From: Jim Jagielski Date: Mon, 28 Nov 2011 15:11:47 +0000 (+0000) Subject: Merge r1207282 from trunk: X-Git-Tag: 2.3.16~90 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=bb4479c6b8bf83c9c1b91c8fdf1931bbeab22b83;p=apache Merge r1207282 from trunk: Error-check. Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1207285 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c index 684b196717..9f15023c6d 100644 --- a/modules/proxy/mod_proxy.c +++ b/modules/proxy/mod_proxy.c @@ -327,8 +327,12 @@ static const char *set_balancer_param(proxy_server_conf *conf, provider = ap_lookup_provider(PROXY_LBMETHOD, val, "0"); if (provider) { balancer->lbmethod = provider; - PROXY_STRNCPY(balancer->s->lbpname, val); - return NULL; + if (PROXY_STRNCPY(balancer->s->lbpname, val) == APR_SUCCESS) { + return NULL; + } + else { + return "lbmethod name too large"; + } } return "unknown lbmethod"; } @@ -371,12 +375,9 @@ static const char *set_balancer_param(proxy_server_conf *conf, *balancer->s->nonce = '\0'; } else { - if (strlen(val) > sizeof(balancer->s->nonce)-1) { + if (PROXY_STRNCPY(balancer->s->nonce, val) != APR_SUCCESS) { return "Provided nonce is too large"; } - else { - PROXY_STRNCPY(balancer->s->nonce, val); - } } } else if (!strcasecmp(key, "growth")) { diff --git a/modules/proxy/mod_proxy.h b/modules/proxy/mod_proxy.h index ba92f6fe27..7ca5071b40 100644 --- a/modules/proxy/mod_proxy.h +++ b/modules/proxy/mod_proxy.h @@ -296,29 +296,17 @@ PROXY_WORKER_DISABLED | PROXY_WORKER_STOPPED | PROXY_WORKER_IN_ERROR ) #define PROXY_WORKER_DEFAULT_RETRY 60 /* Some max char string sizes, for shm fields */ -#ifndef PROXY_WORKER_MAX_SCHEME_SIZE #define PROXY_WORKER_MAX_SCHEME_SIZE 16 -#endif -#ifndef PROXY_WORKER_MAX_ROUTE_SIZE #define PROXY_WORKER_MAX_ROUTE_SIZE 64 -#endif -#ifndef PROXY_WORKER_MAX_NAME_SIZE #define PROXY_WORKER_MAX_NAME_SIZE 96 #define PROXY_BALANCER_MAX_NAME_SIZE PROXY_WORKER_MAX_NAME_SIZE -#endif -#ifndef PROXY_WORKER_MAX_HOSTNAME_SIZE #define PROXY_WORKER_MAX_HOSTNAME_SIZE 64 #define PROXY_BALANCER_MAX_HOSTNAME_SIZE PROXY_WORKER_MAX_HOSTNAME_SIZE -#endif -#ifndef PROXY_BALANCER_MAX_STICKY_SIZE #define PROXY_BALANCER_MAX_STICKY_SIZE 64 -#endif -#ifndef PROXY_MAX_PROVIDER_NAME_SIZE #define PROXY_MAX_PROVIDER_NAME_SIZE 16 -#endif -#define PROXY_STRNCPY(dst, src) apr_cpystrn((dst), (src), sizeof(dst)) +#define PROXY_STRNCPY(dst, src) ap_proxy_strncpy((dst), (src), (sizeof(dst))) #define PROXY_COPY_CONF_PARAMS(w, c) \ do { \ @@ -531,7 +519,8 @@ APR_DECLARE_EXTERNAL_HOOK(proxy, PROXY, int, request_status, /* proxy_util.c */ -PROXY_DECLARE(request_rec *)ap_proxy_make_fake_req(conn_rec *c, request_rec *r); +PROXY_DECLARE(apr_status_t) ap_proxy_strncpy(char *dst, const char *src, size_t dlen); +PROXY_DECLARE(request_rec *) ap_proxy_make_fake_req(conn_rec *c, request_rec *r); PROXY_DECLARE(int) ap_proxy_hex2c(const char *x); PROXY_DECLARE(void) ap_proxy_c2hex(int ch, char *x); PROXY_DECLARE(char *)ap_proxy_canonenc(apr_pool_t *p, const char *x, int len, enum enctype t, diff --git