From 703ddfcfb91ab5c0e1998de308aeb447b688ac480de24c8507ba4683551b68cf Mon Sep 17 00:00:00 2001
From: OBS User unknown <null@suse.de>
Date: Fri, 16 Feb 2007 18:27:31 +0000
Subject: [PATCH] OBS-URL:
 https://build.opensuse.org/package/show/openSUSE:Factory/thttpd?expand=0&rev=3

---
 thttpd-2.25b-strcpy.patch      | 84 ++++++++++++++++++++++++++++++++++
 thttpd-2.25b-syslogtocern.diff |  8 ++--
 thttpd-2.25b-zerolen.patch     | 20 ++++++++
 thttpd.changes                 | 10 ++++
 thttpd.spec                    | 15 +++++-
 5 files changed, 131 insertions(+), 6 deletions(-)
 create mode 100644 thttpd-2.25b-strcpy.patch
 create mode 100644 thttpd-2.25b-zerolen.patch

diff --git a/thttpd-2.25b-strcpy.patch b/thttpd-2.25b-strcpy.patch
new file mode 100644
index 0000000..42b5ee8
--- /dev/null
+++ b/thttpd-2.25b-strcpy.patch
@@ -0,0 +1,84 @@
+--- libhttpd.c
++++ libhttpd.c
+@@ -294,7 +294,8 @@
+ 	    }
+ 	/* Nuke any leading slashes in the cgi pattern. */
+ 	while ( ( cp = strstr( hs->cgi_pattern, "|/" ) ) != (char*) 0 )
+-	    (void) strcpy( cp + 1, cp + 2 );
++	    /* -2 for the offset, +1 for the '\0' */
++	    (void) memmove( cp + 1, cp + 2, strlen( cp ) - 1 );
+ 	}
+     hs->cgi_limit = cgi_limit;
+     hs->cgi_count = 0;
+@@ -1496,7 +1497,8 @@
+ 	/* Remove any leading slashes. */
+ 	while ( rest[0] == '/' )
+ 	    {
+-	    (void) strcpy( rest, &(rest[1]) );
++	    /*One more for '\0', one less for the eaten first*/
++	    (void) memmove( rest, &(rest[1]), strlen(rest) );
+ 	    --restlen;
+ 	    }
+     r = rest;
+@@ -2333,8 +2335,8 @@
+ 		 hc->expnfilename, hc->hs->cwd, strlen( hc->hs->cwd ) ) == 0 )
+ 	    {
+ 	    /* Elide the current directory. */
+-	    (void) strcpy(
+-		hc->expnfilename, &hc->expnfilename[strlen( hc->hs->cwd )] );
++	    (void) memmove(
++		hc->expnfilename, &hc->expnfilename[strlen( hc->hs->cwd )], strlen(hc->expnfilename) - strlen( hc->hs->cwd ) + 1 );
+ 	    }
+ #ifdef TILDE_MAP_2
+ 	else if ( hc->altdir[0] != '\0' &&
+@@ -2405,15 +2407,15 @@
+ 
+     /* Remove leading ./ and any /./ sequences. */
+     while ( strncmp( file, "./", 2 ) == 0 )
+-	(void) strcpy( file, file + 2 );
++	(void) memmove( file, file + 2, strlen( file ) - 1 );
+     while ( ( cp = strstr( file, "/./") ) != (char*) 0 )
+-	(void) strcpy( cp, cp + 2 );
++	(void) memmove( cp, cp + 2, strlen( file ) - 1 );
+ 
+     /* Alternate between removing leading ../ and removing xxx/../ */
+     for (;;)
+ 	{
+ 	while ( strncmp( file, "../", 3 ) == 0 )
+-	    (void) strcpy( file, file + 3 );
++	    (void) memmove( file, file + 3, strlen( file ) - 2 );
+ 	cp = strstr( file, "/../" );
+ 	if ( cp == (char*) 0 )
+ 	    break;
+@@ -4083,7 +4085,7 @@
+ 	}
+     else if ( IN6_IS_ADDR_V4MAPPED( &saP->sa_in6.sin6_addr ) && strncmp( str, "::ffff:", 7 ) == 0 )
+ 	/* Elide IPv6ish prefix for IPv4 addresses. */
+-	(void) strcpy( str, &str[7] );
++	(void) memmove( str, &str[7], strlen( str ) - 6 );
+ 
+     return str;
+ 
+--- thttpd.c
++++ thttpd.c
+@@ -573,7 +573,7 @@
+ 	    {
+ 	    if ( strncmp( logfile, cwd, strlen( cwd ) ) == 0 )
+ 		{
+-		(void) strcpy( logfile, &logfile[strlen( cwd ) - 1] );
++		(void) memmove( logfile, &logfile[strlen( cwd ) - 1], strlen(logfile) - (strlen( cwd ) - 1) + 1 );
+ 		/* (We already guaranteed that cwd ends with a slash, so leaving
+ 		** that slash in logfile makes it an absolute pathname within
+ 		** the chroot tree.)
+@@ -1422,9 +1422,9 @@
+ 
+ 	/* Nuke any leading slashes in pattern. */
+ 	if ( pattern[0] == '/' )
+-	    (void) strcpy( pattern, &pattern[1] );
++	    (void) memmove( pattern, &pattern[1], strlen(pattern) );
+ 	while ( ( cp = strstr( pattern, "|/" ) ) != (char*) 0 )
+-	    (void) strcpy( cp + 1, cp + 2 );
++	    (void) memmove( cp + 1, cp + 2, strlen(cp) - 1 );
+ 
+ 	/* Check for room in throttles. */
+ 	if ( numthrottles >= maxthrottles )
diff --git a/thttpd-2.25b-syslogtocern.diff b/thttpd-2.25b-syslogtocern.diff
index 6e44856..d3717f1 100644
--- a/thttpd-2.25b-syslogtocern.diff
+++ b/thttpd-2.25b-syslogtocern.diff
@@ -3,16 +3,16 @@
 @@ -31,8 +31,8 @@
      exit 1
  fi
-
+ 
 -tmp1=/tmp/stc1.$$
 -rm -f $tmp1
 +tmp1=`mktemp -t stc1.XXXXXX` || { echo "$0: Cannot create temporary file" >&2; exit 1;  }
 +trap " [ -f \"$tmp1\" ] && /bin/rm -f -- \"$tmp1\"" 0 1 2 3 13 15
-
+ 
  # Gather up all the thttpd entries.
- egrep ' thttpd\[' $* > $tmp1
+ egrep -h ' thttpd\[' "$@" > $tmp1
 @@ -65,4 +65,3 @@
    sed -e "s,\([A-Z][a-z][a-z] [0-9 ][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9]\) [^ ]* thttpd\[[0-9]*\]: \(.*\),[\1 ${year}] \2," > error_log
-
+ 
  # Done.
 -rm -f $tmp1
diff --git a/thttpd-2.25b-zerolen.patch b/thttpd-2.25b-zerolen.patch
new file mode 100644
index 0000000..652b433
--- /dev/null
+++ b/thttpd-2.25b-zerolen.patch
@@ -0,0 +1,20 @@
+--- libhttpd.c
++++ libhttpd.c
+@@ -1471,7 +1471,7 @@
+ 	    httpd_realloc_str( &checked, &maxchecked, checkedlen );
+ 	    (void) strcpy( checked, path );
+ 	    /* Trim trailing slashes. */
+-	    while ( checked[checkedlen - 1] == '/' )
++	    while ( checkedlen && checked[checkedlen - 1] == '/' )
+ 		{
+ 		checked[checkedlen - 1] = '\0';
+ 		--checkedlen;
+@@ -1490,7 +1490,7 @@
+     restlen = strlen( path );
+     httpd_realloc_str( &rest, &maxrest, restlen );
+     (void) strcpy( rest, path );
+-    if ( rest[restlen - 1] == '/' )
++    if ( restlen && rest[restlen - 1] == '/' )
+ 	rest[--restlen] = '\0';         /* trim trailing slash */
+     if ( ! tildemapped )
+ 	/* Remove any leading slashes. */
diff --git a/thttpd.changes b/thttpd.changes
index e673341..dcd959d 100644
--- a/thttpd.changes
+++ b/thttpd.changes
@@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Fri Feb 16 17:36:35 CET 2007 - mvaner@suse.cz
+
+- Adding check for zero length
+  - from Marcus Meissner
+  - zerolen.patch
+- Replacing strcpy with memmove when they overlap
+  - strcpy.patch
+- Both from #230776
+
 -------------------------------------------------------------------
 Wed Feb 14 15:04:06 CET 2007 - schwab@suse.de
 
