diff --git a/src/configfile.c b/src/configfile.c index 354ed9d1..29d967b4 100644 --- a/src/configfile.c +++ b/src/configfile.c @@ -2005,7 +2005,7 @@ int config_parse_file(server *srv, config_t *context, const char *fn) { filename = buffer_init_string(fn); } else { filename = buffer_init_buffer(context->basedir); - buffer_append_string(filename, fn); + buffer_append_path_len(filename, fn, strlen(fn)); } switch (glob(filename->ptr, flags, NULL, &gl)) { @@ -2257,14 +2257,17 @@ int config_set_defaults(server *srv) { buffer_clear(b); if (!buffer_string_is_empty(srv->srvconf.changeroot)) { buffer_copy_buffer(b, srv->srvconf.changeroot); - buffer_append_slash(b); } len = buffer_string_length(b); for (i = 0; i < srv->srvconf.upload_tempdirs->used; ++i) { const data_string * const ds = (data_string *)srv->srvconf.upload_tempdirs->data[i]; - buffer_string_set_length(b, len); /*(truncate)*/ - buffer_append_string_buffer(b, &ds->value); + if (len) { + buffer_string_set_length(b, len); /*(truncate)*/ + buffer_append_path_len(b, CONST_BUF_LEN(&ds->value)); + } else { + buffer_copy_buffer(b, &ds->value); + } if (-1 == stat(b->ptr, &st1)) { log_error(srv->errh, __FILE__, __LINE__, "server.upload-dirs doesn't exist: %s", b->ptr); diff --git a/src/gw_backend.c b/src/gw_backend.c index 9c03dc4d..622b1250 100644 --- a/src/gw_backend.c +++ b/src/gw_backend.c @@ -2183,7 +2183,8 @@ static handler_t gw_recv_response(gw_handler_ctx * const hctx, request_st * cons buffer_copy_buffer(&r->physical.basedir, host->docroot); buffer_copy_buffer(&r->physical.path, host->docroot); - buffer_append_string_buffer(&r->physical.path, &r->uri.path); + buffer_append_path_len(&r->physical.path, + CONST_BUF_LEN(&r->uri.path)); physpath = r->physical.path.ptr; } diff --git a/src/http-header-glue.c b/src/http-header-glue.c index 64d5933f..7a3bba78 100644 --- a/src/http-header-glue.c +++ b/src/http-header-glue.c @@ -1654,7 +1654,7 @@ int http_cgi_headers (request_st * const r, http_cgi_opts * const opts, http_cgi } else { buffer_copy_buffer(tb, &r->physical.basedir); } - buffer_append_string_buffer(tb, &r->pathinfo); + buffer_append_path_len(tb, CONST_BUF_LEN(&r->pathinfo)); rc |= cb(vdata, CONST_STR_LEN("PATH_TRANSLATED"), CONST_BUF_LEN(tb)); } @@ -1670,7 +1670,7 @@ int http_cgi_headers (request_st * const r, http_cgi_opts * const opts, http_cgi if (!buffer_string_is_empty(opts->docroot)) { /* alternate docroot, e.g. for remote FastCGI or SCGI server */ buffer_copy_buffer(tb, opts->docroot); - buffer_append_string_buffer(tb, &r->uri.path); + buffer_append_path_len(tb, CONST_BUF_LEN(&r->uri.path)); rc |= cb(vdata, CONST_STR_LEN("SCRIPT_FILENAME"), CONST_BUF_LEN(tb)); rc |= cb(vdata, CONST_STR_LEN("DOCUMENT_ROOT"), @@ -1683,7 +1683,7 @@ int http_cgi_headers (request_st * const r, http_cgi_opts * const opts, http_cgi * see src/sapi/cgi_main.c, init_request_info() */ buffer_copy_buffer(tb, &r->physical.path); - buffer_append_string_buffer(tb, &r->pathinfo); + buffer_append_path_len(tb, CONST_BUF_LEN(&r->pathinfo)); rc |= cb(vdata, CONST_STR_LEN("SCRIPT_FILENAME"), CONST_BUF_LEN(tb)); } else { diff --git a/src/mod_cml_lua.c b/src/mod_cml_lua.c index af525928..6755eac3 100644 --- a/src/mod_cml_lua.c +++ b/src/mod_cml_lua.c @@ -220,16 +220,17 @@ int cache_parse_lua(request_st * const r, plugin_data * const p, const buffer * /* key' is at index -2 and value' at index -1 */ if (lua_isstring(L, -1)) { - const char *s = lua_tostring(L, -1); + size_t slen; + const char * const s = lua_tolstring(L, -1, &slen); struct stat st; int fd; /* the file is relative, make