From: Art Cancro Date: Tue, 7 Dec 2004 04:41:04 +0000 (+0000) Subject: * Finally tracked down the WC->vars heap corruption issue (for real this X-Git-Tag: v7.86~5188 X-Git-Url: https://code.citadel.org/?p=citadel.git;a=commitdiff_plain;h=b1f320eba210f7f1019e86ae88f7dd3d0ed1557c * Finally tracked down the WC->vars heap corruption issue (for real this time). We now call clear_local_substs() at the end of each HTTP transaction, whether we need to or not, instead of calling it whenever we're done with something we wanted session variables for. * Finally tracked down the years-long "misplaced '(edit)' link" bug, by copying serv_info->serv_pid to WC->ctdl_pid at the time it's loaded, preventing it from getting clobbered by another session. * Bumped internal version number to 5.27 --- diff --git a/webcit/ChangeLog b/webcit/ChangeLog index 8115393fc..42d8dad53 100644 --- a/webcit/ChangeLog +++ b/webcit/ChangeLog @@ -1,4 +1,14 @@ $Log$ +Revision 526.1 2004/12/07 04:41:02 ajc +* Finally tracked down the WC->vars heap corruption issue (for real this + time). We now call clear_local_substs() at the end of each HTTP + transaction, whether we need to or not, instead of calling it whenever + we're done with something we wanted session variables for. +* Finally tracked down the years-long "misplaced '(edit)' link" bug, by + copying serv_info->serv_pid to WC->ctdl_pid at the time it's loaded, + preventing it from getting clobbered by another session. +* Bumped internal version number to 5.27 + Revision 526.0 2004/12/01 21:35:56 ajc * THIS IS 5.26 @@ -2124,4 +2134,3 @@ Sun Dec 6 19:50:55 EST 1998 Art Cancro 1998-12-03 Nathan Bryant * webserver.c: warning fix - diff --git a/webcit/auth.c b/webcit/auth.c index 34cb1af36..50e42586d 100644 --- a/webcit/auth.c +++ b/webcit/auth.c @@ -59,7 +59,6 @@ void display_login(char *mesg) do_template("login"); - clear_local_substs(); wDumpContent(0); /* No menu here; not logged in yet! */ } @@ -161,7 +160,6 @@ void do_welcome(void) svprintf("STARTPAGE", WCS_STRING, startpage); do_template("mainframeset"); - clear_local_substs(); } diff --git a/webcit/context_loop.c b/webcit/context_loop.c index 482dcfaba..c8b0fda4c 100644 --- a/webcit/context_loop.c +++ b/webcit/context_loop.c @@ -400,7 +400,7 @@ void context_loop(int sock) TheSession->http_sock = sock; TheSession->lastreq = time(NULL); /* log */ TheSession->outside_frameset_allowed = outside_frameset_allowed; - session_loop(req); /* do transaction */ + session_loop(req); /* do transaction */ pthread_mutex_unlock(&TheSession->SessionMutex); /* unbind */ /* Free the request buffer */ @@ -409,4 +409,9 @@ bail: while (req != NULL) { free(req); req = hptr; } + + /* Free up any session-local substitution variables which + * were set during this transaction + */ + clear_local_substs(); } diff --git a/webcit/roomops.c b/webcit/roomops.c index 62dc98365..c10d9d655 100644 --- a/webcit/roomops.c +++ b/webcit/roomops.c @@ -359,7 +359,6 @@ void embed_room_banner(char *got) { svcallback("START", offer_start_page); do_template("roombanner"); - clear_local_substs(); } diff --git a/webcit/serv_func.c b/webcit/serv_func.c index e5f5fe6b4..65a661434 100644 --- a/webcit/serv_func.c +++ b/webcit/serv_func.c @@ -72,6 +72,7 @@ void get_serv_info(char *browser_host, char *user_agent) switch (a) { case 0: serv_info.serv_pid = atoi(buf); + WC->ctdl_pid = serv_info.serv_pid; break; case 1: strcpy(serv_info.serv_nodename, buf); diff --git a/webcit/subst.c b/webcit/subst.c index c70477713..38f147b67 100644 --- a/webcit/subst.c +++ b/webcit/subst.c @@ -29,8 +29,6 @@ #include #include "webcit.h" -struct wcsubst *global_subst = NULL; - /* * Clear out the list of substitution variables local to this session @@ -49,6 +47,8 @@ void clear_local_substs(void) { free(WC->vars); WC->vars = ptr; } + + WC->vars = NULL; } @@ -58,14 +58,10 @@ void clear_local_substs(void) { void svprintf(char *keyname, int keytype, const char *format,...) { va_list arg_ptr; - char wbuf[4096]; + char wbuf[SIZ]; struct wcsubst *ptr = NULL; struct