[Refdb-cvs] CVS: refdb/src refdbc.c,1.72.2.9,1.72.2.10 refdbdref.c,1.65.2.15,1.65.2.16
Status: Beta
Brought to you by:
mhoenicka
Menu
▾
▴
[Refdb-cvs] CVS: refdb/src refdbc.c,1.72.2.9,1.72.2.10 refdbdref.c,1.65.2.15,1.65.2.16
|
From: Markus H. <mho...@us...> - 2005-08-14 00:22:58
|
Update of /cvsroot/refdb/refdb/src In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv30536 Modified Files: Tag: Release_0_9_5_stable refdbc.c refdbdref.c Log Message: getref now uses query strings of unlimited size Index: refdbc.c =================================================================== RCS file: /cvsroot/refdb/refdb/src/refdbc.c,v retrieving revision 1.72.2.9 retrieving revision 1.72.2.10 diff -u -U2 -r1.72.2.9 -r1.72.2.10 --- refdbc.c 29 Jul 2005 21:15:35 -0000 1.72.2.9 +++ refdbc.c 14 Aug 2005 00:22:44 -0000 1.72.2.10 @@ -937,171 +937,143 @@ strcpy(cmd_buffer, "deleteref "); - if (n_cgi) { - /* append IDs of all delete candidates to outbuffer */ - ptr_current = (struct liliform*)arg; - - while ((ptr_current = get_nliliform(ptr_current, "pickid", 6)) != NULL) { - if ((new_outbuffer = mstrcat(slvals.outbuffer, &((ptr_current->name)[6]), &outbuf_len, 0)) == NULL) { - delete_all_lilimem(&sentinel); - return 1; - } - else { - slvals.outbuffer = new_outbuffer; - } - if ((new_outbuffer = mstrcat(slvals.outbuffer, " ", &outbuf_len, 0)) == NULL) { - delete_all_lilimem(&sentinel); - return 1; - } - else { - slvals.outbuffer = new_outbuffer; - } -/* ptr_current = ptr_current->ptr_next; */ - } + /* parse the argument. first we cut the argument + into pieces with strtok, then we use getopt to interpret */ + + /* get a buffer to hold the tokens. Start with 10 tokens, + increase in steps of 10 as needed */ + inargc = 0; + inargcmax = 10; + inargv = malloc((size_t)inargcmax*sizeof(char*)); + if (inargv == NULL) { + delete_all_lilimem(&sentinel); + return 1; + } + + if (insert_lilimem(&sentinel, (void**)&inargv, NULL)) { + delete_all_lilimem(&sentinel); + return 1; } - else { -/* if (n_batchmode) { */ /* in batchmode, the command line is already tokenized */ -/* inargc = main_argc; */ -/* inargv = main_argv; */ -/* } */ -/* else { */ - /* parse the argument. first we cut the argument - into pieces with strtok, then we use getopt to interpret */ - - /* get a buffer to hold the tokens. Start with 10 tokens, - increase in steps of 10 as needed */ - inargc = 0; - inargcmax = 10; - inargv = malloc((size_t)inargcmax*sizeof(char*)); - if (inargv == NULL) { - delete_all_lilimem(&sentinel); - return 1; - } - if (insert_lilimem(&sentinel, (void**)&inargv, NULL)) { - delete_all_lilimem(&sentinel); - return 1; - } + /* the following is a temporary hack to allow cmdln_tokenize to work */ + newarg = malloc((size_t)(strlen(arg)+11)); + if (newarg == NULL) { + delete_all_lilimem(&sentinel); + return 1; + } - /* the following is a temporary hack to allow cmdln_tokenize to work */ - newarg = malloc((size_t)(strlen(arg)+11)); - if (newarg == NULL) { - delete_all_lilimem(&sentinel); - return 1; - } + if (insert_lilimem(&sentinel, (void**)&newarg, NULL)) { + delete_all_lilimem(&sentinel); + return 1; + } + strcpy(newarg, "deleteref "); + strcat(newarg, arg); + + result = cmdln_tokenize(&inargc, &inargv, inargcmax, newarg); - if (insert_lilimem(&sentinel, (void**)&newarg, NULL)) { - delete_all_lilimem(&sentinel); - return 1; - } - strcpy(newarg, "deleteref "); - strcat(newarg, arg); - result = cmdln_tokenize(&inargc, &inargv, inargcmax, newarg); + if (result == 1 || result == 2) { /* memory error */ + delete_all_lilimem(&sentinel); + return 1; + } +/* } */ + /* get options */ + optind = 0; - if (result == 1 || result == 2) { /* memory error */ + while ((n_opt = getopt(inargc, inargv, "ac:C:d:e:E:f:F:g:G:hi:kl:L:o:O:p:PqrR:s:S:t:T:u:U:vVw:")) != -1) { + switch(n_opt) { + case 'c': + /* printf("-c %s\n", optarg); */ + slvals.outpipe = malloc(strlen(optarg)+1); + if (slvals.outpipe == NULL) { + delete_all_lilimem(&sentinel); + return 0; + } + strcpy(slvals.outpipe, optarg); + if (insert_lilimem(&sentinel, (void**)&(slvals.outpipe), NULL)) { delete_all_lilimem(&sentinel); return 1; } -/* } */ - - /* get options */ - optind = 0; - - while ((n_opt = getopt(inargc, inargv, "ac:C:d:e:E:f:F:g:G:hi:kl:L:o:O:p:PqrR:s:S:t:T:u:U:vVw:")) != -1) { - switch(n_opt) { - case 'c': - /* printf("-c %s\n", optarg); */ - slvals.outpipe = malloc(strlen(optarg)+1); - if (slvals.outpipe == NULL) { - delete_all_lilimem(&sentinel); - return 0; - } - strcpy(slvals.outpipe, optarg); - if (insert_lilimem(&sentinel, (void**)&(slvals.outpipe), NULL)) { + slvals.n_pipe = 1; + break; + case 'd': + /* printf("-d %s\n", optarg); */ + strcpy(db, optarg); /* override preset db */ + break; + case 'f': + /* printf("-f %s\n", optarg); */ + if (!strcmp(optarg, "stdin")) { + n_read_stdin = 1; + } + else { + infile = canonicalize_path(optarg); + if (insert_lilimem(&sentinel, (void**)&infile, NULL)) { delete_all_lilimem(&sentinel); return 1; } - slvals.n_pipe = 1; - break; - case 'd': - /* printf("-d %s\n", optarg); */ - strcpy(db, optarg); /* override preset db */ - break; - case 'f': - /* printf("-f %s\n", optarg); */ - if (!strcmp(optarg, "stdin")) { - n_read_stdin = 1; - } - else { - infile = canonicalize_path(optarg); - if (insert_lilimem(&sentinel, (void**)&infile, NULL)) { - delete_all_lilimem(&sentinel); - return 1; - } - n_read_file = 1; - } - break; - case 'h': - printf("Deletes the specified references from the database\nSyntax: deleteref [-c command] [-d database] [-h] [-o outfile] [-O outfile] {ID|-f infile}\nOptions: -c command pipe the output through command\n -d database specify the database to work with\n -f infile Read the reference IDs from file infile\n -h prints this mini-help\n -o outfile save the output in outfile (overwrite)\n -O outfile append the output to outfile\n All other arguments are interpreted as IDs to delete.\n"); + n_read_file = 1; + } + break; + case 'h': + printf("Deletes the specified references from the database\nSyntax: deleteref [-c command] [-d database] [-h] [-o outfile] [-O outfile] {ID|-f infile}\nOptions: -c command pipe the output through command\n -d database specify the database to work with\n -f infile Read the reference IDs from file infile\n -h prints this mini-help\n -o outfile save the output in outfile (overwrite)\n -O outfile append the output to outfile\n All other arguments are interpreted as IDs to delete.