it absolute */ if (s[0] != '/') { buffer_copy_buffer(b, &p->basedir); - buffer_append_string(b, lua_tostring(L, -1)); + buffer_append_path_len(b, s, (uint32_t)slen); } else { - buffer_copy_string(b, lua_tostring(L, -1)); + buffer_copy_string_len(b, s, (uint32_t)slen); } fd = stat_cache_open_rdonly_fstat(b, &st, r->conf.follow_symlink); @@ -302,7 +303,7 @@ int cache_parse_lua(request_st * const r, plugin_data * const p, const buffer * buffer_append_string_buffer(&r->uri.path, &p->trigger_handler); buffer_copy_buffer(&r->physical.path, &p->basedir); - buffer_append_string_buffer(&r->physical.path, &p->trigger_handler); + buffer_append_path_len(&r->physical.path, CONST_BUF_LEN(&p->trigger_handler)); chunkqueue_reset(&r->write_queue); } diff --git a/src/mod_gnutls.c b/src/mod_gnutls.c index a424e094..4f2f00ba 100644 --- a/src/mod_gnutls.c +++ b/src/mod_gnutls.c @@ -1198,8 +1198,6 @@ mod_gnutls_acme_tls_1 (handler_ctx *hctx) /* check if acme-tls/1 protocol is enabled (path to dir of cert(s) is set)*/ if (buffer_string_is_empty(hctx->conf.ssl_acme_tls_1)) return 0; /*(should not happen)*/ - buffer_copy_buffer(b, hctx->conf.ssl_acme_tls_1); - buffer_append_slash(b); /* check if SNI set server name (required for acme-tls/1 protocol) * and perform simple path checks for no '/' @@ -1211,7 +1209,8 @@ mod_gnutls_acme_tls_1 (handler_ctx *hctx) if (0 != http_request_host_policy(name, hctx->r->conf.http_parseopts, 443)) return rc; #endif - buffer_append_string_buffer(b, name); + buffer_copy_buffer(b, hctx->conf.ssl_acme_tls_1); + buffer_append_path_len(b, CONST_BUF_LEN(name)); #if 0 diff --git a/src/mod_indexfile.c b/src/mod_indexfile.c index e258b6ad..97d7de30 100644 --- a/src/mod_indexfile.c +++ b/src/mod_indexfile.c @@ -111,7 +111,7 @@ URIHANDLER_FUNC(mod_indexfile_subrequest) { } else { buffer_copy_buffer(b, &r->physical.path); } - buffer_append_string_buffer(b, &ds->value); + buffer_append_path_len(b, CONST_BUF_LEN(&ds->value)); if (NULL == stat_cache_path_stat(b)) { if (errno == EACCES) { diff --git a/src/mod_mbedtls.c b/src/mod_mbedtls.c index c322a25a..7673449e 100644 --- a/src/mod_mbedtls.c +++ b/src/mod_mbedtls.c @@ -882,8 +882,6 @@ mod_mbedtls_acme_tls_1 (handler_ctx *hctx) /* check if acme-tls/1 protocol is enabled (path to dir of cert(s) is set)*/ if (buffer_string_is_empty(hctx->conf.ssl_acme_tls_1)) return 0; /*(should not happen)*/ - buffer_copy_buffer(b, hctx->conf.ssl_acme_tls_1); - buffer_append_slash(b); /* check if SNI set server name (required for acme-tls/1 protocol) * and perform simple path checks for no '/' @@ -895,7 +893,8 @@ mod_mbedtls_acme_tls_1 (handler_ctx *hctx) if (0 != http_request_host_policy(name,hctx->r->conf.http_parseopts,443)) return rc; #endif - buffer_append_string_buffer(b, name); + buffer_copy_buffer(b, hctx->conf.ssl_acme_tls_1); + buffer_append_path_len(b, CONST_BUF_LEN(name)); len = buffer_string_length(b); do { diff --git a/src/mod_nss.c b/src/mod_nss.c index a01a5381..42de1f22 100644 --- a/src/mod_nss.c +++ b/src/mod_nss.c @@ -1190,8 +1190,6 @@ mod_nss_acme_tls_1 (handler_ctx *hctx) /* check if acme-tls/1 protocol is enabled (path to dir of cert(s) is set)*/ if (buffer_string_is_empty(hctx->conf.ssl_acme_tls_1)) return SECFailure; /*(should not happen)*/ - buffer_copy_buffer(b, hctx->conf.ssl_acme_tls_1); - buffer_append_slash(b); /* check if SNI set server name (required for acme-tls/1 protocol) * and perform simple path checks for no '/' @@ -1203,7 +1201,8 @@ mod_nss_acme_tls_1 (handler_ctx *hctx) if (0 != http_request_host_policy(name, hctx->r->conf.http_parseopts, 