wcsubst *scan; - va_start(arg_ptr, format); - vsnprintf(wbuf, sizeof wbuf, format, arg_ptr); - va_end(arg_ptr); - /* First scan through to see if we're doing a replacement of * an existing key */ @@ -80,10 +76,16 @@ void svprintf(char *keyname, int keytype, const char *format,...) if (ptr == NULL) { ptr = (struct wcsubst *) malloc(sizeof(struct wcsubst)); ptr->next = WC->vars; - strcpy(ptr->wcs_key, keyname); + safestrncpy(ptr->wcs_key, keyname, sizeof ptr->wcs_key); WC->vars = ptr; } + /* Format the string and save it */ + + va_start(arg_ptr, format); + vsnprintf(wbuf, sizeof wbuf, format, arg_ptr); + va_end(arg_ptr); + ptr->wcs_type = keytype; ptr->wcs_value = strdup(wbuf); } @@ -144,7 +146,7 @@ void print_value_of(char *keyname) { } if (!strcasecmp(keyname, "SERV_PID")) { - wprintf("%d", serv_info.serv_pid); + wprintf("%d", WC->ctdl_pid); } else if (!strcasecmp(keyname, "SERV_NODENAME")) { diff --git a/webcit/webcit.c b/webcit/webcit.c index 17177b559..fd6398f59 100644 --- a/webcit/webcit.c +++ b/webcit/webcit.c @@ -367,6 +367,7 @@ void output_headers(int controlcode) suppress_check = ((controlcode & 0x08) >> 3); cache = ((controlcode & 0x10) >> 4); + wprintf("HTTP/1.0 200 OK\n"); httpdate(httpnow, time(NULL)); @@ -397,10 +398,15 @@ void output_headers(int controlcode) if (print_standard_html_head > 0) { wprintf("\n"); - if (refresh30) svprintf("REFRESHTAG", WCS_STRING, - "\n"); - else svprintf("REFRESHTAG", WCS_STRING, - "\n"); + if (refresh30) { + svprintf("REFRESHTAG", WCS_STRING, "%s", + "\n"); + } + else { + svprintf("REFRESHTAG", WCS_STRING, "%s", + "\n"); + } + /* script for checking for pages (not always launched) */ sprintf(onload_fcn, "function onload_fcn() { \n"); @@ -432,15 +438,12 @@ void output_headers(int controlcode) ); /* end script */ - do_template("head"); - clear_local_substs(); svprintf("extrabodyparms", WCS_STRING, "%s", "onload='onload_fcn();' "); do_template("background"); - clear_local_substs(); } if (print_standard_html_head == 1) { @@ -862,6 +865,7 @@ void session_loop(struct httprequest *req) WC->upload_length = 0; WC->upload = NULL; + WC->vars = NULL; WC->is_wap = 0; @@ -877,7 +881,7 @@ void session_loop(struct httprequest *req) hptr = hptr->next; if (!strncasecmp(buf, "Cookie: webcit=", 15)) { - strcpy(cookie, &buf[15]); + safestrncpy(cookie, &buf[15], sizeof cookie); cookie_to_stuff(cookie, NULL, c_username, c_password, c_roomname); } diff --git a/webcit/webcit.h b/webcit/webcit.h index 1b9c98572..a7f8a66cd 100644 --- a/webcit/webcit.h +++ b/webcit/webcit.h @@ -32,10 +32,10 @@ #define SLEEPING 180 /* TCP connection timeout */ #define WEBCIT_TIMEOUT 900 /* WebCit session timeout */ #define PORT_NUM 2000 /* port number to listen on */ -#define SERVER "WebCit v5.26" /* who's in da house */ +#define SERVER "WebCit v5.27" /* who's in da house */ #define DEVELOPER_ID 0 #define CLIENT_ID 4 -#define CLIENT_VERSION 526 /* This version of WebCit */ +#define CLIENT_VERSION 527 /* This version of WebCit */ #define MINIMUM_CIT_VERSION 626 /* min required Citadel vers */ #define DEFAULT_HOST "localhost" /* Default Citadel server */ #define DEFAULT_PORT "504" @@ -230,6 +230,7 @@ struct wcsession { int outside_frameset_allowed; /* nonzero if current req is allowed * outside of the main frameset */ char last_chat_user[SIZ]; + int ctdl_pid; /* Session ID on the Citadel server */ }; #define extract(dest,source,parmnum) extract_token(dest,source,parmnum,'|') @@ -252,8 +253,6 @@ extern char *ctdlhost, *ctdlport; extern char *server_cookie; extern int is_https; -extern struct wcsubst *global_subst; - void stuff_to_cookie(char *cookie, int session, char *user, char *pass, char *room); diff --git a/webcit/who.c b/webcit/who.c index ec5267684..0ccad321f 100644 --- a/webcit/who.c +++ b/webcit/who.c @@ -91,13 +91,13 @@ void whobbs(void) wprintf("%d", sess); if ((WC->is_aide) && - (sess != serv_info.serv_pid)) { + (sess != WC->ctdl_pid)) { wprintf(" (kill)"); } - if (sess == serv_info.serv_pid) { + if (sess == WC->ctdl_pid) { wprintf(" (edit)"); }