[AOLSERVER-COMMITS] aolserver/nsproxy nsproxylib.c,1.7,1.8

[<gne...@us...>]

Update of /cvsroot/aolserver/aolserver/nsproxy
In directory 23jxhf1.ch3.sourceforge.com:/tmp/cvs-serv20368

Modified Files:
	nsproxylib.c 
Log Message:
- truncate name of proxy_id to avoid buffer overflows
- increase allowed length of proxy name from 16 to 64 
   (and provide constant MAX_PROXY_ID_LEN to ease maintenance)



Index: nsproxylib.c
===================================================================
RCS file: /cvsroot/aolserver/aolserver/nsproxy/nsproxylib.c,v
retrieving revision 1.7
retrieving revision 1.8
diff -C2 -d -r1.7 -r1.8
*** nsproxylib.c	20 Jun 2008 08:06:33 -0000	1.7
--- nsproxylib.c	8 Mar 2009 11:31:12 -0000	1.8
***************
*** 77,80 ****
--- 77,81 ----
   * from a pool.
   */
+ #define MAX_PROXY_ID_LEN 64
  
  typedef struct Proxy {
***************
*** 86,90 ****
  	Done			/* Result is pending. */
      } state;
!     char id[16];		/* Proxy unique string id. */
      Proc *procPtr;		/* Running child process, if any. */
      Tcl_HashEntry *idPtr;	/* Pointer to proxy table entry. */
--- 87,91 ----
  	Done			/* Result is pending. */
      } state;
!     char id[MAX_PROXY_ID_LEN];	/* Proxy unique string id. */
      Proc *procPtr;		/* Running child process, if any. */
      Tcl_HashEntry *idPtr;	/* Pointer to proxy table entry. */
***************
*** 194,198 ****
  static Ns_Cond pcond;
  static Ns_Mutex plock;
! static Proc *firstClosePtr;
  static Ns_DString defexec;
  
--- 195,199 ----
  static Ns_Cond pcond;
  static Ns_Mutex plock;
! static Proc *firstClosePtr = NULL;
  static Ns_DString defexec;
  
***************
*** 836,842 ****
  		    poolPtr->firstPtr = proxyPtr->nextPtr;
  		} else {
  		    proxyPtr = ns_calloc(1, sizeof(Proxy));
  		    proxyPtr->poolPtr = poolPtr;
!                     sprintf(proxyPtr->id, "%s-proxy-%d", poolPtr->name, poolPtr->nextid++);
  		    Tcl_DStringInit(&proxyPtr->in);
  		}
--- 837,856 ----
  		    poolPtr->firstPtr = proxyPtr->nextPtr;
  		} else {
+                     char int_buf[20]; /* same value as in other places */
+ 
  		    proxyPtr = ns_calloc(1, sizeof(Proxy));
  		    proxyPtr->poolPtr = poolPtr;
!                     
!                     /* The user provided name is used together with a
!                        constant string and a running number to the
!                        proxy id.  We have to truncate the name if it
!                        is too long to prevent buffer overflows; the
!                        constant part "-proxy-" is 7 characters long */
!                     sprintf(int_buf, "%d", poolPtr->nextid++);
!                     strncat(proxyPtr->id, poolPtr->name,  
!                             MAX_PROXY_ID_LEN - (strlen(int_buf) + 7 + 1));
!                     strcat(proxyPtr->id, "-proxy-");
!                     strcat(proxyPtr->id, int_buf);
!                     
  		    Tcl_DStringInit(&proxyPtr->in);
  		}