a/modules/proxy/proxy_util.c b/modules/proxy/proxy_util.c index c27ca57263..86ce41b08f 100644 --- a/modules/proxy/proxy_util.c +++ b/modules/proxy/proxy_util.c @@ -77,6 +77,18 @@ APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(proxy, PROXY, int, create_req, (request_rec *r, request_rec *pr), (r, pr), OK, DECLINED) +PROXY_DECLARE(apr_status_t) ap_proxy_strncpy(char *dst, const char *src, size_t dlen) +{ + if ((strlen(src)+1) > dlen) { + /* APR_ENOSPACE would be better */ + return APR_EGENERAL; + } + else { + apr_cpystrn(dst, src, dlen); + } + return APR_SUCCESS; +} + /* already called in the knowledge that the characters are hex digits */ PROXY_DECLARE(int) ap_proxy_hex2c(const char *x) { @@ -1354,12 +1366,18 @@ PROXY_DECLARE(char *) ap_proxy_define_balancer(apr_pool_t *p, bshared->was_malloced = (do_malloc != 0); PROXY_STRNCPY(bshared->lbpname, "byrequests"); - PROXY_STRNCPY(bshared->name, uri); + if (PROXY_STRNCPY(bshared->name, uri) != APR_SUCCESS) { + return apr_psprintf(p, "balancer name (%s) too long", uri); + } ap_pstr2_alnum(p, bshared->name + sizeof(BALANCER_PREFIX) - 1, &sname); sname = apr_pstrcat(p, conf->id, "_", sname, NULL); - PROXY_STRNCPY(bshared->sname, sname); - PROXY_STRNCPY(bshared->alias, alias); + if (PROXY_STRNCPY(bshared->sname, sname) != APR_SUCCESS) { + return apr_psprintf(p, "balancer safe-name (%s) too long", sname); + } + if (PROXY_STRNCPY(bshared->alias, alias) != APR_SUCCESS) { + return apr_psprintf(p, "balancer front-end url (%s) too long", alias); + } bshared->hash = ap_proxy_hashfunc(bshared->name, PROXY_HASHFUNC_DEFAULT); (*balancer)->hash = bshared->hash; @@ -1367,7 +1385,9 @@ PROXY_DECLARE(char *) ap_proxy_define_balancer(apr_pool_t *p, * the process. */ apr_uuid_get(&uuid); apr_uuid_format(nonce, &uuid); - PROXY_STRNCPY(bshared->nonce, nonce); + if (PROXY_STRNCPY(bshared->nonce, nonce) != APR_SUCCESS) { + return apr_psprintf(p, "balancer nonce (%s) too long", nonce); + } (*balancer)->s = bshared; @@ -1727,6 +1747,7 @@ PROXY_DECLARE(char *) ap_proxy_define_worker(apr_pool_t *p, int rv; apr_uri_t uri; proxy_worker_shared *wshared; + char *ptr; rv = apr_uri_parse(p, url, &uri); @@ -1774,9 +1795,16 @@ PROXY_DECLARE(char *) ap_proxy_define_worker(apr_pool_t *p, memset(wshared, 0, sizeof(proxy_worker_shared)); - PROXY_STRNCPY(wshared->name, apr_uri_unparse(p, &uri, APR_URI_UNP_REVEALPASSWORD)); - PROXY_STRNCPY(wshared->scheme, uri.scheme); - PROXY_STRNCPY(wshared->hostname, uri.hostname); + ptr = apr_uri_unparse(p, &uri, APR_URI_UNP_REVEALPASSWORD); + if (PROXY_STRNCPY(wshared->name, ptr) != APR_SUCCESS) { + return apr_psprintf(p, "worker name (%s) too long", ptr); + } + if (PROXY_STRNCPY(wshared->scheme, uri.scheme) != APR_SUCCESS) { + return apr_psprintf(p, "worker scheme (%s) too long", uri.scheme); + } + if (PROXY_STRNCPY(wshared->hostname, uri.hostname) != APR_SUCCESS) { + return apr_psprintf(p, "worker hostname (%s) too long", uri.hostname); + } wshared->port = uri.port; wshared->flush_packets = flush_off; wshared->flush_wait = PROXY_FLUSH_WAIT;