From fa4703876cbb0330af860bb686d044ddb59dbadb Mon Sep 17 00:00:00 2001 From: Wilfried Goesgens Date: Thu, 7 Apr 2011 00:46:34 +0200 Subject: [PATCH] if StrBuf_ServGetln() is called in a loop, its return value has to be checked for error, else we might get into infinite loops. --- webcit/auth.c | 5 ++++- webcit/blogview_renderer.c | 6 +++++- webcit/groupdav_propfind.c | 9 +++++++-- webcit/inetconf.c | 5 ++++- webcit/mainmenu.c | 3 ++- webcit/messages.c | 9 +++++++-- webcit/preferences.c | 9 +++++---- webcit/pushemail.c | 8 ++++---- webcit/roomlist.c | 8 ++++---- webcit/roomops.c | 6 ++++-- webcit/serv_func.c | 7 ++++++- webcit/siteconfig.c | 4 ++-- webcit/tcp_sockets.c | 5 ++++- webcit/useredit.c | 6 ++++-- webcit/webcit.c | 3 ++- webcit/who.c | 5 ++++- webcit/wiki.c | 4 ++-- 17 files changed, 70 insertions(+), 32 deletions(-) diff --git a/webcit/auth.c b/webcit/auth.c index ebf7aa14c..35c2063b3 100644 --- a/webcit/auth.c +++ b/webcit/auth.c @@ -303,6 +303,7 @@ void finalize_openid_login(void) long HKLen; const char *HKey; HashPos *Cursor; + int len; Cursor = GetNewHashPos (WCC->Hdr->urlstrings, 0); while (GetNextHashPos(WCC->Hdr->urlstrings, Cursor, &HKLen, &HKey, &U)) { @@ -315,7 +316,9 @@ void finalize_openid_login(void) serv_puts("000"); linecount = 0; - while (StrBuf_ServGetln(Buf), strcmp(ChrPtr(Buf), "000")) + while (len = StrBuf_ServGetln(Buf), + ((len >= 0) && + ((len != 3) || strcmp(ChrPtr(Buf), "000") ))) { if (linecount == 0) result = NewStrBufDup(Buf); if (!strcasecmp(ChrPtr(result), "authenticate")) { diff --git a/webcit/blogview_renderer.c b/webcit/blogview_renderer.c index 9a93a686c..215fa94ef 100644 --- a/webcit/blogview_renderer.c +++ b/webcit/blogview_renderer.c @@ -122,13 +122,17 @@ struct bltr blogview_learn_thread_references(long msgnum) { StrBuf *Buf; StrBuf *r; + int len; struct bltr bltr = { 0, 0 } ; Buf = NewStrBuf(); r = NewStrBuf(); serv_printf("MSG0 %ld|1", msgnum); /* top level citadel headers only */ StrBuf_ServGetln(Buf); if (GetServerStatus(Buf, NULL) == 1) { - while (StrBuf_ServGetln(Buf), strcmp(ChrPtr(Buf), "000")) { + while (len = StrBuf_ServGetln(Buf), + ((len >= 0) && + ((len != 3) || strcmp(ChrPtr(Buf), "000") ))) + { if (!strncasecmp(ChrPtr(Buf), "msgn=", 5)) { StrBufCutLeft(Buf, 5); bltr.id = HashLittle(ChrPtr(Buf), StrLength(Buf)); diff --git a/webcit/groupdav_propfind.c b/webcit/groupdav_propfind.c index 01dbe4f61..f644bb740 100644 --- a/webcit/groupdav_propfind.c +++ b/webcit/groupdav_propfind.c @@ -680,7 +680,10 @@ void groupdav_propfind(void) StrBuf_ServGetln(MsgNum); if (GetServerStatus(MsgNum, NULL) == 1) - while (BufLen = StrBuf_ServGetln(MsgNum), strcmp(ChrPtr(MsgNum), "000")) { + while (BufLen = StrBuf_ServGetln(MsgNum), + ((BufLen >= 0) && + ((BufLen != 3) || strcmp(ChrPtr(MsgNum), "000")) )) + { msgs = realloc(msgs, ++num_msgs * sizeof(long)); msgs[num_msgs-1] = StrTol(MsgNum); } @@ -692,7 +695,9 @@ void groupdav_propfind(void) serv_printf("MSG0 %ld|3", msgs[i]); StrBuf_ServGetln(MsgNum); if (GetServerStatus(MsgNum, NULL) == 1) - while (BufLen = StrBuf_ServGetln(MsgNum), strcmp(ChrPtr(MsgNum), "000")) + while (BufLen = StrBuf_ServGetln(MsgNum), + ((BufLen >= 0) && + ((BufLen != 3) || strcmp(ChrPtr(MsgNum), "000")) )) { if (!strncasecmp(ChrPtr(MsgNum), "exti=", 5)) { strcpy(uid, &ChrPtr(MsgNum)[5]); diff --git a/webcit/inetconf.c b/webcit/inetconf.c index ab2847587..a370634bc 100644 --- a/webcit/inetconf.c +++ b/webcit/inetconf.c @@ -62,7 +62,10 @@ void load_inetconf(void) if (GetServerStatus(Buf, NULL) == 1) { CfgToken = NewStrBuf(); while ((len = StrBuf_ServGetln(Buf), - strcmp(ChrPtr(Buf), "000"))) { + ((len >= 0) && + ((len != 3) || + strcmp(ChrPtr(Buf), "000"))))) + { Value = NewStrBuf(); StrBufExtract_token(CfgToken, Buf, 1, '|'); diff --git a/webcit/mainmenu.c b/webcit/mainmenu.c index 8ddc28aa2..8942e9390 100644 --- a/webcit/mainmenu.c +++ b/webcit/mainmenu.c @@ -58,7 +58,8 @@ void do_generic(void) LineBuf = NewStrBuf(); StrBufAppendBufPlain(Buf, HKEY("\n"), 0); while (!Done) { - StrBuf_ServGetln(LineBuf); + if (StrBuf_ServGetln(LineBuf) < 0) + break; if ( (StrLength(LineBuf)==3) && !strcmp(ChrPtr(LineBuf), "000")) { Done = 1; diff --git a/webcit/messages.c b/webcit/messages.c index d099de86d..231d98eef 100644 --- a/webcit/messages.c +++ b/webcit/messages.c @@ -537,8 +537,10 @@ message_summary *ReadOneMessageSummary(StrBuf *RawMessage, const char *DefaultSu Msg = (message_summary*)malloc(sizeof(message_summary)); memset(Msg, 0, sizeof(message_summary)); while (len = StrBuf_ServGetln(Buf), + (len >= 0) && ((len != 3) || - strcmp(ChrPtr(Buf), "000")== 0)){ + strcmp(ChrPtr(Buf), "000"))) + { buf = ChrPtr(Buf); ebuf = strchr(ChrPtr(Buf), '='); nBuf = ebuf - buf; @@ -589,7 +591,10 @@ int load_msg_ptrs(const char *servcmd, return (Stat->nummsgs); } Buf2 = NewStrBuf(); - while (len = StrBuf_ServGetln(Buf), ((len != 3) || strcmp(ChrPtr(Buf), "000")!= 0)) + while (len = StrBuf_ServGetln(Buf), + ((len >= 0) && + ((len != 3) || + strcmp(ChrPtr(Buf), "000")!