Return-Path: <new-httpd-owner-new-httpd-archive=hyperreal.org@apache.org>
Delivered-To: new-httpd-archive@hyperreal.org
Received: (qmail 18438 invoked by uid 6000); 7 Jul 1998 16:22:02 -0000
Received: (qmail 18389 invoked from network); 7 Jul 1998 16:22:00 -0000
Received: from valis.worldgate.com (marcs@198.161.84.2)
  by taz.hyperreal.org with SMTP; 7 Jul 1998 16:22:00 -0000
Received: from localhost (marcs@localhost)
	by valis.worldgate.com (8.8.7/8.8.7) with SMTP id KAA03649
	for <new-httpd@apache.org>; Tue, 7 Jul 1998 10:21:59 -0600 (MDT)
Date: Tue, 7 Jul 1998 10:21:58 -0600 (MDT)
From: Marc Slemko <marcs@worldgate.com>
To: new-httpd@apache.org
Subject: Re: cvs commit: apache-1.3/src/modules/standard mod_autoindex.c
In-Reply-To: <35A1EFF3.E9B83CB7@Golux.Com>
Message-ID: <Pine.BSF.3.95q.980707102044.17225F-100000@valis.worldgate.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: new-httpd-owner@apache.org
Precedence: bulk
Reply-To: new-httpd@apache.org

On Tue, 7 Jul 1998, Rodent of Unusual Size wrote:

> dgaudet@hyperreal.org wrote:
> > 
> > dgaudet     98/07/06 21:54:05
> > 
> >   Modified:    src/modules/standard mod_autoindex.c
> >   Log:
> >   - remove unnecessary complexity and verbiage (backport dsortf from apache-nspr)
> 	:
> >   -    if (!result) {
> >   -     result = strcmp((*e1)->name, (*e2)->name);
> >   +        result = strcmp(c1->desc ? c1->desc : "", c2->desc ? c2->desc : "");
> >   +        if (result) {
> >   +            return result;
> >   +        }
> >   +        break;
> 
> You know, I don't object to improving performance, but I do rather
> object to easy-to-read commented code being replaced with uncommented
> harder-to-read stuff.

Same here:

Index: suexec.c
===================================================================
RCS file: /export/home/cvs/apache-1.3/src/support/suexec.c,v
retrieving revision 1.39
retrieving revision 1.41
diff -u -r1.39 -r1.41
--- suexec.c	1998/06/18 19:06:56	1.39
+++ suexec.c	1998/07/01 10:34:20	1.41
@@ -258,7 +259,40 @@
      */
     prog = argv[0];
     if (argc < 4) {
-	log_err("too few arguments\n");
+        char msgbuf[2048];
+	int i;
+	int clen;
+	static char *omsg = " {buffer overflow}";
+	int olen = strlen(omsg);
+
+	ap_snprintf(msgbuf, sizeof(msgbuf), "too few (%d) arguments:", argc);
+	clen = strlen(msgbuf);
+	for (i = 0; i < argc; i++) {
+	    int alen = strlen(argv[i]) + 4;
+	    int rlen = sizeof(msgbuf) - clen - 1;
+	    int oflow = (alen > rlen);
+
+	    alen = oflow ? rlen : alen;
+	    if (rlen > 1) {
+	        msgbuf[clen++] = ' ';
+		alen--;
+	    }
+	    if (rlen > 2) {
+	        msgbuf[clen++] = '[';
+		alen--;
+	    }
+	    ap_cpystrn(&msgbuf[clen], argv[i], alen);
+	    if (oflow) {
+	        ap_cpystrn(&msgbuf[sizeof(msgbuf) - olen - 1], omsg, olen + 1);
+		break;
+	    }
+	    else {
+	        clen += alen - 2;
+		msgbuf[clen++] = ']';
+		msgbuf[clen] = '\0';
+	    }
+	}
+	log_err("%s\n", msgbuf);
 	exit(101);
     }
     target_uname = argv[1];

I sure as hell can't figure out if that is safe at a glance, so it sure
isn't code I want in my suexec...