INN commit: branches/2.5 (3 files)
INN Commit
rra at isc.org
Sat Aug 20 20:09:20 UTC 2011
Date: Saturday, August 20, 2011 @ 13:09:20
Author: iulius
Revision: 9354
strictly check the syntax of a token
* Check that the last argument to "ctlinnd addhist"
is either '' or a valid token;
* Use @000000000000000000000000000000000000@ when the token
is empty ('') for "ctlinnd addhist", or badly formatted for
any other function calling TextToToken();
* Fix the result of the hexadecimal conversion when a lowercase
character is used. Transform it to an uppercase character.
* Reject invalid tokens containing '@' or lowercase characters.
(They were previously wrongly accepted.)
Previously:
% ctlinnd addhist '<pouet>' 1312575175 1312575175 1312575175 ''
Ok
% grephistory -e '<pouet>'
@95A9ADC6403A29596359BECC38B651C17020@
% ctlinnd addhist '<pouet2>' 1312575175 1312575175 1312575175 '@aaaaaaaaaaaaaaaaaaaaa@'
Ok
% grephistory -e '<pouet2>'
@CACACACACACACACACACAA9BA95191402003F@
% ctlinnd addhist '<pouet3>' 1312575175 1312575175 1312575175 '@a'
Ok
% grephistory -e '<pouet3>'
@CAA95191C66E8A89FC1B8B495EFE9EE9301E@
Memory was not properly initialized.
Now, the first command uses @000000000000000000000000000000000000@
and the others are rejected, as invalid.
Modified:
branches/2.5/contrib/respool.c
branches/2.5/innd/cc.c
branches/2.5/storage/interface.c
---------------------+
contrib/respool.c | 4 +++
innd/cc.c | 3 ++
storage/interface.c | 65 ++++++++++++++++++++++++++++----------------------
3 files changed, 44 insertions(+), 28 deletions(-)
Modified: contrib/respool.c
===================================================================
--- contrib/respool.c 2011-08-20 20:08:29 UTC (rev 9353)
+++ contrib/respool.c 2011-08-20 20:09:20 UTC (rev 9354)
@@ -39,6 +39,10 @@
tokenptr[len-1] = '\0';
}
+ if (!IsToken(tokenptr)) {
+ fprintf(stderr, "%s: bad token format %s\n", ME, tokenptr);
+ return;
+ }
token = TextToToken(tokenptr);
if ((art = SMretrieve(token, RETR_ALL)) == NULL) return;
Modified: innd/cc.c
===================================================================
--- innd/cc.c 2011-08-20 20:08:29 UTC (rev 9353)
+++ innd/cc.c 2011-08-20 20:09:20 UTC (rev 9354)
@@ -259,6 +259,9 @@
return "1 Bad posted date";
Data.Posted = atol(av[3]);
+ /* Allow empty tokens, but not badly formatted tokens. */
+ if (*av[4] != '\0' && !IsToken(av[4]))
+ return "1 Bad token";
token = TextToToken(av[4]);
if (Mode == OMrunning)
ok = InndHisWrite(msgid, Data.Arrived, Data.Posted,
Modified: storage/interface.c
===================================================================
--- storage/interface.c 2011-08-20 20:08:29 UTC (rev 9353)
+++ storage/interface.c 2011-08-20 20:09:20 UTC (rev 9354)
@@ -36,27 +36,32 @@
bool SMpreopen = false;
/*
-** Checks to see if the token is valid
+** Checks to see if the token is valid.
*/
bool IsToken(const char *text) {
const char *p;
-
+
if (!text)
return false;
-
+
if (strlen(text) != (sizeof(TOKEN) * 2) + 2)
return false;
-
+
if (text[0] != '@')
return false;
- if (text[(sizeof(TOKEN) * 2) + 1] != '@')
+ /* Make sure the token ends with '@' and contains no other '@'
+ * besides its first and its last char. */
+ if (strchr(text + 1, '@') != text + (sizeof(TOKEN) * 2) + 1)
return false;
- for (p = text + 1; *p != '@'; p++)
- if (!isxdigit((unsigned char) *p))
- return false;
-
+ for (p = text + 1; *p != '@'; p++) {
+ /* Accept only [0-9] and uppercase [A-F]. */
+ if (!isxdigit((unsigned char) *p)
+ || toupper((unsigned char) *p) != (unsigned char) *p)
+ return false;
+ }
+
return true;
}
@@ -73,7 +78,6 @@
char *q;
size_t i;
-
result[0] = '@';
for (q = result + 1, p = (const char *) &token, i = 0; i < sizeof(TOKEN);
i++, p++) {
@@ -83,19 +87,20 @@
*q++ = '@';
*q++ = '\0';
return result;
-
}
/*
-** Converts a hex digit and converts it to a int
+** Converts a hex digit to an int.
+** Uppercase the character to always obtain the right answer, though a lowercase
+** character should not be present in a token -- and is refused by IsToken().
*/
static int hextodec(const int c) {
- return isdigit((unsigned char) c) ? (c - '0') : ((c - 'A') + 10);
+ return isdigit((unsigned char) c) ? (c - '0') : ((toupper((unsigned char) c) - 'A') + 10);
}
/*
** Converts a textual representation of a token back to a native
-** representation
+** representation.
*/
TOKEN TextToToken(const char *text) {
const char *p;
@@ -103,14 +108,18 @@
int i;
TOKEN token;
- if (text[0] == '@')
- p = &text[1];
- else
- p = text;
+ /* Return an empty token (with only '0' chars) if the text is
+ * not a valid token. */
+ if (!IsToken(text)) {
+ memset(&token, 0, sizeof(TOKEN));
+ } else {
+ /* First char is a '@'. */
+ p = &text[1];
- for (q = (char *)&token, i = 0; i != sizeof(TOKEN); i++) {
- q[i] = (hextodec(*p) << 4) + hextodec(*(p + 1));
- p += 2;
+ for (q = (char *)&token, i = 0; i != sizeof(TOKEN); i++) {
+ q[i] = (hextodec(*p) << 4) + hextodec(*(p + 1));
+ p += 2;
+ }
}
return token;
}
@@ -291,7 +300,7 @@
return false;
}
free(path);
-
+
inbrace = 0;
while ((tok = CONFgettoken(smtoks, f)) != NULL) {
if (!inbrace) {
@@ -431,7 +440,7 @@
sub->next = NULL;
}
}
-
+
CONFfclose(f);
return true;
@@ -441,7 +450,7 @@
** setup storage api environment (open mode etc.)
*/
bool SMsetup(SMSETUP type, void *value) {
- if (Initialized)
+ if (Initialized)
return false;
switch (type) {
case SM_RDWR:
@@ -468,9 +477,9 @@
if (Initialized)
return true;
-
+
Initialized = true;
-
+
if (!SMreadconfig()) {
SMshutdown();
Initialized = false;
@@ -521,7 +530,7 @@
return false;
}
Initialized = true;
-
+
if (method_data[method].initialized == INIT_DONE)
return true;
@@ -829,7 +838,7 @@
{
if (SMerrorstr != NULL)
free(SMerrorstr);
-
+
if (errornum == SMERR_UNDEFINED && errno == ENOENT)
errornum = SMERR_NOENT;
SMerrno = errornum;
More information about the inn-committers
mailing list