Browse Source

fix some warnings reported by static analysis tool

iterate over environ via array-index notation with char **ptr on stack
(instead of repeatedly re-accessing global 'environ')

check getsockname() return values including addrlen

[mod_dirlisting] pass buf size into http_list_directory_sizefmt()

github: resolves #48
personal/stbuehler/mod-csrf-old
Glenn Strauss 6 years ago
parent
commit
d7638b9b10
  1. 3
      src/http-header-glue.c
  2. 21
      src/mod_dirlisting.c
  3. 10
      src/mod_fastcgi.c
  4. 10
      src/mod_scgi.c

3
src/http-header-glue.c

@ -140,7 +140,8 @@ int http_response_redirect_to_directory(server *srv, connection *con) {
our_addr_len = sizeof(our_addr);
if (-1 == getsockname(con->fd, &(our_addr.plain), &our_addr_len)) {
if (-1 == getsockname(con->fd, (struct sockaddr *)&our_addr, &our_addr_len)
|| our_addr_len > sizeof(our_addr)) {
con->http_status = 500;
log_error_write(srv, __FILE__, __LINE__, "ss",

21
src/mod_dirlisting.c

@ -437,11 +437,11 @@ static void http_dirls_sort(dirls_entry_t **ent, int num) {
/* buffer must be able to hold "999.9K"
* conversion is simple but not perfect
*/
static int http_list_directory_sizefmt(char *buf, off_t size) {
static int http_list_directory_sizefmt(char *buf, size_t bufsz, off_t size) {
const char unit[] = "KMGTPE"; /* Kilo, Mega, Tera, Peta, Exa */
const char *u = unit - 1; /* u will always increment at least once */
int remain;
char *out = buf;
size_t buflen;
if (size < 100)
size += 99;
@ -465,14 +465,15 @@ static int http_list_directory_sizefmt(char *buf, off_t size) {
u++;
}
li_itostrn(out, 4, size);
out += strlen(out);
out[0] = '.';
out[1] = remain + '0';
out[2] = *u;
out[3] = '\0';
li_itostrn(buf, bufsz, size);
buflen = strlen(buf);
if (buflen + 3 >= bufsz) return buflen;
buf[buflen+0] = '.';
buf[buflen+1] = remain + '0';
buf[buflen+2] = *u;
buf[buflen+3] = '\0';
return (out + 3 - buf);
return buflen + 3;
}
static void http_list_directory_header(server *srv, connection *con, plugin_data *p, buffer *out) {
@ -862,7 +863,7 @@ static int http_list_directory(server *srv, connection *con, plugin_data *p, buf
#else
strftime(datebuf, sizeof(datebuf), "%Y-%b-%d %H:%M:%S", localtime(&(tmp->mtime)));
#endif
http_list_directory_sizefmt(sizebuf, tmp->size);
http_list_directory_sizefmt(sizebuf, sizeof(sizebuf), tmp->size);
buffer_append_string_len(out, CONST_STR_LEN("<tr><td class=\"n\"><a href=\""));
buffer_append_string_encoded(out, DIRLIST_ENT_NAME(tmp), tmp->namelen, ENCODING_REL_URI_PART);

10
src/mod_fastcgi.c

@ -1033,11 +1033,12 @@ static int fcgi_spawn_connection(server *srv,
}
}
} else {
for (i = 0; environ[i]; i++) {
char ** const e = environ;
for (i = 0; e[i]; ++i) {
char *eq;
if (NULL != (eq = strchr(environ[i], '='))) {
env_add(&env, environ[i], eq - environ[i], eq+1, strlen(eq+1));
if (NULL != (eq = strchr(e[i], '='))) {
env_add(&env, e[i], eq - e[i], eq+1, strlen(eq+1));
}
}
}
@ -1926,7 +1927,8 @@ static int fcgi_create_env(server *srv, handler_ctx *hctx, size_t request_id) {
/* get the server-side of the connection to the client */
our_addr_len = sizeof(our_addr);
if (-1 == getsockname(con->fd, &(our_addr.plain), &our_addr_len)) {
if (-1 == getsockname(con->fd, (struct sockaddr *)&our_addr, &our_addr_len)
|| our_addr_len > sizeof(our_addr)) {
s = inet_ntop_cache_get_ip(srv, &(srv_sock->addr));
} else {
s = inet_ntop_cache_get_ip(srv, &(our_addr));

10
src/mod_scgi.c

@ -825,11 +825,12 @@ static int scgi_spawn_connection(server *srv,
}
}
} else {
for (i = 0; environ[i]; i++) {
char ** const e = environ;
for (i = 0; e[i]; ++i) {
char *eq;
if (NULL != (eq = strchr(environ[i], '='))) {
env_add(&env, environ[i], eq - environ[i], eq+1, strlen(eq+1));
if (NULL != (eq = strchr(e[i], '='))) {
env_add(&env, e[i], eq - e[i], eq+1, strlen(eq+1));
}
}
}
@ -1576,7 +1577,8 @@ static int scgi_create_env(server *srv, handler_ctx *hctx) {
/* get the server-side of the connection to the client */
our_addr_len = sizeof(our_addr);
if (-1 == getsockname(con->fd, &(our_addr.plain), &our_addr_len)) {
if (-1 == getsockname(con->fd, (struct sockaddr *)&our_addr, &our_addr_len)
|| our_addr_len > sizeof(our_addr)) {
s = inet_ntop_cache_get_ip(srv, &(srv_sock->addr));
} else {
s = inet_ntop_cache_get_ip(srv, &(our_addr));

Loading…
Cancel
Save