INN commit: trunk (5 files)
INN Commit
Russ_Allbery at isc.org
Sat Sep 6 13:15:48 UTC 2008
Date: Saturday, September 6, 2008 @ 06:15:47
Author: iulius
Revision: 8007
Add a (very basic) check of the requested header name.
Added:
trunk/lib/headers.c
Modified:
trunk/MANIFEST
trunk/include/inn/libinn.h
trunk/lib/Makefile
trunk/nnrpd/article.c
----------------------+
MANIFEST | 1 +
include/inn/libinn.h | 1 +
lib/Makefile | 5 ++++-
lib/headers.c | 42 ++++++++++++++++++++++++++++++++++++++++++
nnrpd/article.c | 25 +++++++++++++++----------
5 files changed, 63 insertions(+), 11 deletions(-)
Modified: MANIFEST
===================================================================
--- MANIFEST 2008-09-06 11:16:27 UTC (rev 8006)
+++ MANIFEST 2008-09-06 13:15:47 UTC (rev 8007)
@@ -500,6 +500,7 @@
lib/getpagesize.c getpagesize replacement
lib/hash.c Create hash from a message-ID
lib/hashtab.c Generic hash table
+lib/headers.c Functions for headers
lib/hex.c Convert to and from hex strings
lib/hstrerror.c Error reporting for resolver
lib/inet_aton.c inet_aton replacement
Modified: include/inn/libinn.h
===================================================================
--- include/inn/libinn.h 2008-09-06 11:16:27 UTC (rev 8006)
+++ include/inn/libinn.h 2008-09-06 13:15:47 UTC (rev 8007)
@@ -146,6 +146,7 @@
/* Headers. */
extern char * GenerateMessageID(char *domain);
extern bool IsValidMessageID(const char *string);
+extern bool IsValidHeaderName(const char *string);
extern void HeaderCleanFrom(char *from);
extern struct _DDHANDLE * DDstart(FILE *FromServer, FILE *ToServer);
extern void DDcheck(struct _DDHANDLE *h, char *group);
Modified: lib/Makefile
===================================================================
--- lib/Makefile 2008-09-06 11:16:27 UTC (rev 8006)
+++ lib/Makefile 2008-09-06 13:15:47 UTC (rev 8007)
@@ -9,7 +9,7 @@
SOURCES = buffer.c cleanfrom.c clientactive.c clientlib.c concat.c \
conffile.c confparse.c daemonize.c date.c dbz.c defdist.c \
dispatch.c fdflags.c fdlimit.c getfqdn.c \
- getmodaddr.c hash.c hashtab.c hex.c innconf.c inndcomm.c \
+ getmodaddr.c hash.c hashtab.c headers.c hex.c innconf.c inndcomm.c \
list.c localopen.c lockfile.c makedir.c md5.c messageid.c messages.c \
mmap.c network.c newsuser.c nntp.c qio.c radix32.c \
readin.c remopen.c \
@@ -161,6 +161,9 @@
../include/inn/system.h ../include/inn/options.h ../include/clibrary.h \
../include/config.h ../include/inn/hashtab.h ../include/inn/defines.h \
../include/inn/libinn.h
+headers.o: headers.c ../include/config.h ../include/inn/defines.h \
+ ../include/inn/system.h ../include/inn/options.h ../include/clibrary.h \
+ ../include/config.h ../include/inn/libinn.h ../include/inn/defines.h
hex.o: hex.c ../include/config.h ../include/inn/defines.h \
../include/inn/system.h ../include/inn/options.h ../include/clibrary.h \
../include/config.h ../include/inn/utility.h ../include/inn/defines.h
Added: lib/headers.c
===================================================================
--- lib/headers.c (rev 0)
+++ lib/headers.c 2008-09-06 13:15:47 UTC (rev 8007)
@@ -0,0 +1,42 @@
+/* $Id$
+**
+** Routines for headers: manipulation and checks.
+*/
+
+#include "config.h"
+#include "clibrary.h"
+#include <ctype.h>
+
+#include "inn/libinn.h"
+
+
+/*
+** We currently only check the requirements for RFC 3977:
+**
+** o The name [of a header] consists of one or more printable
+** US-ASCII characters other than colon.
+*/
+bool
+IsValidHeaderName(const char *string)
+{
+ const unsigned char *p;
+
+ /* Not NULL. */
+ if (string == NULL)
+ return false;
+
+ p = (const unsigned char *) string;
+
+ /* Not empty. */
+ if (*p == '\0')
+ return false;
+
+ for (; *p != '\0'; p++) {
+ /* Contains only printable US-ASCII characters other
+ * than colon. */
+ if (!CTYPE(isgraph, *p) || *p == ':')
+ return false;
+ }
+
+ return true;
+}
Property changes on: trunk/lib/headers.c
___________________________________________________________________
Added: svn:keywords
+ Author Date Id Revision
Added: svn:eol-style
+ native
Modified: nnrpd/article.c
===================================================================
--- nnrpd/article.c 2008-09-06 11:16:27 UTC (rev 8006)
+++ nnrpd/article.c 2008-09-06 13:15:47 UTC (rev 8007)
@@ -1091,16 +1091,10 @@
/* Check the syntax of the arguments first. */
if (ac > 2 && !mid && !CMDisrange(av[2])) {
- Reply("%d Syntax error in arguments\r\n", NNTP_ERR_SYNTAX);
+ Reply("%d Syntax error in the second argument\r\n", NNTP_ERR_SYNTAX);
return;
}
- /* Check authorizations. */
- if (!PERMcanread) {
- Reply("%d Read access denied\r\n", NNTP_ERR_ACCESS);
- return;
- }
-
header = av[1];
/* If metadata is asked for, convert it to headers that
@@ -1117,9 +1111,20 @@
header = xstrdup("Lines");
/* We only allow :bytes and :lines for metadata. */
- if ((strncasecmp(header, ":", 1) == 0) && !IsMetaLines && !IsMetaBytes) {
- Reply("%d %s metadata request unsupported\r\n",
- NNTP_ERR_UNAVAILABLE, header);
+ if (!IsMetaLines && !IsMetaBytes) {
+ if (strncasecmp(header, ":", 1) == 0) {
+ Reply("%d Unsupported metadata request\r\n",
+ NNTP_ERR_UNAVAILABLE, header);
+ return;
+ } else if (!IsValidHeaderName(header)) {
+ Reply("%d Syntax error in the first argument\r\n", NNTP_ERR_SYNTAX);
+ return;
+ }
+ }
+
+ /* Check authorizations. */
+ if (!PERMcanread) {
+ Reply("%d Read access denied\r\n", NNTP_ERR_ACCESS);
return;
}
More information about the inn-committers
mailing list