= 0))) { if (Stat->nummsgs < Stat->maxload) { skipit = 0; diff --git a/webcit/preferences.c b/webcit/preferences.c index a492f5d06..02b9102b5 100644 --- a/webcit/preferences.c +++ b/webcit/preferences.c @@ -154,7 +154,8 @@ void ParsePref(HashList **List, StrBuf *ReadBuf) Preference *LastData = NULL; while (!Done) { - StrBuf_ServGetln(ReadBuf); + if (StrBuf_ServGetln(ReadBuf) < 0) + break; if ( (StrLength(ReadBuf)==3) && !strcmp(ChrPtr(ReadBuf), "000")) { Done = 1; @@ -221,7 +222,7 @@ void load_preferences(void) serv_puts("000"); } while (!Done && - StrBuf_ServGetln(ReadBuf)) { + (StrBuf_ServGetln(ReadBuf) >= 0)) { if ( (StrLength(ReadBuf)==3) && !strcmp(ChrPtr(ReadBuf), "000")) { Done = 1; @@ -234,7 +235,7 @@ void load_preferences(void) serv_printf("MSG0 %ld", msgnum); StrBuf_ServGetln(ReadBuf); if (GetServerStatus(ReadBuf, NULL) == 1) { - while (StrBuf_ServGetln(ReadBuf), + while ((StrBuf_ServGetln(ReadBuf) >= 0) && (strcmp(ChrPtr(ReadBuf), "text") && strcmp(ChrPtr(ReadBuf), "000"))) { } @@ -375,7 +376,7 @@ void save_preferences(void) serv_puts("000"); } while (!Done && - StrBuf_ServGetln(ReadBuf)) { + (StrBuf_ServGetln(ReadBuf) >= 0)) { if ( (StrLength(ReadBuf)==3) && !strcmp(ChrPtr(ReadBuf), "000")) { Done = 1; diff --git a/webcit/pushemail.c b/webcit/pushemail.c index 82ee5682a..6fdf455cd 100644 --- a/webcit/pushemail.c +++ b/webcit/pushemail.c @@ -29,7 +29,7 @@ void display_pushemail(void) serv_puts("subj|__ Push email settings __"); serv_puts("000"); while (!Done && - StrBuf_ServGetln(Buf)) { + StrBuf_ServGetln(Buf) >= 0) { if ( (StrLength(Buf)==3) && !strcmp(ChrPtr(Buf), "000")) { Done = 1; @@ -45,7 +45,7 @@ void display_pushemail(void) int i =0; Done = 0; while (!Done && - StrBuf_ServGetln(Buf)) { + StrBuf_ServGetln(Buf) >= 0) { if (( (StrLength(Buf)==3) && !strcmp(ChrPtr(Buf), "000"))|| ((StrLength(Buf)==4) && @@ -58,7 +58,7 @@ void display_pushemail(void) if (!strcmp(ChrPtr(Buf), "text")) { Done = 0; while (!Done && - StrBuf_ServGetln(Buf)) { + StrBuf_ServGetln(Buf) >= 0) { if ( (StrLength(Buf)==3) && !strcmp(ChrPtr(Buf), "000")) { Done = 1; @@ -125,7 +125,7 @@ void save_pushemail(void) } while (!Done && - StrBuf_ServGetln(Buf)) { + StrBuf_ServGetln(Buf) >= 0) { if ( (StrLength(Buf)==3) && !strcmp(ChrPtr(Buf), "000")) { Done = 1; diff --git a/webcit/roomlist.c b/webcit/roomlist.c index bb59c953d..c86a7f78d 100644 --- a/webcit/roomlist.c +++ b/webcit/roomlist.c @@ -21,7 +21,7 @@ HashList *GetWhoKnowsHash(StrBuf *Target, WCTemplputParams *TP) if (GetServerStatus(Line, &State) == 1) { Whok = NewHash(1, Flathash); - while(!Done && StrBuf_ServGetln(Line)) + while(!Done && (StrBuf_ServGetln(Line) >= 0) ) if ( (StrLength(Line)==3) && !strcmp(ChrPtr(Line), "000")) { @@ -108,7 +108,7 @@ HashList *GetFloorListHash(StrBuf *Target, WCTemplputParams *TP) StrBufTCP_read_line(Buf, &WC->serv_sock, 0, &Err); /* '100', we hope */ if (GetServerStatus(Buf, NULL) == 1) { - while(!Done && StrBuf_ServGetln(Buf)) + while(!Done && StrBuf_ServGetln(Buf) >= 0) if ( (StrLength(Buf)==3) && !strcmp(ChrPtr(Buf), "000")) { @@ -230,7 +230,7 @@ HashList *GetRoomListHash(StrBuf *Target, WCTemplputParams *TP) StrBuf_ServGetln(Buf); if (GetServerStatus(Buf, NULL) == 1) { - while(!Done && StrBuf_ServGetln(Buf)) + while(!Done && (StrBuf_ServGetln(Buf) >= 0)) if ( (StrLength(Buf)==3) && !strcmp(ChrPtr(Buf), "000")) { @@ -341,7 +341,7 @@ HashList *GetNetConfigHash(StrBuf *Target, WCTemplputParams *TP) const char *Pos = NULL; int Done = 0; - while(!Done && StrBuf_ServGetln(Line)) + while(!Done && (StrBuf_ServGetln(Line) >= 0)) if ( (StrLength(Line)==3) && !strcmp(ChrPtr(Line), "000")) { diff --git a/webcit/roomops.c b/webcit/roomops.c index 5c076b0c9..2052066dc 100644 --- a/webcit/roomops.c +++ b/webcit/roomops.c @@ -854,7 +854,8 @@ void do_invt_kick(void) if ((StrLength(User) > 0) && (Kick)) { serv_printf("KICK %s", ChrPtr(User)); - StrBuf_ServGetln(Buf); + if (StrBuf_ServGetln(Buf) < 0) + break; if (GetServerStatus(Buf, NULL) != 2) { StrBufCutLeft(Buf, 4); AppendImportantMessage(SKEY(Buf)); @@ -870,7 +871,8 @@ void do_invt_kick(void) else if ((StrLength(User) > 0) && (Invite)) { serv_printf("INVT %s", ChrPtr(User)); - StrBuf_ServGetln(Buf); + if (StrBuf_ServGetln(Buf) < 0) + break; if (GetServerStatus(Buf, NULL) != 2) { StrBufCutLeft(Buf, 4); AppendImportantMessage(SKEY(Buf)); diff --git a/webcit/serv_func.c b/webcit/serv_func.c index 6e9b3001c..0c8924551 100644 --- a/webcit/serv_func.c +++ b/webcit/serv_func.c @@ -50,6 +50,7 @@ ServInfo *get_serv_info(StrBuf *browser_host, StrBuf *user_agent) ServInfo *info; StrBuf *Buf; int a; + int rc; Buf = NewStrBuf(); @@ -96,7 +97,11 @@ ServInfo *get_serv_info(StrBuf *browser_host, StrBuf *user_agent) info = (ServInfo*)malloc(sizeof(ServInfo)); memset(info, 0, sizeof(ServInfo)); a = 0; - while (StrBuf_ServGetln(Buf), (strcmp(ChrPtr(Buf), "000")!= 0)) { + while (rc = StrBuf_ServGetln(Buf), + (rc >= 0) && + ((rc != 3) || + strcmp(ChrPtr(Buf), "000"))) + { switch (a) { case 0: info->serv_pid = StrToi(Buf); diff --git a/webcit/siteconfig.c b/webcit/siteconfig.c index f0e8b4937..f893b4833 100644 --- a/webcit/siteconfig.c +++ b/webcit/siteconfig.c @@ -231,9 +231,9 @@ void load_siteconfig(void) } i = 0; while (len = StrBuf_ServGetln(Buf), + (len >= 0) && (i <= (sizeof(ServerConfig) / sizeof(CfgMapping))) && - ((len != 3) || (strcmp(ChrPtr(Buf), "000")!