Regarding Cactus bug report 1632 "HTTPD contains buffer overflows"

1) Got rid of most strcat/sprintf into automatic array, replaced with a String module that allocates dynamic memory on the heap. 2) Went a long way toward initializing all variables. 3) Tested: Ran two copies with same parfile except different port, one with my changes, one with original. Went through different kinds of pages by hand, checked by eye. 4) Tried to make HTML XHTML 1.0-compliant. Checked with Amaya. One problem: How to deal with raw less-than characters, etc. Made a function to convert them to HTML Character Entities, but isn't clear this will work properly in the forms. So I left these symbols in the forms. 5) Also checked with more primitive browsers, lynx and dillo. 6) Marked a few instances of questionable code with 'SW' To do ----- Document a few new functions, esp. in Content.c git-svn-id: http://svn.cactuscode.org/arrangements/CactusConnect/HTTPD/trunk@187 1faa4e14-9dd3-4be0-9f0e-ffe519881164
author: swhite <swhite@1faa4e14-9dd3-4be0-9f0e-ffe519881164> 2004-04-06 17:45:14 +0000
committer: swhite <swhite@1faa4e14-9dd3-4be0-9f0e-ffe519881164> 2004-04-06 17:45:14 +0000
commit: 89b88d27b20641e04cd1c2714c299d8908822b54 (patch)
tree: 5b31770e8864f4d6f0953acbe24af5cc80d43730 /src/Authorisation.c
parent: 3ccc27cd1bf0912054213a88798b088010173f1e (diff)
1 files changed, 18 insertions, 39 deletions
diff --git a/src/Authorisation.c b/src/Authorisation.c
index cde3786..b0c4723 100644
--- a/src/Authorisation.c
+++ b/src/Authorisation.c
@@ -27,6 +27,7 @@
 
 #include "http_Request.h"
 #include "http_Auth.h"
+#include "http_SString.h"
 
 #include "base64.h"
 
@@ -93,11 +94,8 @@ int HTTP_AuthAddUser(const char *database,
                      const char *password,
                      const char *encryption_scheme)
 {
-  int retcode;
-  uHash *this_database;
-
-  retcode = -1;
-  this_database = NULL;
+  int retcode = -1;
+  uHash *this_database = NULL;
 
   /* Create the master database if necessary */
   if(!AuthDatabase)
@@ -124,10 +122,6 @@ int HTTP_AuthAddUser(const char *database,
       }
     }
   }
-  else
-  {
-    retcode = -1;
-  }
 
   /* Now add the user to the database */
   if(this_database)
@@ -167,24 +161,19 @@ int HTTP_AuthenticateBasic(httpRequest *request,
                            char *user,
                            int length)
 {
-  int retval;
+  int retval = -1;
 
-  const char *value;
-  char *auth_string;
+  char *auth_string = NULL;
   char *token;
   
-  int decoded_size;
-  char decoded[DECODED_SIZE+1];
+  int decoded_size = 0;
+  char decoded[DECODED_SIZE+1] = {'\0'};
   
-  char *password;
-
-  int authorised;
-
-  value = HTTP_HeaderValue(request, "Authorization");
+  char *password = NULL;
 
-  auth_string = NULL;
+  int authorised = 0;
 
-  authorised = 0;
+  const char *value = HTTP_HeaderValue(request, "Authorization");
 
   /* Null terminate the user string */ 
   if(user && length > 0)
@@ -235,10 +224,6 @@ int HTTP_AuthenticateBasic(httpRequest *request,
     {
       retval = 0;
     }
-    else
-    {
-      retval = -1;
-    }
   }
   else
   {
@@ -274,11 +259,11 @@ static int AddUser(uHash *database,
                    const char *password,
                    const char *encryption_scheme)
 {
-  int retcode;
-  struct httpUserData *this_user;
+  int retcode = -1;
 
   /* Does this user already exist ? */
-  this_user = (struct httpUserData *)Util_HashData(database, strlen(name), name, 0);
+  struct httpUserData * this_user = (struct httpUserData *)Util_HashData(
+                                              database, strlen(name), name, 0);
 
   if(!this_user)
   {
@@ -293,10 +278,6 @@ static int AddUser(uHash *database,
 
       retcode = Util_HashStore(database, strlen(name), name, 0, (void *)this_user);
     }
-    else
-    {
-      retcode = -1;
-    }
   }
   else
   {
@@ -331,20 +312,18 @@ static int VerifyPassword(const char *database,
                           const char *user, 
                           const char *password)
 {
-  int retcode;
-  uHash *this_database;
-  struct httpUserData *data;
-
-  retcode = 0;
+  int retcode = 0;
 
   if(AuthDatabase)
   {
     /* Does this database exist ? */
-    this_database = (uHash *)Util_HashData(AuthDatabase, strlen(database), database, 0);
+    uHash *this_database = (uHash *)Util_HashData(AuthDatabase,
+                                              strlen(database), database, 0);
 
     if(this_database)
     {
-      data = (struct httpUserData *) Util_HashData(this_database, strlen(user), user, 0);
+      struct httpUserData *data = (struct httpUserData *) Util_HashData(
+                                         this_database, strlen(user), user, 0);
 
       if(data)
       {
author	swhite <swhite@1faa4e14-9dd3-4be0-9f0e-ffe519881164>	2004-04-06 17:45:14 +0000
committer	swhite <swhite@1faa4e14-9dd3-4be0-9f0e-ffe519881164>	2004-04-06 17:45:14 +0000
commit	89b88d27b20641e04cd1c2714c299d8908822b54 (patch)
tree	5b31770e8864f4d6f0953acbe24af5cc80d43730 /src/Authorisation.c
parent	3ccc27cd1bf0912054213a88798b088010173f1e (diff)