diff --git a/thttpd.spec b/thttpd.spec
index bf79f97..71f3e8a 100644
--- a/thttpd.spec
+++ b/thttpd.spec
@@ -16,7 +16,7 @@ Provides:       http_daemon
 PreReq:         %fillup_prereq %insserv_prereq permissions
 Autoreqprov:    on
 Version:        2.25b
-Release:        68
+Release:        69
 Source:         %{name}-%{version}.tar.bz2
 Source1:        %{name}-SuSE.tar.bz2
 Patch0:         %{name}-%{version}-configure.patch
@@ -29,6 +29,8 @@ Patch6:         %{name}-%{version}-pie.patch
 Patch7:         %{name}-%{version}-syslogtocern.diff
 Patch8:         %{name}-%{version}-overflow.diff
 Patch9:         %{name}-%{version}-chown.diff
+Patch10:        %{name}-%{version}-zerolen.patch
+Patch11:        %{name}-%{version}-strcpy.patch
 URL:            http://www.acme.com/software/thttpd/
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Summary:        Small and very simple webserver
@@ -62,6 +64,8 @@ Authors:
 %patch7
 %patch8
 %patch9
+%patch10
+%patch11
 
 %build
 for i in README.SuSE SuSE/etc/init.d/thttpd; do
@@ -128,7 +132,14 @@ rm -rf $RPM_BUILD_ROOT
 /usr/share/man/*/*
 %config /etc/init.d/thttpd
 
-%changelog -n thttpd
+%changelog
+* Fri Feb 16 2007 - mvaner@suse.cz
+- Adding check for zero length
+  - from Marcus Meissner
+  - zerolen.patch
+- Replacing strcpy with memmove when they overlap
+  - strcpy.patch
+- Both from #230776
 * Wed Feb 14 2007 - schwab@suse.de
 - Fix building as non-root.
 * Fri Mar 10 2006 - anicka@suse.cz