INN commit: branches/2.5 (3 files)

INN Commit rra at isc.org
Sat Aug 20 20:09:20 UTC 2011


    Date: Saturday, August 20, 2011 @ 13:09:20
  Author: iulius
Revision: 9354

strictly check the syntax of a token

* Check that the last argument to "ctlinnd addhist"
is either '' or a valid token;

* Use @000000000000000000000000000000000000@ when the token
is empty ('') for "ctlinnd addhist", or badly formatted for
any other function calling TextToToken();

* Fix the result of the hexadecimal conversion when a lowercase
character is used.  Transform it to an uppercase character.

* Reject invalid tokens containing '@' or lowercase characters.
(They were previously wrongly accepted.)


Previously:

% ctlinnd addhist '<pouet>' 1312575175 1312575175 1312575175 ''   
Ok
% grephistory -e '<pouet>'
@95A9ADC6403A29596359BECC38B651C17020@


% ctlinnd addhist '<pouet2>' 1312575175 1312575175 1312575175 '@aaaaaaaaaaaaaaaaaaaaa@'
Ok
% grephistory -e '<pouet2>'
@CACACACACACACACACACAA9BA95191402003F@


% ctlinnd addhist '<pouet3>' 1312575175 1312575175 1312575175 '@a'
Ok
% grephistory -e '<pouet3>'
@CAA95191C66E8A89FC1B8B495EFE9EE9301E@

Memory was not properly initialized.

Now, the first command uses @000000000000000000000000000000000000@
and the others are rejected, as invalid.

Modified:
  branches/2.5/contrib/respool.c
  branches/2.5/innd/cc.c
  branches/2.5/storage/interface.c

---------------------+
 contrib/respool.c   |    4 +++
 innd/cc.c           |    3 ++
 storage/interface.c |   65 ++++++++++++++++++++++++++++----------------------
 3 files changed, 44 insertions(+), 28 deletions(-)

Modified: contrib/respool.c
===================================================================
--- contrib/respool.c	2011-08-20 20:08:29 UTC (rev 9353)
+++ contrib/respool.c	2011-08-20 20:09:20 UTC (rev 9354)
@@ -39,6 +39,10 @@
 	tokenptr[len-1] = '\0';
     }
 
+    if (!IsToken(tokenptr)) {
+        fprintf(stderr, "%s: bad token format %s\n", ME, tokenptr);
+        return;
+    }
     token = TextToToken(tokenptr);
     if ((art = SMretrieve(token, RETR_ALL)) == NULL) return;
 

Modified: innd/cc.c
===================================================================
--- innd/cc.c	2011-08-20 20:08:29 UTC (rev 9353)
+++ innd/cc.c	2011-08-20 20:09:20 UTC (rev 9354)
@@ -259,6 +259,9 @@
 	return "1 Bad posted date";
     Data.Posted = atol(av[3]);
 
+    /* Allow empty tokens, but not badly formatted tokens. */
+    if (*av[4] != '\0' && !IsToken(av[4]))
+        return "1 Bad token";
     token = TextToToken(av[4]);
     if (Mode == OMrunning)
 	ok = InndHisWrite(msgid, Data.Arrived, Data.Posted,

Modified: storage/interface.c
===================================================================
--- storage/interface.c	2011-08-20 20:08:29 UTC (rev 9353)
+++ storage/interface.c	2011-08-20 20:09:20 UTC (rev 9354)
@@ -36,27 +36,32 @@
 bool			SMpreopen = false;
 
 /*
-** Checks to see if the token is valid
+** Checks to see if the token is valid.
 */
 bool IsToken(const char *text) {
     const char          *p;
-    
+
     if (!text)
 	return false;
-    
+
     if (strlen(text) != (sizeof(TOKEN) * 2) + 2)
 	return false;
-    
+
     if (text[0] != '@')
 	return false;
 
