1998/06/19 03:35:00
@@ -58,51 +58,60 @@
 #include "httpd.h"
 
 /*
- * Given a string, replace any bare " with \" .
+ * Given a string, replace any bare " with \" .  If the result is longer than
+ * the output buffer, return NULL, otherwise the pointer to the output
string.
+ * The size is that of the complete buffer, including the byte for the
+ * terminal '\0'.
  */
-API_EXPORT(char *) ap_escape_quotes (pool *p, const char *instring)
+API_EXPORT(char *) ap_escape_quotes (char *dst, const char *src, size_t
dsize)
 {
     int newlen = 0;
-    const char *inchr = instring;
-    char *outchr, *outstring;
+    const char *inchr = src;
+    char *outchr = dst;
 
     /*
      * Look through the input string, jogging the length of the output
      * string up by an extra byte each time we find an unescaped ".
      */
-    while (*inchr != '\0') {
-       newlen++;
+    for (;;) {
+       /*
+        * See if it's an unescaped quote.
+        */
         if (*inchr == '"') {
-           newlen++;
+           if ((newlen + 2) > (dsize - 1)) {
+               return NULL;
+           }
+           *outchr++ = '\\';
+           *outchr++ = *inchr++;
+           newlen += 2;
        }
        /*
         * If we find a slosh, and it's not the last byte in the string,
         * it's escaping something - advance past both bytes.
         */
-       if ((*inchr == '\\') && (inchr[1] != '\0')) {
-           inchr++;
-       }
-       inchr++;
-    }
-    outstring = ap_palloc(p, newlen + 1);
-    inchr = instring;
-    outchr = outstring;
-    /*
-     * Now copy the input string to the output string, inserting a slosh
-     * in front of every " that doesn't already have one.
-     */
-    while (*inchr != '\0') {
-       if ((*inchr == '\\') && (inchr[1] != '\0')) {
+       else if ((*inchr == '\\') && (inchr[1] != '\0')) {
+           if ((newlen + 2) > (dsize - 1)) {
+               return NULL;
+           }
            *outchr++ = *inchr++;
            *outchr++ = *inchr++;
+           newlen += 2;
        }
-       if (*inchr == '"') {
-           *outchr++ = '\\';
+       else if (*inchr == '\0') {
+           break;
        }
-       if (*inchr != '\0') {
+       else {
+           if ((newlen + 1) > (dsize - 1)) {
+               return NULL;
+           }
            *outchr++ = *inchr++;
+           newlen++;
        }
     }
-    *outchr = '\0';
-    return outstring;
+    /*
+     * Put the final character (the terminal '\0') into the output string
+     * and return it.
+     */
+    *outchr = *inchr;
+    return dst;
 }
Index: include/ap.h
===================================================================
RCS file: /export/home/cvs/apache-1.3/src/include/ap.h,v
retrieving revision 1.16
diff -u -r1.16 ap.h
--- ap.h        1998/05/11 20:42:35     1.16
+++ ap.h        1998/06/19 03:35:00
@@ -67,7 +67,7 @@
 
 API_EXPORT(char *) ap_cpystrn(char *, const char *, size_t);
 int ap_slack(int, int);
-API_EXPORT(char *) ap_escape_quotes(pool *, const char *);
+API_EXPORT(char *) ap_escape_quotes(char *dst, const char *src, size_t
dsize);
 API_EXPORT(int) ap_snprintf(char *, size_t, const char *, ...);
 API_EXPORT(int) ap_vsnprintf(char *, size_t, const char *, va_list ap);
 int ap_execle(const char *, const char *, ...);
Index: include/http_config.h
===================================================================
RCS file: /export/home/cvs/apache-1.3/src/include/http_config.h,v
retrieving revision 1.87
diff -u -r1.87 http_config.h
--- http_config.h       1998/05/27 14:01:31     1.87
+++ http_config.h       1998/06/19 03:35:00
@@ -275,7 +275,7 @@
  * handle it back-compatibly, or at least signal an error).
  */
 
-#define MODULE_MAGIC_NUMBER 19980527
+#define MODULE_MAGIC_NUMBER 19980618
 #define STANDARD_MODULE_STUFF MODULE_MAGIC_NUMBER, -1, __FILE__, NULL, NULL
 
 /* Generic accessors for other modules to get at their own module-specific
Index: include/httpd.h
===================================================================
RCS file: /export/home/cvs/apache-1.3/src/include/httpd.h,v
retrieving revision 1.224
diff -u -r1.224 httpd.h
--- httpd.h     1998/06/13 15:22:49     1.224
+++ httpd.h     1998/06/19 03:35:02
@@ -901,8 +901,6 @@
 API_EXPORT(int) ap_ind(const char *, char);    /* Sigh... */
 API_EXPORT(int) ap_rind(const char *, char);
 
-API_EXPORT(char *) ap_escape_quotes (pool *p, const char *instring);
-
 /* Common structure for reading of config files / passwd files etc. */
 typedef struct {
     int (*getch) (void *param);        /* a getc()-like function */
Index: main/http_core.c
===================================================================
RCS file: /export/home/cvs/apache-1.3/src/main/http_core.c,v
retrieving revision 1.204
diff -u -r1.204 http_core.c
--- http_core.c 1998/06/16 03:37:28     1.204
+++ http_core.c 1998/06/19 03:35:07
@@ -1909,8 +1909,12 @@
 static const char *set_authname(cmd_parms *cmd, void *mconfig, char *word1)
 {
     core_dir_config *aconfig = (core_dir_config *)mconfig;
+    char qescaped[MAX_STRING_LEN];
 
-    aconfig->ap_auth_name = ap_escape_quotes(cmd->pool, word1);
+    if (ap_escape_quotes(qescaped, word1, sizeof(qescaped)) == NULL) {
+        return "AuthName value too long (more than MAX_STRING_LEN bytes)";
+    }
+    aconfig->ap_auth_name = ap_pstrdup(cmd->pool, qescaped);
     return NULL;
 }

Mime
View raw message