X-Git-Url: https://git.octo.it/?p=rrdtool.git;a=blobdiff_plain;f=src%2Frrd_cgi.c;h=a0c9b3b27d4f86d7e6f118da303024c004b6a08f;hp=f6313f869dc0cc725e39e9107283a275571b8a8b;hb=4e8787fdbff3ddd4044e19cf37b9e3a54b5ef0cb;hpb=609630f90a3247ae0956eb4f6d860e8a7f1797f6 diff --git a/src/rrd_cgi.c b/src/rrd_cgi.c index f6313f8..a0c9b3b 100644 --- a/src/rrd_cgi.c +++ b/src/rrd_cgi.c @@ -1,5 +1,5 @@ /***************************************************************************** - * RRDtool 1.4.2 Copyright by Tobi Oetiker, 1997-2009 + * RRDtool 1.4.3 Copyright by Tobi Oetiker, 1997-2010 ***************************************************************************** * rrd_cgi.c RRD Web Page Generator *****************************************************************************/ @@ -9,6 +9,11 @@ #include #endif +#ifdef WIN32 + #define strcasecmp stricmp + #define strcasencmp strnicmp +#endif + #define MEMBLK 1024 /*#define DEBUG_PARSER #define DEBUG_VARS*/ @@ -382,14 +387,10 @@ static void calfree( char *stralloc( const char *str) { - char *nstr; - if (!str) { return NULL; } - nstr = malloc((strlen(str) + 1)); - strcpy(nstr, str); - return (nstr); + return strdup(str); } static int readfile( @@ -590,12 +591,13 @@ char *rrdsetenv( const char **args) { if (argc >= 2) { - char *xyz = malloc((strlen(args[0]) + strlen(args[1]) + 2)); + const size_t len = strlen(args[0]) + strlen(args[1]) + 2; + char *xyz = malloc(len); if (xyz == NULL) { return stralloc("[ERROR: allocating setenv buffer]"); }; - sprintf(xyz, "%s=%s", args[0], args[1]); + snprintf(xyz, len, "%s=%s", args[0], args[1]); if (putenv(xyz) == -1) { free(xyz); return stralloc("[ERROR: failed to do putenv]"); @@ -783,9 +785,10 @@ char *includefile( readfile(filename, &buffer, 0); if (rrd_test_error()) { - char *err = malloc((strlen(rrd_get_error()) + DS_NAM_SIZE)); + const size_t len = strlen(rrd_get_error()) + DS_NAM_SIZE; + char *err = malloc(len); - sprintf(err, "[ERROR: %s]", rrd_get_error()); + snprintf(err, len, "[ERROR: %s]", rrd_get_error()); rrd_clear_error(); return err; } else { @@ -949,10 +952,9 @@ char *drawgraph( return stralloc(calcpr[0]); } else { if (rrd_test_error()) { - char *err = - malloc((strlen(rrd_get_error()) + - DS_NAM_SIZE) * sizeof(char)); - sprintf(err, "[ERROR: %s]", rrd_get_error()); + const size_t len = strlen(rrd_get_error()) + DS_NAM_SIZE; + char *err = malloc(len); + snprintf(err, len, "[ERROR: %s]", rrd_get_error()); rrd_clear_error(); return err; } @@ -988,12 +990,14 @@ char *printtimelast( if (buf == NULL) { return stralloc("[ERROR: allocating strftime buffer]"); }; - last = rrd_last(argc + 1, (char **) args - 1); + /* not raising argc in step with args - 1 since the last argument + will be used below for strftime */ + + last = rrd_last(argc, (char **) args - 1); if (rrd_test_error()) { - char *err = - malloc((strlen(rrd_get_error()) + - DS_NAM_SIZE) * sizeof(char)); - sprintf(err, "[ERROR: %s]", rrd_get_error()); + const size_t len = strlen(rrd_get_error()) + DS_NAM_SIZE; + char *err = malloc(len); + snprintf(err, len, "[ERROR: %s]", rrd_get_error()); rrd_clear_error(); return err; } @@ -1001,10 +1005,7 @@ char *printtimelast( strftime(buf, 254, args[1], &tm_last); return buf; } - if (argc < 2) { - return stralloc("[ERROR: too few arguments for RRD::TIME::LAST]"); - } - return stralloc("[ERROR: not enough arguments for RRD::TIME::LAST]"); + return stralloc("[ERROR: expected ]"); } char *printtimenow( @@ -1253,11 +1254,6 @@ int parse( val = func(argc, (const char **) args); free(args-1); } else { - /* unable to parse arguments, undo 0-termination by scanargs */ - for (; argc > 0; argc--) { - *((args[argc - 1]) - 1) = ' '; - } - /* next call, try parsing at current offset +1 */ end = (*buf) + i + 1; @@ -1388,6 +1384,7 @@ s_var **rrdcgiReadVariables( s_var **result; int i, k, len; char tmp[101]; + size_t tmplen; cp = getenv("REQUEST_METHOD"); ip = getenv("CONTENT_LENGTH"); @@ -1404,9 +1401,8 @@ s_var **rrdcgiReadVariables( } else if (cp && !strcmp(cp, "GET")) { esp = getenv("QUERY_STRING"); if (esp && strlen(esp)) { - if ((line = (char *) malloc(strlen(esp) + 2)) == NULL) + if ((line = strdup(esp)) == NULL) return NULL; - sprintf(line, "%s", esp); } else return NULL; } else { @@ -1414,22 +1410,18 @@ s_var **rrdcgiReadVariables( printf("(offline mode: enter name=value pairs on standard input)\n"); memset(tmp, 0, sizeof(tmp)); while ((cp = fgets(tmp, 100, stdin)) != NULL) { - if (strlen(tmp)) { - if (tmp[strlen(tmp) - 1] == '\n') - tmp[strlen(tmp) - 1] = '&'; - if (length) { - length += strlen(tmp); - len = (length + 1) * sizeof(char); + if ((tmplen = strlen(tmp)) != 0) { + if (tmp[tmplen - 1] == '\n') + tmp[tmplen - 1] = '&'; + length += tmplen; + len = (length + 1) * sizeof(char); + if ((unsigned) length > tmplen) { if ((line = (char *) realloc(line, len)) == NULL) return NULL; - strcat(line, tmp); + strncat(line, tmp, tmplen); } else { - length = strlen(tmp); - len = (length + 1) * sizeof(char); - if ((line = (char *) malloc(len)) == NULL) + if ((line = strdup(tmp)) == NULL) return NULL; - memset(line, 0, len); - strcpy(line, tmp); } } memset(tmp, 0, sizeof(tmp)); @@ -1527,14 +1519,10 @@ s_var **rrdcgiReadVariables( i++; } else { /* There is already such a name, suppose a mutiple field */ cp = ++esp; - len = - (strlen(result[k]->value) + (ip - esp) + - 2) * sizeof(char); - if ((sptr = (char *) malloc(len)) == NULL) + len = strlen(result[k]->value) + (ip - esp) + 2; + if ((sptr = (char *) calloc(len, sizeof(char))) == NULL) return NULL; - memset(sptr, 0, len); - sprintf(sptr, "%s\n", result[k]->value); - strncat(sptr, cp, ip - esp); + snprintf(sptr, len, "%s\n%s", result[k]->value, cp); free(result[k]->value); result[k]->value = rrdcgiDecodeString(sptr); }