= 0)) - ) + ((len != 3) || strcmp(ChrPtr(Buf), "000"))) { Put(Cfg, ServerConfig[i].Key, diff --git a/webcit/tcp_sockets.c b/webcit/tcp_sockets.c index b7ab06ba7..f03e00301 100644 --- a/webcit/tcp_sockets.c +++ b/webcit/tcp_sockets.c @@ -404,7 +404,10 @@ int serv_read_binary(StrBuf *Ret, size_t total_len, StrBuf *Buf) } serv_printf("READ %d|%d", bytes_read, total_len-bytes_read); - if ( (StrBuf_ServGetln(Buf) > 0) && (GetServerStatus(Buf, NULL) == 6) ) { + if ( (rc = StrBuf_ServGetln(Buf) > 0) && (GetServerStatus(Buf, NULL) == 6) ) + { + if (rc < 0) + return rc; StrBufCutLeft(Buf, 4); this_block = StrTol(Buf); rc = StrBuf_ServGetBLOBBuffered(Ret, this_block); diff --git a/webcit/useredit.c b/webcit/useredit.c index 51db279ea..c76188b4e 100644 --- a/webcit/useredit.c +++ b/webcit/useredit.c @@ -269,8 +269,10 @@ HashList *iterate_load_userlist(StrBuf *Target, WCTemplputParams *TP) while (!Done) { len = StrBuf_ServGetln(Buf); - if ((len == 3) && - (strcmp(ChrPtr(Buf), "000")==0)) { + if ((len <0) || + ((len == 3) && + strcmp(ChrPtr(Buf), "000"))) + { Done = 1; break; } diff --git a/webcit/webcit.c b/webcit/webcit.c index 20b4896d2..e1e270c2f 100644 --- a/webcit/webcit.c +++ b/webcit/webcit.c @@ -424,7 +424,8 @@ void ajax_servcmd(void) } case 1: while (!Done) { - StrBuf_ServGetln(Buf); + if (StrBuf_ServGetln(Buf) < 0) + break; if ( (StrLength(Buf)==3) && !strcmp(ChrPtr(Buf), "000")) { Done = 1; diff --git a/webcit/who.c b/webcit/who.c index c3df2556d..9fdd9a90b 100644 --- a/webcit/who.c +++ b/webcit/who.c @@ -48,7 +48,10 @@ int GetWholistSection(HashList *List, time_t now, StrBuf *Buf) serv_puts("RWHO"); StrBuf_ServGetln(Buf); if (GetServerStatus(Buf, NULL) == 1) { - while (BufLen = StrBuf_ServGetln(Buf), strcmp(ChrPtr(Buf), "000")) { + while (BufLen = StrBuf_ServGetln(Buf), + ((BufLen >= 0) && + ((BufLen != 3) || strcmp(ChrPtr(Buf), "000")))) + { if (BufLen <= 0) continue; Pos = NULL; diff --git a/webcit/wiki.c b/webcit/wiki.c index 452fc82ec..b183fdbd4 100644 --- a/webcit/wiki.c +++ b/webcit/wiki.c @@ -181,7 +181,7 @@ void tmplput_display_wiki_history(StrBuf *Target, WCTemplputParams *TP) wc_printf("%s", _("Date")); wc_printf("%s", _("Author")); - while(StrBuf_ServGetln(Buf), strcmp(ChrPtr(Buf), "000")) { + while((StrBuf_ServGetln(Buf) >= 0) && strcmp(ChrPtr(Buf), "000")) { rev_date = extract_long(ChrPtr(Buf), 1); webcit_fmt_date(rev_date_displayed, sizeof rev_date_displayed, rev_date, DATEFMT_FULL); @@ -299,7 +299,7 @@ void tmplput_display_wiki_pagelist(StrBuf *Target, WCTemplputParams *TP) wc_printf(""); wc_printf("", _("Page title")); - while(StrBuf_ServGetln(Buf), strcmp(ChrPtr(Buf), "000")) { + while((StrBuf_ServGetln(Buf) >= 0) && strcmp(ChrPtr(Buf), "000")) { StrBufExtract_token(pagetitle, Buf, 1, '|'); if (!bmstrcasestr((char *)ChrPtr(pagetitle), "_HISTORY_")) { /* no history pages */ -- 2.30.2
%s