443)) return SECFailure; #endif - buffer_append_string_buffer(b, name); + buffer_copy_buffer(b, hctx->conf.ssl_acme_tls_1); + buffer_append_path_len(b, CONST_BUF_LEN(name)); /* cert and key load is similar to network_nss_load_pemfile() */ diff --git a/src/mod_openssl.c b/src/mod_openssl.c index ebdbd299..d2001cc3 100644 --- a/src/mod_openssl.c +++ b/src/mod_openssl.c @@ -1687,8 +1687,6 @@ mod_openssl_acme_tls_1 (SSL *ssl, handler_ctx *hctx) /* check if acme-tls/1 protocol is enabled (path to dir of cert(s) is set)*/ if (buffer_string_is_empty(hctx->conf.ssl_acme_tls_1)) return SSL_TLSEXT_ERR_NOACK; /*(reuse value here for not-configured)*/ - buffer_copy_buffer(b, hctx->conf.ssl_acme_tls_1); - buffer_append_slash(b); /* check if SNI set server name (required for acme-tls/1 protocol) * and perform simple path checks for no '/' @@ -1700,7 +1698,8 @@ mod_openssl_acme_tls_1 (SSL *ssl, handler_ctx *hctx) if (0 != http_request_host_policy(name,hctx->r->conf.http_parseopts,443)) return rc; #endif - buffer_append_string_buffer(b, name); + buffer_copy_buffer(b, hctx->conf.ssl_acme_tls_1); + buffer_append_path_len(b, CONST_BUF_LEN(name)); len = buffer_string_length(b); do { diff --git a/src/mod_secdownload.c b/src/mod_secdownload.c index f93f9ca0..f4845871 100644 --- a/src/mod_secdownload.c +++ b/src/mod_secdownload.c @@ -702,7 +702,8 @@ URIHANDLER_FUNC(mod_secdownload_uri_handler) { buffer_copy_buffer(&r->physical.basedir, p->conf.doc_root); buffer_copy_string(&r->physical.rel_path, rel_uri); buffer_copy_buffer(&r->physical.path, &r->physical.doc_root); - buffer_append_string_buffer(&r->physical.path, &r->physical.rel_path); + buffer_append_path_len(&r->physical.path, + CONST_BUF_LEN(&r->physical.rel_path)); return HANDLER_GO_ON; } diff --git a/src/mod_ssi.c b/src/mod_ssi.c index 98a786a1..cbc8cde1 100644 --- a/src/mod_ssi.c +++ b/src/mod_ssi.c @@ -459,7 +459,6 @@ static int process_ssi_stmt(request_st * const r, handler_ctx * const p, const c case SSI_FSIZE: { const char * file_path = NULL, *virt_path = NULL; struct stat stb; - char *sl; for (i = 2; i < n; i += 2) { if (0 == strcmp(l[i], "file")) { @@ -491,11 +490,9 @@ static int process_ssi_stmt(request_st * const r, handler_ctx * const p, const c if (file_path) { /* current doc-root */ - if (NULL == (sl = strrchr(r->physical.path.ptr, '/'))) { - buffer_copy_string_len(p->stat_fn, CONST_STR_LEN("/")); - } else { - buffer_copy_string_len(p->stat_fn, r->physical.path.ptr, sl - r->physical.path.ptr + 1); - } + char *sl = strrchr(r->physical.path.ptr, '/'); + if (NULL == sl) break; /*(not expected)*/ + buffer_copy_string_len(p->stat_fn, r->physical.path.ptr, sl - r->physical.path.ptr + 1); buffer_copy_string(tb, file_path); buffer_urldecode_path(tb); @@ -505,17 +502,15 @@ static int process_ssi_stmt(request_st * const r, handler_ctx * const p, const c break; } buffer_path_simplify(tb, tb); - buffer_append_string_buffer(p->stat_fn, tb); + buffer_append_path_len(p->stat_fn, CONST_BUF_LEN(tb)); } else { /* virtual */ - size_t remain; if (virt_path[0] == '/') { buffer_copy_string(tb, virt_path); } else { /* there is always a / */ - sl = strrchr(r->uri.path.ptr, '/'); - + const char * const sl = strrchr(r->uri.path.ptr, '/'); buffer_copy_string_len(tb, r->uri.path.ptr, sl - r->uri.path.ptr + 1); buffer_append_string(tb, virt_path); } @@ -557,18 +552,18 @@ static int process_ssi_stmt(request_st * const r, handler_ctx * const p, const c if (r->conf.force_lowercase_filenames) { buffer_to_lower(tb); } - remain = buffer_string_length(&r->uri.path) - i; + uint32_t