pool/thttpd
SHA256
3
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/thttpd?expand=0&rev=3

Browse Source
This commit is contained in:
OBS User unknown 2007-02-16 18:27:31 +00:00 committed by Git OBS Bridge
parent 1239c51977
commit 703ddfcfb9
5 changed files with 131 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

84
thttpd-2.25b-strcpy.patch Normal file
View File

@ -0,0 +1,84 @@
--- libhttpd.c
+++ libhttpd.c
@@ -294,7 +294,8 @@
}
/* Nuke any leading slashes in the cgi pattern. */
while ( ( cp = strstr( hs->cgi_pattern, "|/" ) ) != (char*) 0 )
- (void) strcpy( cp + 1, cp + 2 );
+ /* -2 for the offset, +1 for the '\0' */
+ (void) memmove( cp + 1, cp + 2, strlen( cp ) - 1 );
}
hs->cgi_limit = cgi_limit;
hs->cgi_count = 0;
@@ -1496,7 +1497,8 @@
/* Remove any leading slashes. */
while ( rest[0] == '/' )
{
- (void) strcpy( rest, &(rest[1]) );
+ /*One more for '\0', one less for the eaten first*/
+ (void) memmove( rest, &(rest[1]), strlen(rest) );
--restlen;
}
r = rest;
@@ -2333,8 +2335,8 @@
hc->expnfilename, hc->hs->cwd, strlen( hc->hs->cwd ) ) == 0 )
{
/* Elide the current directory. */
- (void) strcpy(
- hc->expnfilename, &hc->expnfilename[strlen( hc->hs->cwd )] );
+ (void) memmove(
+ hc->expnfilename, &hc->expnfilename[strlen( hc->hs->cwd )], strlen(hc->expnfilename) - strlen( hc->hs->cwd ) + 1 );
}
#ifdef TILDE_MAP_2
else if ( hc->altdir[0] != '\0' &&
@@ -2405,15 +2407,15 @@
/* Remove leading ./ and any /./ sequences. */
while ( strncmp( file, "./", 2 ) == 0 )
- (void) strcpy( file, file + 2 );
+ (void) memmove( file, file + 2, strlen( file ) - 1 );
while ( ( cp = strstr( file, "/./") ) != (char*) 0 )
- (void) strcpy( cp, cp + 2 );
+ (void) memmove( cp, cp + 2, strlen( file ) - 1 );
/* Alternate between removing leading ../ and removing xxx/../ */
for (;;)
{
while ( strncmp( file, "../", 3 ) == 0 )
- (void) strcpy( file, file + 3 );
+ (void) memmove( file, file + 3, strlen( file ) - 2 );
cp = strstr( file, "/../" );
if ( cp == (char*) 0 )
break;
@@ -4083,7 +4085,7 @@
}
else if ( IN6_IS_ADDR_V4MAPPED( &saP->sa_in6.sin6_addr ) && strncmp( str, "::ffff:", 7 ) == 0 )
/* Elide IPv6ish prefix for IPv4 addresses. */
- (void) strcpy( str, &str[7] );
+ (void) memmove( str, &str[7], strlen( str ) - 6 );
return str;
--- thttpd.c
+++ thttpd.c
@@ -573,7 +573,7 @@
{
if ( strncmp( logfile, cwd, strlen( cwd ) ) == 0 )
{
- (void) strcpy( logfile, &logfile[strlen( cwd ) - 1] );
+ (void) memmove( logfile, &logfile[strlen( cwd ) - 1], strlen(logfile) - (strlen( cwd ) - 1) + 1 );
/* (We already guaranteed that cwd ends with a slash, so leaving
** that slash in logfile makes it an absolute pathname within
** the chroot tree.)
@@ -1422,9 +1422,9 @@
/* Nuke any leading slashes in pattern. */
if ( pattern[0] == '/' )
- (void) strcpy( pattern, &pattern[1] );
+ (void) memmove( pattern, &pattern[1], strlen(pattern) );
while ( ( cp = strstr( pattern, "|/" ) ) != (char*) 0 )
- (void) strcpy( cp + 1, cp + 2 );
+ (void) memmove( cp + 1, cp + 2, strlen(cp) - 1 );
/* Check for room in throttles. */
if ( numthrottles >= maxthrottles )

