Menu
▾
▴
Re: [Gaim-devel] [PATCH] Fix $http_proxy handling
|
From: Luke S. <lsc...@gm...> - 2002-10-27 17:33:16
|
how dows your patch affect people who have manually set their proxy
information? yes, theoretically, such settings should be identical to
the environment variables, but we cannot assume that users will desire
that. if, not using stcmp, the settings are different, will this code
cause the settings to be over-written?
luke
On Tue, Oct 22, 2002 at 04:16:34AM +0000, Michael Shields wrote:
> There are a number of problems with the handling of the $http_proxy
> ($HTTP_PROXY, $HTTPPROXY, $http_proxy_user, &c.) environment variables
> in the current CVS tree.
>
> The code is broken; gaimrc_parse_proxy_uri() uses strcmp(), a string
> comparison function, when it should use strcpy(). Because of this the
> proxy variables are never actually initialized; they contain random
> memory junk. This makes gaim unusable.
>
> Fixed-size buffers are used to read unlimited-size environment
> variables, creating potential buffer overflows. This could make gaim
> crash or become erratic if these environment variables are too long.
>
> The attached patch fixes these problems, and at the same time makes
> gaimrc_read_proxy() easier to read and saves calls to g_getenv().
> Both parts of the patch need to be applied, since otherwise
> gaimrc_parse_proxy_uri()'s overwrites its own argument and fails.
>
> Please cc me on replies; I am not on gaim-devel. Thanks.
> --
> Shields.
> Index: src/gaimrc.c
> ===================================================================
> RCS file: /cvsroot/gaim/gaim/src/gaimrc.c,v
> retrieving revision 1.111
> diff -u -r1.111 gaimrc.c
> --- src/gaimrc.c 16 Oct 2002 19:45:23 -0000 1.111
> +++ src/gaimrc.c 22 Oct 2002 04:13:02 -0000
> @@ -944,11 +944,8 @@
> static gboolean gaimrc_parse_proxy_uri(const char *proxy)
> {
> char *c, *d;
> - char buffer[2048];
> + char *buffer;
>
> - char host[128];
> - char user[128];
> - char pass[128];
> int port = 0;
> int len = 0;
>
> @@ -968,6 +965,10 @@
> /* Get past "://" */
> c += 3;
>
> + buffer = g_strdup(proxy);
> + *proxyhost = *proxyuser = *proxypass = 0;
> + proxyport = 0;
> +
> for (;;)
> {
> *buffer = '\0';
> @@ -985,23 +986,28 @@
> * If not, host.
> */
> if (strchr(c, '@') != NULL)
> - strcmp(user, buffer);
> + g_snprintf(proxyuser, sizeof(proxyuser),
> + "%s", buffer);
> else
> - strcmp(host, buffer);
> + g_snprintf(proxyhost, sizeof(proxyhost),
> + "%s", buffer);
> }
> else if (*c == '@')
> {
> - if (user == NULL)
> - strcmp(user, buffer);
> + if (*proxyuser == 0)
> + g_snprintf(proxyuser, sizeof(proxyuser),
> + "%s", buffer);
> else
> - strcmp(pass, buffer);
> + g_snprintf(proxypass, sizeof(proxypass),
> + "%s", buffer);
> }
> else if (*c == '/' || *c == '\0')
> {
> - if (host == NULL)
> - strcmp(host, buffer);
> + if (*proxyhost == 0)
> + g_snprintf(proxyhost, sizeof(proxyhost),
> + "%s", buffer);
> else
> - port = atoi(buffer);
> + proxyport = atoi(buffer);