-    if (text[(sizeof(TOKEN) * 2) + 1] != '@')
+    /* Make sure the token ends with '@' and contains no other '@'
+     * besides its first and its last char. */
+    if (strchr(text + 1, '@') != text + (sizeof(TOKEN) * 2) + 1)
 	return false;
 
-    for (p = text + 1; *p != '@'; p++)
-	if (!isxdigit((unsigned char) *p))
-	    return false;
-    
+    for (p = text + 1; *p != '@'; p++) {
+        /* Accept only [0-9] and uppercase [A-F]. */
+	if (!isxdigit((unsigned char) *p)
+            || toupper((unsigned char) *p) != (unsigned char) *p)
+            return false;
+    }
+
     return true;
 }
 
@@ -73,7 +78,6 @@
     char                *q;
     size_t              i;
 
-    
     result[0] = '@';
     for (q = result + 1, p = (const char *) &token, i = 0; i < sizeof(TOKEN);
          i++, p++) {
@@ -83,19 +87,20 @@
     *q++ = '@';
     *q++ = '\0';
     return result;
-    
 }
 
 /*
-** Converts a hex digit and converts it to a int
+** Converts a hex digit to an int.
+** Uppercase the character to always obtain the right answer, though a lowercase
+** character should not be present in a token -- and is refused by IsToken().
 */
 static int hextodec(const int c) {
-    return isdigit((unsigned char) c) ? (c - '0') : ((c - 'A') + 10);
+    return isdigit((unsigned char) c) ? (c - '0') : ((toupper((unsigned char) c) - 'A') + 10);
 }
 
 /*
 ** Converts a textual representation of a token back to a native
-** representation
+** representation.
 */
 TOKEN TextToToken(const char *text) {
     const char          *p;
@@ -103,14 +108,18 @@
     int                 i;
     TOKEN               token;
 
-    if (text[0] == '@')
-	p = &text[1];
-    else
-	p = text;
+    /* Return an empty token (with only '0' chars) if the text is
+     * not a valid token. */
+    if (!IsToken(text)) {
+        memset(&token, 0, sizeof(TOKEN));
+    } else {
+        /* First char is a '@'. */
+        p = &text[1];
 
-    for (q = (char *)&token, i = 0; i != sizeof(TOKEN); i++) {
-	q[i] = (hextodec(*p) << 4) + hextodec(*(p + 1));
-	p += 2;
+        for (q = (char *)&token, i = 0; i != sizeof(TOKEN); i++) {
+            q[i] = (hextodec(*p) << 4) + hextodec(*(p + 1));
+            p += 2;
+        }
     }
     return token;
 }
@@ -291,7 +300,7 @@
 	return false;
     }
     free(path);
-    
+
     inbrace = 0;
     while ((tok = CONFgettoken(smtoks, f)) != NULL) {
 	if (!inbrace) {
@@ -431,7 +440,7 @@
 	    sub->next = NULL;
 	}
     }
-    
+
     CONFfclose(f);
 
     return true;
@@ -441,7 +450,7 @@
 ** setup storage api environment (open mode etc.)
 */
 bool SMsetup(SMSETUP type, void *value) {
-    if (Initialized)    
+    if (Initialized)
 	return false;
     switch (type) {
     case SM_RDWR:
@@ -468,9 +477,9 @@
 
     if (Initialized)
 	return true;
-    
+
     Initialized = true;
-    
+
     if (!SMreadconfig()) {
 	SMshutdown();
 	Initialized = false;
@@ -521,7 +530,7 @@
 	    return false;
 	}
     Initialized = true;
-    
+
     if (method_data[method].initialized == INIT_DONE)
 	return true;
 
@@ -829,7 +838,7 @@
 {
     if (SMerrorstr != NULL)
         free(SMerrorstr);
-    
+
     if (errornum == SMERR_UNDEFINED && errno == ENOENT)
 	errornum = SMERR_NOENT;
     SMerrno = errornum;




More information about the inn-committers mailing list