\n"); + delete_all_lilimem(&sentinel); + return 0; + break; + case 'o': + /* printf("-o %s\n", optarg); */ + slvals.outfile = canonicalize_path(optarg); + if (insert_lilimem(&sentinel, (void**)&(slvals.outfile), NULL)) { delete_all_lilimem(&sentinel); - return 0; - break; - case 'o': - /* printf("-o %s\n", optarg); */ - slvals.outfile = canonicalize_path(optarg); - if (insert_lilimem(&sentinel, (void**)&(slvals.outfile), NULL)) { - delete_all_lilimem(&sentinel); - return 1; - } - slvals.n_file_open = 1; - break; - case 'O': - /* printf("-O %s\n", optarg); */ - slvals.outfile = canonicalize_path(optarg); - if (insert_lilimem(&sentinel, (void**)&(slvals.outfile), NULL)) { - delete_all_lilimem(&sentinel); - return 1; - } - slvals.n_file_append = 1; - break; - /* now all the options that main has already taken care of */ - case 'a': - case 'C': /* fall through - nothing to do */ - case 'e': - case 'E': - case 'F': - case 'g': - case 'G': - case 'i': - case 'k': - case 'l': - case 'L': - case 'p': - case 'P': - case 'q': - case 'r': - case 'R': - case 's': - case 'S': - case 't': - case 'T': - case 'u': - case 'U': - case 'v': - case 'V': - case 'w': - break; - case ':': - fprintf(stderr, "missing option\n"); - n_cmdlinerror = 1; - break; - case '?': - fprintf(stderr, "unknown option\n"); - n_cmdlinerror = 1; - break; + return 1; + } + slvals.n_file_open = 1; + break; + case 'O': + /* printf("-O %s\n", optarg); */ + slvals.outfile = canonicalize_path(optarg); + if (insert_lilimem(&sentinel, (void**)&(slvals.outfile), NULL)) { + delete_all_lilimem(&sentinel); + return 1; } + slvals.n_file_append = 1; + break; + /* now all the options that main has already taken care of */ + case 'a': + case 'C': /* fall through - nothing to do */ + case 'e': + case 'E': + case 'F': + case 'g': + case 'G': + case 'i': + case 'k': + case 'l': + case 'L': + case 'p': + case 'P': + case 'q': + case 'r': + case 'R': + case 's': + case 'S': + case 't': + case 'T': + case 'u': + case 'U': + case 'v': + case 'V': + case 'w': + break; + case ':': + fprintf(stderr, "missing option\n"); + n_cmdlinerror = 1; + break; + case '?': + fprintf(stderr, "unknown option\n"); + n_cmdlinerror = 1; + break; } } +/* } */ /* get arguments */ @@ -1727,5 +1699,5 @@ int com_getref (char* arg) { - char outbuffer[COMMAND_INBUF_LEN]; /* holds the command for the server */ + char cmd_buffer[OUTBUF_LEN] = ""; char* infile; char inbuffer[COMMAND_INBUF_LEN] = ""; @@ -1739,4 +1711,5 @@ char *newarg; char *read_result; + char *new_outbuffer; char scrambled_passwd[PASSWD_LENGTH*3+1] = ""; int inargc = 0; /* number of tokens of the argument */ @@ -1756,4 +1729,5 @@ int n_last_trailing_z = 0; size_t byte_written = 0; + size_t outbuf_len; FILE *infilefp; FILE* errstream; @@ -1765,7 +1739,14 @@ errstream = (n_cgi) ? stdout : stderr; - slvals.outbuffer = outbuffer; + /* get us some buffer for output */ + outbuf_len = 256; /* something to start with */ + slvals.outbuffer = malloc(outbuf_len); + if (slvals.outbuffer == NULL + || insert_lilimem(&sentinel, (void**)&(slvals.outbuffer), NULL)) { + return 1; + } + slvals.outbuffer[0] = '\0'; - strcpy(slvals.outbuffer, "getref "); + strcpy(cmd_buffer, "getref "); slvals.n_file_open = 0; slvals.n_file_append = 0; @@ -1785,12 +1766,4 @@ strcpy(my_toencoding, toencoding); /* use default encoding if set */ - /* if (n_batchmode) { */ /* in batchmode, the command line is already tokenized */ - /* inargc = main_argc; */ - /* inargv = main_argv; */ - /* } */ - /* else { */ - /* parse the argument. first we cut the argument - into pieces with strtok, then we use getopt to interpret */ - /* get a buffer to hold the tokens. Start with 10 tokens, increase in steps of 10 as needed */ @@ -1956,8 +1929,8 @@ /* get arguments */ - /* for (i = optind; i < inargc; i++) { */ - /* printf("argument %s\n", inargv[i]); */ - /* } */ - +/* for (i = optind; i < inargc; i++) { */ +/* printf("argument %s\n", inargv[i]); */ +/* } */ + if (!*db) { cgi_header(CGI_PLAIN); @@ -1985,5 +1958,9 @@ } + /* todo: read securely from a file without buffer overflows + resize string as needed */ if (n_read_file || n_read_stdin) { + char filebuffer[COMMAND_INBUF_LEN]; + if (!n_read_stdin) { infilefp = fopen(infile, "rb"); @@ -1999,9 +1976,19 @@ } - read_result = fgets(slvals.outbuffer+strlen(slvals.outbuffer), COMMAND_INBUF_LEN-strlen(slvals.outbuffer), infilefp); - if (!n_read_stdin) { /* don't close stdin */ - fclose(infilefp); + while ((read_result = fgets(filebuffer, COMMAND_INBUF_LEN, infilefp)) != NULL) { + if ((new_outbuffer = mstrcat(slvals.outbuffer, filebuffer, &outbuf_len, 0)) == NULL) { + delete_all_lilimem(&sentinel); + close(slvals.n_sockfd); + if (!n_read_stdin) { /* don't close stdin */ + fclose(infilefp); + } + return 1; + } + else { + slvals.outbuffer = new_outbuffer; + } } - if (read_result == NULL) { + + if (ferror(infilefp)) { send_status(slvals.n_sockfd, 112, TERM_NO); delete_all_lilimem(&sentinel); @@ -2009,14 +1996,33 @@ return 1; } + if (!n_read_stdin) { /* don't close stdin */ + fclose(infilefp); + } } else { if (optind < inargc) { int open_quote = 0; - strcat(slvals.outbuffer, "\""); + /* printf("%d\n", optind); */ for (i = optind; i < inargc; i++) { - strcat(slvals.outbuffer, inargv[i]); + if ((new_outbuffer = mstrcat(slvals.outbuffer, inargv[i], &outbuf_len, 0)) == NULL) { + delete_all_lilimem(&sentinel); + close(slvals.n_sockfd); + return 1; + } + else { + slvals.outbuffer = new_outbuffer; + } + if (open_quote) { - strcat(slvals.outbuffer, "\'"); + if ((new_outbuffer = mstrcat(slvals.outbuffer, "\'", &outbuf_len, 0)) == NULL) { + delete_all_lilimem(&sentinel); + close(slvals.n_sockfd); + return 1; + } + else { + slvals.outbuffer = new_outbuffer; + } + open_quote--; } @@ -2027,14 +2033,30 @@ if (slvals.outbuffer[strlen(slvals.outbuffer)-1] != '=' && slvals.outbuffer[strlen(slvals.outbuffer)-1] != '~') { - strcat(slvals.outbuffer, " "); + if ((new_outbuffer = mstrcat(slvals.outbuffer, " ", &outbuf_len, 0)) == NULL) { + delete_all_lilimem(&sentinel); + close(slvals.n_sockfd); + return 1; + } + else { + slvals.outbuffer = new_outbuffer; + } } else { /* insert a quote after the '='. This will put back the quote only for