8
thttpd-2.25b-syslogtocern.diff
View File

@ -3,16 +3,16 @@
@@ -31,8 +31,8 @@
exit 1
fi
-tmp1=/tmp/stc1.$$
-rm -f $tmp1
+tmp1=`mktemp -t stc1.XXXXXX` || { echo "$0: Cannot create temporary file" >&2; exit 1; }
+trap " [ -f \"$tmp1\" ] && /bin/rm -f -- \"$tmp1\"" 0 1 2 3 13 15
# Gather up all the thttpd entries.
egrep ' thttpd\[' $* > $tmp1
egrep -h ' thttpd\[' "$@" > $tmp1
@@ -65,4 +65,3 @@
sed -e "s,\([A-Z][a-z][a-z] [0-9 ][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9]\) [^ ]* thttpd\[[0-9]*\]: \(.*\),[\1 ${year}] \2," > error_log
# Done.
-rm -f $tmp1

20
thttpd-2.25b-zerolen.patch Normal file
View File

@ -0,0 +1,20 @@
--- libhttpd.c
+++ libhttpd.c
@@ -1471,7 +1471,7 @@
httpd_realloc_str( &checked, &maxchecked, checkedlen );
(void) strcpy( checked, path );
/* Trim trailing slashes. */
- while ( checked[checkedlen - 1] == '/' )
+ while ( checkedlen && checked[checkedlen - 1] == '/' )
{
checked[checkedlen - 1] = '\0';
--checkedlen;
@@ -1490,7 +1490,7 @@
restlen = strlen( path );
httpd_realloc_str( &rest, &maxrest, restlen );
(void) strcpy( rest, path );
- if ( rest[restlen - 1] == '/' )
+ if ( restlen && rest[restlen - 1] == '/' )
rest[--restlen] = '\0'; /* trim trailing slash */
if ( ! tildemapped )
/* Remove any leading slashes. */

10
thttpd.changes
View File

@ -1,3 +1,13 @@
-------------------------------------------------------------------
Fri Feb 16 17:36:35 CET 2007 - mvaner@suse.cz
- Adding check for zero length
- from Marcus Meissner
- zerolen.patch
- Replacing strcpy with memmove when they overlap
- strcpy.patch
- Both from #230776
-------------------------------------------------------------------
Wed Feb 14 15:04:06 CET 2007 - schwab@suse.de

15
thttpd.spec
View File

@ -16,7 +16,7 @@ Provides: http_daemon
PreReq: %fillup_prereq %insserv_prereq permissions
Autoreqprov: on
Version: 2.25b
Release: 68
Release: 69
Source: %{name}-%{version}.tar.bz2
Source1: %{name}-SuSE.tar.bz2
Patch0: %{name}-%{version}-configure.patch
@ -29,6 +29,8 @@ Patch6: %{name}-%{version}-pie.patch
Patch7: %{name}-%{version}-syslogtocern.diff
Patch8: %{name}-%{version}-overflow.diff
Patch9: %{name}-%{version}-chown.diff
Patch10: %{name}-%{version}-zerolen.patch
Patch11: %{name}-%{version}-strcpy.patch
URL: http://www.acme.com/software/thttpd/
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Summary: Small and very simple webserver
@ -62,6 +64,8 @@ Authors:
%patch7
%patch8
%patch9
%patch10
%patch11
%build
for i in README.SuSE SuSE/etc/init.d/thttpd; do
@ -128,7 +132,14 @@ rm -rf $RPM_BUILD_ROOT
/usr/share/man/*/*
%config /etc/init.d/thttpd
%changelog -n thttpd
%changelog
* Fri Feb 16 2007 - mvaner@suse.cz
- Adding check for zero length
- from Marcus Meissner
- zerolen.patch
- Replacing strcpy with memmove when they overlap
- strcpy.patch
- Both from #230776
* Wed Feb 14 2007 - schwab@suse.de
- Fix building as non-root.
* Fri Mar 10 2006 - anicka@suse.cz