From 41d37e938e75b5eaa032257fa1979f145d403b74 Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Tue, 13 Feb 2007 14:35:25 +0000 Subject: [PATCH] Replace hash escaping code to prevent crashes, memory and file corruption. --- ChangeLog | 2 ++ cgiedit.c | 42 ++++++++++++++++++++++++++++++------------ 2 files changed, 32 insertions(+), 12 deletions(-) diff --git a/ChangeLog b/ChangeLog index 4f6738c6..bde8d640 100644 --- a/ChangeLog +++ b/ChangeLog @@ -67,6 +67,8 @@ ChangeLog for Privoxy - The show-url-info CGI page shows the forwarding settings. - The background of the PNG pattern is transparent. - Fixed XML syntax errors caused by banners-by-size and banners-by-url. +- Fixed crashes and possible action file corruptions + when lines containing hashes are written through the CGI editor. - Minor code clean-ups, filter and action file updates. (Some of them reported by Davide Alberani, Markus Elfring and Adam Piggott) diff --git a/cgiedit.c b/cgiedit.c index 5058dd7c..e4f1d68f 100644 --- a/cgiedit.c +++ b/cgiedit.c @@ -1,4 +1,4 @@ -const char cgiedit_rcs[] = "$Id: cgiedit.c,v 1.46 2006/12/27 18:44:52 fabiankeil Exp $"; +const char cgiedit_rcs[] = "$Id: cgiedit.c,v 1.47 2006/12/28 18:04:25 fabiankeil Exp $"; /********************************************************************* * * File : $Source: /cvsroot/ijbswa/current/cgiedit.c,v $ @@ -15,7 +15,7 @@ const char cgiedit_rcs[] = "$Id: cgiedit.c,v 1.46 2006/12/27 18:44:52 fabiankeil * * Stick to the short names in this file for consistency. * - * Copyright : Written by and Copyright (C) 2001 the SourceForge + * Copyright : Written by and Copyright (C) 2001-2007 the SourceForge * Privoxy team. http://www.privoxy.org/ * * Based on the Internet Junkbuster originally written @@ -42,6 +42,9 @@ const char cgiedit_rcs[] = "$Id: cgiedit.c,v 1.46 2006/12/27 18:44:52 fabiankeil * * Revisions : * $Log: cgiedit.c,v $ + * Revision 1.47 2006/12/28 18:04:25 fabiankeil + * Fixed gcc43 conversion warnings. + * * Revision 1.46 2006/12/27 18:44:52 fabiankeil * Stop shadowing string.h's index(). * @@ -1013,29 +1016,44 @@ jb_err edit_write_file(struct editable_file * file) assert(numhash > 0); /* Allocate new memory for string */ - len = strlen(cur_line->unprocessed); - if (NULL == (str = malloc(len + 1 + (size_t)numhash))) + len = strlen(cur_line->unprocessed) + (size_t)numhash; + if (NULL == (str = malloc(len + 1))) { /* Uh oh, just trashed file! */ fclose(fp); return JB_ERR_MEMORY; } - /* Loop through string from end */ - src = cur_line->unprocessed + len; - dest = str + len + numhash; - for ( ; len >= 0; len--) + /* Copy string but quote hashes */ + src = cur_line->unprocessed; + dest = str; + while (*src) { - if ((*dest-- = *src--) == '#') + if (*src == '#') { - *dest-- = '\\'; + *dest++ = '\\'; numhash--; assert(numhash >= 0); } + *dest++ = *src++; } + *dest = '\0'; + assert(numhash == 0); - assert(src + 1 == cur_line->unprocessed); - assert(dest + 1 == str); + assert(strlen(str) == len); + assert(str == dest - len); + assert(src - len <= cur_line->unprocessed); + + if ((strlen(str) != len) || (numhash != 0)) + { + /* + * Escaping didn't work as expected, go spread the news. + * Only reached in non-debugging builds. + */ + log_error(LOG_LEVEL_ERROR, + "Looks like hash escaping failed. %s might be corrupted now.", + file->filename); + } if (fputs(str, fp) < 0) { -- 2.39.2