items that actually were quoted */ - strcat(slvals.outbuffer, "\'"); + if ((new_outbuffer = mstrcat(slvals.outbuffer, "\'", &outbuf_len, 0)) == NULL) { + delete_all_lilimem(&sentinel); + close(slvals.n_sockfd); + return 1; + } + else { + slvals.outbuffer = new_outbuffer; + } + open_quote++; } } - strcpy(&slvals.outbuffer[strlen(slvals.outbuffer)-1], "\""); /* remove trailing space */ + + slvals.outbuffer[strlen(slvals.outbuffer)-1] = '\0'; /* remove trailing space */ } } @@ -2048,56 +2070,58 @@ /* assemble command string for refdbd */ - strcat(slvals.outbuffer, " -u "); - strcat(slvals.outbuffer, username); + strcat(cmd_buffer, " -u "); + strcat(cmd_buffer, username); if (*passwd) { - strcat(slvals.outbuffer, " -w "); - strcat(slvals.outbuffer, scrambled_passwd); + strcat(cmd_buffer, " -w "); + strcat(cmd_buffer, scrambled_passwd); } - strcat(slvals.outbuffer, " -d "); - strcat(slvals.outbuffer, db); + strcat(cmd_buffer, " -d "); + strcat(cmd_buffer, db); if (*format_string || *default_fields) { - strcat(slvals.outbuffer, " -s \""); + strcat(cmd_buffer, " -s \""); if (*format_string) { - strcat(slvals.outbuffer, format_string); + strcat(cmd_buffer, format_string); } else { - strcat(slvals.outbuffer, default_fields); + strcat(cmd_buffer, default_fields); } - strcat(slvals.outbuffer, "\""); + strcat(cmd_buffer, "\""); } if (*type_string) { - strcat(slvals.outbuffer, " -t \""); - strcat(slvals.outbuffer, type_string); - strcat(slvals.outbuffer, "\""); + strcat(cmd_buffer, " -t \""); + strcat(cmd_buffer, type_string); + strcat(cmd_buffer, "\""); } if (*sort_string) { - strcat(slvals.outbuffer, " -S \""); - strcat(slvals.outbuffer, sort_string); - strcat(slvals.outbuffer, "\""); + strcat(cmd_buffer, " -S \""); + strcat(cmd_buffer, sort_string); + strcat(cmd_buffer, "\""); } if (*pdf_root) { - strcat(slvals.outbuffer, " -R "); - strcat(slvals.outbuffer, pdf_root); + strcat(cmd_buffer, " -R "); + strcat(cmd_buffer, pdf_root); } if (*my_toencoding) { - strcat(slvals.outbuffer, " -E "); - strcat(slvals.outbuffer, my_toencoding); + strcat(cmd_buffer, " -E "); + strcat(cmd_buffer, my_toencoding); } if (n_limit_to_user) { - strcat(slvals.outbuffer, " -P"); + strcat(cmd_buffer, " -P"); } if (*css_url) { - strcat(slvals.outbuffer, " -G "); - strcat(slvals.outbuffer, css_url); + strcat(cmd_buffer, " -G "); + strcat(cmd_buffer, css_url); } - LOG_PRINT(LOG_DEBUG, slvals.outbuffer); + sprintf(cmd_buffer+strlen(cmd_buffer), " %d", strlen(slvals.outbuffer)+TERM_LEN); + + LOG_PRINT(LOG_DEBUG, cmd_buffer); errstream = (n_cgi) ? stdout : stderr; @@ -2105,8 +2129,29 @@ send_status(slvals.n_sockfd, 0, TERM_NO); + numbyte = tiwrite(slvals.n_sockfd, cmd_buffer, TERM_YES); + if (numbyte == -1) { + cgi_header(CGI_PLAIN); + fprintf(errstream, "could not write to refdbd. Stop\n"); + return 1; + } + + numbyte = 0; + + if ((cs_status = read_status(slvals.n_sockfd)) != 0) { + fprintf(errstream, get_status_msg(cs_status)); + fprintf(errstream, "\n"); + close(slvals.n_sockfd); + delete_all_lilimem(&sentinel); + return 1; + } + + send_status(slvals.n_sockfd, 0, TERM_NO); numbyte = tiwrite(slvals.n_sockfd, slvals.outbuffer, TERM_YES); + LOG_PRINT(LOG_DEBUG, cmd_buffer); if (numbyte == -1) { cgi_header(CGI_PLAIN); fprintf(errstream, "could not write to refdbd. Stop\n"); + close(slvals.n_sockfd); + delete_all_lilimem(&sentinel); return 1; } Index: refdbdref.c =================================================================== RCS file: /cvsroot/refdb/refdb/src/refdbdref.c,v retrieving revision 1.65.2.15 retrieving revision 1.65.2.16 diff -u -U2 -r1.65.2.15 -r1.65.2.16 --- refdbdref.c 12 Aug 2005 21:10:15 -0000 1.65.2.15 +++ refdbdref.c 14 Aug 2005 00:22:44 -0000 1.65.2.16 @@ -148,5 +148,4 @@ unsigned long long maxnid; unsigned short fieldtype; - short int db_version; int numbyte; int error; @@ -245,5 +244,5 @@ strcpy(modify_date, "nd"); } - + /* The returned integers are quads (8byte) */ sprintf(return_msg, "Current database: %s\nNumber of references: "ULLSPEC"\nHighest reference ID: "ULLSPEC"\nNumber of notes: "ULLSPEC"\nHighest note ID: "ULLSPEC"\nEncoding: %s\nDatabase type: %s\nDatabase version: %d\nDatabase server: %s\nCreated: %s UTC\nUsing %s version: %s\nLast modified: %s UTC\n", ptr_clrequest->current_db, (unsigned long long)numrefs, (unsigned long long)maxid, (unsigned long long)numnotes, (unsigned long long)maxnid, db_encoding, dbi_result_get_string(dbires, "meta_type"),dbi_result_get_short(dbires, "meta_dbversion"), dbi_driver_get_name(driver), create_date, dbi_result_get_string(dbires, "meta_app"), dbi_result_get_string(dbires, "meta_version"), modify_date); @@ -2025,4 +2024,5 @@ int n_isalpha; int n_havesome; + int numbyte; /* number of bytes written */ int author_type; /* signals type of author query, if any */ int render_res; @@ -2036,4 +2036,5 @@ size_t stringbuf_len; size_t result_len; + size_t n_bufsize; char *sql_command; /* these are ptrs to the buffers and temporary ptrs */ char *new_sql_command; @@ -2048,4 +2049,5 @@ char *quoted_token; char *eostring; + char *query_string; const char* db_encoding; char operator[5]; @@ -2130,5 +2132,34 @@ buffer[0] = '\0'; /* start with an empty string */ - eostring = ptr_clrequest->argument + strlen(ptr_clrequest->argument); + /* get length of the input string */ + n_bufsize = atoi(ptr_clrequest->argument); + + /* try to allocate the amount the client requested */ + query_string = malloc(n_bufsize); + if (query_string == NULL || insert_lilimem(&sentinel, (void**)&query_string, NULL)) { + send_status(ptr_clrequest->fd, 801, TERM_NO); + LOG_PRINT(LOG_CRIT, get_status_msg(801)); + return 1; + } + + /* send acknowledgement to client */ + send_status(ptr_clrequest->fd, 0, TERM_NO); + + if ((cs_status = read_status(ptr_clrequest->fd)) != 0) { + LOG_PRINT(LOG_INFO, get_status_msg(112)); + delete_all_lilimem(&sentinel); + return 1; + } + + /* read id list from client */ + numbyte = tread(ptr_clrequest->fd, query_string, n_bufsize); + if (numbyte == -1) { + LOG_PRINT(LOG_INFO, get_status_msg(109)); + delete_all_lilimem(&sentinel); + return 1; + } + +/* printf("query: %s<<\n", query_string); */ + eostring = query_string + strlen(query_string); /* connect to the database */ @@ -2176,5 +2207,5 @@ - token = ptr_clrequest->argument; + token = query_string; newtoken = token; |
