]> granicus.if.org Git - apache/blobdiff - support/htdbm.c
projects / apache / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fix integer overflow in ap_pregsub. This can be triggered e.g.
[apache] / support / htdbm.c
diff --git a/support/htdbm.c b/support/htdbm.c
index 74bff820033855f12132b8787a1dfa1401884ae5..f9a02bd49cd323bf9dda642cd1b5410ae5c52ebf 100644 (file)
--- a/support/htdbm.c
+++ b/support/htdbm.c
@@ -241,8 +241,7 @@ static apr_status_t htdbm_list(htdbm_t *htdbm)
 {
     apr_status_t rv;
     apr_datum_t key, val;
-    char *rec, *cmnt;
-    char *kb;
+    char *cmnt;
     int i = 0;
 
     rv = apr_dbm_firstkey(htdbm->dbm, &key);
@@ -251,19 +250,18 @@ static apr_status_t htdbm_list(htdbm_t *htdbm)
         return APR_ENOENT;
     }
     fprintf(stderr, "Dumping records from database -- %s\n", htdbm->filename);
-    fprintf(stderr, "    %-32sComment\n", "Username");
+    fprintf(stderr, "    %-32s Comment\n", "Username");
     while (key.dptr != NULL) {
         rv = apr_dbm_fetch(htdbm->dbm, key, &val);
         if (rv != APR_SUCCESS) {
             fprintf(stderr, "Failed getting data from %s\n", htdbm->filename);
             return APR_EGENERAL;
         }
-        kb = apr_pstrndup(htdbm->pool, key.dptr, key.dsize);
-        fprintf(stderr, "    %-32s", kb);
-        rec = apr_pstrndup(htdbm->pool, val.dptr, val.dsize);
-        cmnt = strchr(rec, ':');
+        /* Note: we don't store \0-terminators on our dbm data */
+        fprintf(stderr, "    %-32.*s", (int)key.dsize, key.dptr);
+        cmnt = memchr(val.dptr, ':', val.dsize);
         if (cmnt)
-            fprintf(stderr, "%s", cmnt + 1);
+            fprintf(stderr, " %.*s", (int)(val.dptr+val.dsize - (cmnt+1)), cmnt + 1);
         fprintf(stderr, "\n");
         rv = apr_dbm_nextkey(htdbm->dbm, &key);
         if (rv != APR_SUCCESS)
@@ -534,7 +532,7 @@ int main(int argc, const char * const argv[])
     switch (cmd) {
         case HTDBM_VERIFY:
             if ((rv = htdbm_verify(h)) != APR_SUCCESS) {
-                if(rv == APR_ENOENT) {
+                if (APR_STATUS_IS_ENOENT(rv)) {
                     fprintf(stderr, "The user '%s' could not be found in database\n", h->username);
                     exit(ERR_BADUSER);
                 }
Unnamed repository; edit this file 'description' to name the repository.