From: Sascha Schumann Date: Tue, 13 Mar 2001 16:53:34 +0000 (+0000) Subject: Nuke calls to sprintf, snprintf, strcat, strcpy and rely on X-Git-Tag: php-4.0.6RC1~713 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=86cf74a1692e957395c5ec3d952dcb31d2ab7cc9;p=php Nuke calls to sprintf, snprintf, strcat, strcpy and rely on memcpy and smart_strs. --- diff --git a/ext/session/mod_files.c b/ext/session/mod_files.c index 86003b8307..2348f144fe 100644 --- a/ext/session/mod_files.c +++ b/ext/session/mod_files.c @@ -47,6 +47,7 @@ typedef struct { int fd; char *lastkey; char *basedir; + size_t basedir_len; int dirdepth; } ps_files; @@ -81,24 +82,28 @@ static int ps_files_valid_key(const char *key) static char *ps_files_path_create(char *buf, size_t buflen, ps_files *data, const char *key) { - int keylen; + size_t key_len; const char *p; int i; int n; - keylen = strlen(key); - if (keylen <= data->dirdepth || buflen < - (strlen(data->basedir) + 2 * data->dirdepth + keylen + 5 + sizeof(FILE_PREFIX))) + key_len = strlen(key); + if (key_len <= data->dirdepth || buflen < + (strlen(data->basedir) + 2 * data->dirdepth + key_len + 5 + sizeof(FILE_PREFIX))) return NULL; p = key; - n = sprintf(buf, "%s%c", data->basedir, PHP_DIR_SEPARATOR); + memcpy(buf, data->basedir, data->basedir_len); + n = data->basedir_len; + buf[n++] = PHP_DIR_SEPARATOR; for (i = 0; i < data->dirdepth; i++) { buf[n++] = *p++; buf[n++] = PHP_DIR_SEPARATOR; } + memcpy(buf + n, FILE_PREFIX, sizeof(FILE_PREFIX) - 1); + n += sizeof(FILE_PREFIX) - 1; + memcpy(buf + n, key, key_len); + n += key_len; buf[n] = '\0'; - strcat(buf, FILE_PREFIX); - strcat(buf, key); return buf; } @@ -162,6 +167,7 @@ static int ps_files_cleanup_dir(const char *dirname, int maxlifetime) char buf[MAXPATHLEN]; time_t now; int nrdels = 0; + size_t dirname_len; dir = opendir(dirname); if (!dir) { @@ -171,18 +177,31 @@ static int ps_files_cleanup_dir(const char *dirname, int maxlifetime) time(&now); + dirname_len = strlen(dirname); + + /* Prepare buffer (dirname never changes) */ + memcpy(buf, dirname, dirname_len); + buf[dirname_len] = PHP_DIR_SEPARATOR; + while (php_readdir_r(dir, (struct dirent *) dentry, &entry) == 0 && entry) { /* does the file start with our prefix? */ - if (!strncmp(entry->d_name, FILE_PREFIX, sizeof(FILE_PREFIX) - 1) && - /* create full path */ - snprintf(buf, MAXPATHLEN, "%s%c%s", dirname, PHP_DIR_SEPARATOR, - entry->d_name) > 0 && - /* stat the directory entry */ - V_STAT(buf, &sbuf) == 0 && - /* is it expired? */ - (now - sbuf.st_atime) > maxlifetime) { - V_UNLINK(buf); - nrdels++; + if (!strncmp(entry->d_name, FILE_PREFIX, sizeof(FILE_PREFIX) - 1)) { + size_t entry_len; + + entry_len = strlen(entry->d_name); + /* does it fit into our buffer? */ + if (entry_len + dirname_len + 2 < MAXPATHLEN) { + /* create the full path.. */ + memcpy(buf + dirname_len + 1, entry->d_name, entry_len); + /* NUL terminate it and */ + buf[dirname_len + entry_len + 1] = '\0'; + /* check whether its last access was more than maxlifet ago */ + if (V_STAT(buf, &sbuf) == 0 && + (now - sbuf.st_atime) > maxlifetime) { + V_UNLINK(buf); + nrdels++; + } + } } } @@ -206,7 +225,8 @@ PS_OPEN_FUNC(files) data->dirdepth = strtol(save_path, NULL, 10); save_path = p + 1; } - data->basedir = estrdup(save_path); + data->basedir_len = strlen(save_path); + data->basedir = estrndup(save_path, data->basedir_len); return SUCCESS; } diff --git a/ext/session/session.c b/ext/session/session.c index 31d6b9cdce..e7624914cc 100644 --- a/ext/session/session.c +++ b/ext/session/session.c @@ -48,6 +48,8 @@ static php_ps_globals ps_globals; #include "modules.c" +#include "ext/standard/php_smart_str.h" + function_entry session_functions[] = { PHP_FE(session_name, NULL) PHP_FE(session_module_name, NULL) @@ -632,16 +634,18 @@ static char *week_days[] = { "Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat", "Sun" }; -static void strcat_gmt(char *ubuf, time_t *when) +static void strcpy_gmt(char *ubuf, time_t *when) { char buf[MAX_STR]; struct tm tm; + int n; php_gmtime_r(when, &tm); /* we know all components, thus it is safe to use sprintf */ - sprintf(buf, "%s, %d %s %d %02d:%02d:%02d GMT", week_days[tm.tm_wday], tm.tm_mday, month_names[tm.tm_mon], tm.tm_year + 1900, tm.tm_hour, tm.tm_min, tm.tm_sec); - strcat(ubuf, buf); + n = sprintf(buf, "%s, %d %s %d %02d:%02d:%02d GMT", week_days[tm.tm_wday], tm.tm_mday, month_names[tm.tm_mon], tm.tm_year + 1900, tm.tm_hour, tm.tm_min, tm.tm_sec); + memcpy(ubuf, buf, n); + ubuf[n] = '\0'; } static void last_modified(void) @@ -657,8 +661,9 @@ static void last_modified(void) return; } - strcpy(buf, "Last-Modified: "); - strcat_gmt(buf, &sb.st_mtime); +#define LAST_MODIFIED "Last-Modified: " + memcpy(buf, LAST_MODIFIED, sizeof(LAST_MODIFIED) - 1); + strcpy_gmt(buf + sizeof(LAST_MODIFIED) - 1, &sb.st_mtime); ADD_COOKIE(buf); } } @@ -670,8 +675,9 @@ CACHE_LIMITER_FUNC(public) time(&now); now += PS(cache_expire) * 60; - strcpy(buf, "Expires: "); - strcat_gmt(buf, &now); +#define EXPIRES "Expires: " + memcpy(buf, EXPIRES, sizeof(EXPIRES) - 1); + strcpy_gmt(buf + sizeof(EXPIRES) - 1, &now); ADD_COOKIE(buf); sprintf(buf, "Cache-Control: public, max-age=%ld", PS(cache_expire) * 60); @@ -735,7 +741,7 @@ static int php_session_cache_limiter(PSLS_D) return (-1); } -#define COOKIE_FMT "Set-Cookie: %s=%s" +#define COOKIE_SET_COOKIE "Set-Cookie: " #define COOKIE_EXPIRES "; expires=" #define COOKIE_PATH "; path=" #define COOKIE_DOMAIN "; domain=" @@ -743,10 +749,7 @@ static int php_session_cache_limiter(PSLS_D) static void php_session_send_cookie(PSLS_D) { - int len; - int pathlen; - int domainlen; - char *cookie; + smart_str ncookie = {0}; char *date_fmt = NULL; SLS_FETCH(); @@ -763,49 +766,36 @@ static void php_session_send_cookie(PSLS_D) return; } - len = strlen(PS(session_name)) + strlen(PS(id)) + sizeof(COOKIE_FMT); + smart_str_appends(&ncookie, COOKIE_SET_COOKIE); + smart_str_appends(&ncookie, PS(session_name)); + smart_str_appendc(&ncookie, '='); + smart_str_appends(&ncookie, PS(id)); + if (PS(cookie_lifetime) > 0) { date_fmt = php_std_date(time(NULL) + PS(cookie_lifetime)); - len += sizeof(COOKIE_EXPIRES) + strlen(date_fmt); + + smart_str_appends(&ncookie, COOKIE_EXPIRES); + smart_str_appends(&ncookie, date_fmt); + efree(date_fmt); } - if(PS(cookie_secure)) { - len += sizeof(COOKIE_SECURE); + if (PS(cookie_path)[0]) { + smart_str_appends(&ncookie, COOKIE_PATH); + smart_str_appends(&ncookie, PS(cookie_path)); } - - pathlen = strlen(PS(cookie_path)); - if (pathlen > 0) - len += pathlen + sizeof(COOKIE_PATH); - - domainlen = strlen(PS(cookie_domain)); - if (domainlen > 0) - len += domainlen + sizeof(COOKIE_DOMAIN); - - cookie = ecalloc(len + 1, 1); - len = snprintf(cookie, len, COOKIE_FMT, PS(session_name), PS(id)); - if (PS(cookie_lifetime) > 0) { - strcat(cookie, COOKIE_EXPIRES); - strcat(cookie, date_fmt); - len += strlen(COOKIE_EXPIRES) + strlen(date_fmt); - efree(date_fmt); - } - - if (pathlen > 0) { - strcat(cookie, COOKIE_PATH); - strcat(cookie, PS(cookie_path)); - } - - if (domainlen > 0) { - strcat(cookie, COOKIE_DOMAIN); - strcat(cookie, PS(cookie_domain)); + if (PS(cookie_domain)[0]) { + smart_str_appends(&ncookie, COOKIE_DOMAIN); + smart_str_appends(&ncookie, PS(cookie_domain)); } if (PS(cookie_secure)) { - strcat(cookie, COOKIE_SECURE); + smart_str_appends(&ncookie, COOKIE_SECURE); } - sapi_add_header(cookie, strlen(cookie), 0); + smart_str_0(&ncookie); + + sapi_add_header(ncookie.c, ncookie.len, 0); } static ps_module *_php_find_ps_module(char *name PSLS_DC)