~lastrosade/jsthttpd

aa3f36c0bf2aef1ffb17f5188ccf5e8afc13d3dc — Anthony G. Basile 6 years ago bd2ea55
src/{lib,t}httpd.c: use memmove() over strcpy()

This patch is currently being included in OpenSUSE.  See

https://build.opensuse.org/package/view_file/server:http/thttpd/thttpd-2.25b-strcpy.patch?expand=1

Suggested by Marcos Mello <marcosfrm@gmail.com>.

X-sthttpd-Bug: 8
X-sthttpd-Bug-URL: http://opensource.dyc.edu/bugzilla3/show_bug.cgi?id=8

Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
2 files changed, 13 insertions(+), 11 deletions(-)

M src/libhttpd.c
M src/thttpd.c
M src/libhttpd.c => src/libhttpd.c +10 -8
@@ 288,7 288,8 @@ httpd_initialize(
	    }
	/* Nuke any leading slashes in the cgi pattern. */
	while ( ( cp = strstr( hs->cgi_pattern, "|/" ) ) != (char*) 0 )
	    (void) strcpy( cp + 1, cp + 2 );
	    /* -2 for the offset, +1 for the '\0' */
	    (void) memmove( cp + 1, cp + 2, strlen( cp ) - 1 );
	}
    hs->cgi_limit = cgi_limit;
    hs->cgi_count = 0;


@@ 1495,7 1496,8 @@ expand_symlinks( char* path, char** restP, int no_symlink_check, int tildemapped
	/* Remove any leading slashes. */
	while ( rest[0] == '/' )
	    {
	    (void) strcpy( rest, &(rest[1]) );
	    /*One more for '\0', one less for the eaten first*/
	    (void) memmove( rest, &(rest[1]), strlen(rest) );
	    --restlen;
	    }
    r = rest;


@@ 2341,8 2343,8 @@ httpd_parse_request( httpd_conn* hc )
		 hc->expnfilename, hc->hs->cwd, strlen( hc->hs->cwd ) ) == 0 )
	    {
	    /* Elide the current directory. */
	    (void) strcpy(
		hc->expnfilename, &hc->expnfilename[strlen( hc->hs->cwd )] );
	    (void) memmove(
		hc->expnfilename, &hc->expnfilename[strlen( hc->hs->cwd )], strlen(hc->expnfilename) - strlen( hc->hs->cwd ) + 1 );
	    }
#ifdef TILDE_MAP_2
	else if ( hc->altdir[0] != '\0' &&


@@ 2413,15 2415,15 @@ de_dotdot( char* file )

    /* Remove leading ./ and any /./ sequences. */
    while ( strncmp( file, "./", 2 ) == 0 )
	(void) strcpy( file, file + 2 );
	(void) memmove( file, file + 2, strlen( file ) - 1 );
    while ( ( cp = strstr( file, "/./") ) != (char*) 0 )
	(void) strcpy( cp, cp + 2 );
	(void) memmove( cp, cp + 2, strlen( file ) - 1 );

    /* Alternate between removing leading ../ and removing xxx/../ */
    for (;;)
	{
	while ( strncmp( file, "../", 3 ) == 0 )
	    (void) strcpy( file, file + 3 );
	    (void) memmove( file, file + 3, strlen( file ) - 2 );
	cp = strstr( file, "/../" );
	if ( cp == (char*) 0 )
	    break;


@@ 4078,7 4080,7 @@ httpd_ntoa( httpd_sockaddr* saP )
	}
    else if ( IN6_IS_ADDR_V4MAPPED( &saP->sa_in6.sin6_addr ) && strncmp( str, "::ffff:", 7 ) == 0 )
	/* Elide IPv6ish prefix for IPv4 addresses. */
	(void) strcpy( str, &str[7] );
	(void) memmove( str, &str[7], strlen( str ) - 6 );

    return str;


M src/thttpd.c => src/thttpd.c +3 -3
@@ 572,7 572,7 @@ main( int argc, char** argv )
	    {
	    if ( strncmp( logfile, cwd, strlen( cwd ) ) == 0 )
		{
		(void) strcpy( logfile, &logfile[strlen( cwd ) - 1] );
		(void) memmove( logfile, &logfile[strlen( cwd ) - 1], strlen(logfile) - (strlen( cwd ) - 1) + 1 );
		/* (We already guaranteed that cwd ends with a slash, so leaving
		** that slash in logfile makes it an absolute pathname within
		** the chroot tree.)


@@ 1421,9 1421,9 @@ read_throttlefile( char* throttlefile )

	/* Nuke any leading slashes in pattern. */
	if ( pattern[0] == '/' )
	    (void) strcpy( pattern, &pattern[1] );
	    (void) memmove( pattern, &pattern[1], strlen(pattern) );
	while ( ( cp = strstr( pattern, "|/" ) ) != (char*) 0 )
	    (void) strcpy( cp + 1, cp + 2 );
	    (void) memmove( cp + 1, cp + 2, strlen(cp) - 1 );

	/* Check for room in throttles. */
	if ( numthrottles >= maxthrottles )