remain = buffer_string_length(&r->uri.path) - i; if (!r->conf.force_lowercase_filenames ? buffer_is_equal_right_len(&r->physical.path, &r->physical.rel_path, remain) :(buffer_string_length(&r->physical.path) >= remain && buffer_eq_icase_ssn(r->physical.path.ptr+buffer_string_length(&r->physical.path)-remain, r->physical.rel_path.ptr+i, remain))) { buffer_copy_string_len(p->stat_fn, r->physical.path.ptr, buffer_string_length(&r->physical.path)-remain); - buffer_append_string_len(p->stat_fn, tb->ptr+i, buffer_string_length(tb)-i); + buffer_append_path_len(p->stat_fn, tb->ptr+i, buffer_string_length(tb)-i); } else { /* unable to perform physical path remap here; * assume doc_root/rel_path and no remapping */ buffer_copy_buffer(p->stat_fn, &r->physical.doc_root); - buffer_append_string_buffer(p->stat_fn, tb); + buffer_append_path_len(p->stat_fn, CONST_BUF_LEN(tb)); } } diff --git a/src/mod_webdav.c b/src/mod_webdav.c index ab7b21fd..d8e289ac 100644 --- a/src/mod_webdav.c +++ b/src/mod_webdav.c @@ -4899,9 +4899,9 @@ mod_webdav_copymove_b (request_st * const r, const plugin_config * const pconf, #endif buffer_copy_string_len(dst_path, r->physical.path.ptr, r->physical.path.used - 1 - remain); - buffer_append_string_len(dst_path, - dst_rel_path->ptr+i, - dst_rel_path->used - 1 - i); + buffer_append_path_len(dst_path, + dst_rel_path->ptr+i, + dst_rel_path->used - 1 - i); if (buffer_string_length(dst_path) >= PATH_MAX) { http_status_set_error(r, 403); /* Forbidden */ return HANDLER_FINISHED; @@ -4917,7 +4917,7 @@ mod_webdav_copymove_b (request_st * const r, const plugin_config * const pconf, buffer_copy_buffer(dst_path, &r->physical.doc_root); if (dst_path->ptr[dst_path->used-2] == '/') --dst_path->used; /* since dst_rel_path begins with '/' */ - buffer_append_string_buffer(dst_path, dst_rel_path); + buffer_append_path_len(dst_path, CONST_BUF_LEN(dst_rel_path)); if (buffer_string_length(dst_rel_path) >= PATH_MAX) { http_status_set_error(r, 403); /* Forbidden */ return HANDLER_FINISHED; diff --git a/src/mod_wolfssl.c b/src/mod_wolfssl.c index 086702b6..1319b711 100644 --- a/src/mod_wolfssl.c +++ b/src/mod_wolfssl.c @@ -1569,8 +1569,6 @@ mod_openssl_acme_tls_1 (SSL *ssl, handler_ctx *hctx) /* check if acme-tls/1 protocol is enabled (path to dir of cert(s) is set)*/ if (buffer_string_is_empty(hctx->conf.ssl_acme_tls_1)) return SSL_TLSEXT_ERR_NOACK; /*(reuse value here for not-configured)*/ - buffer_copy_buffer(b, hctx->conf.ssl_acme_tls_1); - buffer_append_slash(b); /* check if SNI set server name (required for acme-tls/1 protocol) * and perform simple path checks for no '/' @@ -1582,7 +1580,8 @@ mod_openssl_acme_tls_1 (SSL *ssl, handler_ctx *hctx) if (0 != http_request_host_policy(name,hctx->r->conf.http_parseopts,443)) return rc; #endif - buffer_append_string_buffer(b, name); + buffer_copy_buffer(b, hctx->conf.ssl_acme_tls_1); + buffer_append_path_len(b, CONST_BUF_LEN(name)); len = buffer_string_length(b); do { diff --git a/src/stat_cache.c b/src/stat_cache.c index 97178a62..941eb8b4 100644 --- a/src/stat_cache.c +++ b/src/stat_cache.c @@ -498,8 +498,7 @@ static void stat_cache_handle_fdevent_fn(stat_cache_fam * const scf, fam_dir_ent /* temporarily append filename to dir in fam_dir->name to * construct path, then delete stat_cache entry (if any)*/ len = buffer_string_length(n); - buffer_append_string_len(n, CONST_STR_LEN("/")); - buffer_append_string_len(n, fn, fnlen); + buffer_append_path_len(n, fn, fnlen); /* (alternatively, could chose to stat() and update)*/ stat_cache_invalidate_entry(CONST_BUF_LEN(n));