>
> /* Done. */
> break;
> @@ -1010,23 +1016,7 @@
> c++;
> }
>
> - /* NOTE: HTTP_PROXY takes precendence. */
> - if (host)
> - strcpy(proxyhost, host);
> - else
> - *proxyhost = '\0';
> -
> - if (user)
> - strcpy(proxyuser, user);
> - else
> - *proxyuser = '\0';
> -
> - if (pass)
> - strcpy(proxypass, pass);
> - else
> - *proxypass = '\0';
> -
> - proxyport = port;
> + g_free(buffer);
>
> return TRUE;
> }
> @@ -1061,45 +1051,40 @@
> g_snprintf(proxypass, sizeof(proxypass), "%s", p->value[0]);
> }
> }
> - if (!proxyhost[0]) {
> - gboolean getVars = TRUE;
> + if (!proxyhost[0])
> + {
> + const char *env;
>
> - if (g_getenv("HTTP_PROXY"))
> - g_snprintf(proxyhost, sizeof(proxyhost), "%s", g_getenv("HTTP_PROXY"));
> - else if (g_getenv("http_proxy"))
> - g_snprintf(proxyhost, sizeof(proxyhost), "%s", g_getenv("http_proxy"));
> - else if (g_getenv("HTTPPROXY"))
> - g_snprintf(proxyhost, sizeof(proxyhost), "%s", g_getenv("HTTPPROXY"));
> -
> - if (*proxyhost != '\0')
> - getVars = !gaimrc_parse_proxy_uri(proxyhost);
> -
> - if (getVars)
> + if ((env = g_getenv("HTTP_PROXY"))
> + || (env = g_getenv("http_proxy"))
> + || (env = g_getenv("HTTPPROXY")))
> {
> - if (g_getenv("HTTP_PROXY_PORT"))
> - proxyport = atoi(g_getenv("HTTP_PROXY_PORT"));
> - else if (g_getenv("http_proxy_port"))
> - proxyport = atoi(g_getenv("http_proxy_port"));
> - else if (g_getenv("HTTPPROXYPORT"))
> - proxyport = atoi(g_getenv("HTTPPROXYPORT"));
> -
> - if (g_getenv("HTTP_PROXY_USER"))
> - g_snprintf(proxyuser, sizeof(proxyuser), "%s", g_getenv("HTTP_PROXY_USER"));
> - else if (g_getenv("http_proxy_user"))
> - g_snprintf(proxyuser, sizeof(proxyuser), "%s", g_getenv("http_proxy_user"));
> - else if (g_getenv("HTTPPROXYUSER"))
> - g_snprintf(proxyuser, sizeof(proxyuser), "%s", g_getenv("HTTPPROXYUSER"));
> -
> - if (g_getenv("HTTP_PROXY_PASS"))
> - g_snprintf(proxypass, sizeof(proxypass), "%s", g_getenv("HTTP_PROXY_PASS"));
> - else if (g_getenv("http_proxy_pass"))
> - g_snprintf(proxypass, sizeof(proxypass), "%s", g_getenv("http_proxy_pass"));
> - else if (g_getenv("HTTPPROXYPASS"))
> - g_snprintf(proxypass, sizeof(proxypass), "%s", g_getenv("HTTPPROXYPASS"));
> + if (strchr(env, '/'))
> + {
> + gaimrc_parse_proxy_uri(env);
> + }
> + else
> + {
> + g_snprintf(proxyhost, sizeof(proxyhost), "%s", env);
>
> + if ((env = g_getenv("HTTP_PROXY_PORT"))
> + || (env = g_getenv("http_proxy_port"))
> + || (env = g_getenv("HTTPPROXYPORT")))
> + proxyport = atoi(env);
> +
> + if ((env = g_getenv("HTTP_PROXY_USER"))
> + || (env = g_getenv("http_proxy_user"))
> + || (env = g_getenv("HTTPPROXYUSER")))
> + g_snprintf(proxyuser, sizeof(proxyuser), "%s", env);
> +
> + if ((env = g_getenv("HTTP_PROXY_PASS"))
> + || (env = g_getenv("http_proxy_pass"))
> + || (env = g_getenv("HTTPPROXYPASS")))
> + g_snprintf(proxypass, sizeof(proxypass), "%s", env);
>
> - if (proxyhost[0])
> proxytype = PROXY_HTTP;
> +
> + }
> }
> }
> }
--
-This email is made of 100% recycled electrons.
|
