diff options
| author | swhite <swhite@1faa4e14-9dd3-4be0-9f0e-ffe519881164> | 2004-04-06 17:45:14 +0000 |
|---|---|---|
| committer | swhite <swhite@1faa4e14-9dd3-4be0-9f0e-ffe519881164> | 2004-04-06 17:45:14 +0000 |
| commit | 89b88d27b20641e04cd1c2714c299d8908822b54 (patch) | |
| tree | 5b31770e8864f4d6f0953acbe24af5cc80d43730 /src/Thorns.c | |
| parent | 3ccc27cd1bf0912054213a88798b088010173f1e (diff) | |
Regarding Cactus bug report 1632 "HTTPD contains buffer overflows"
1) Got rid of most strcat/sprintf into automatic array, replaced
with a String module that allocates dynamic memory on the heap.
2) Went a long way toward initializing all variables.
3) Tested: Ran two copies with same parfile except different port,
one with my changes, one with original. Went through different
kinds of pages by hand, checked by eye.
4) Tried to make HTML XHTML 1.0-compliant. Checked with Amaya.
One problem: How to deal with raw less-than characters, etc.
Made a function to convert them to HTML Character Entities,
but isn't clear this will work properly in the forms. So
I left these symbols in the forms.
5) Also checked with more primitive browsers, lynx and dillo.
6) Marked a few instances of questionable code with 'SW'
To do
-----
Document a few new functions, esp. in Content.c
git-svn-id: http://svn.cactuscode.org/arrangements/CactusConnect/HTTPD/trunk@187 1faa4e14-9dd3-4be0-9f0e-ffe519881164
Diffstat (limited to 'src/Thorns.c')
| -rw-r--r-- | src/Thorns.c | 191 |
1 files changed, 91 insertions, 100 deletions
diff --git a/src/Thorns.c b/src/Thorns.c index 7394998..05ca112 100644 --- a/src/Thorns.c +++ b/src/Thorns.c @@ -62,10 +62,11 @@ int HTTPi_RegisterThornPages(void); @endhistory @@*/ +#define THORN_NAME_MAXLENGTH (27+20) int HTTPi_RegisterThornPages(void) { int i; - char pagename[27+20]; /* Thorns have maximum length */ + char pagename[THORN_NAME_MAXLENGTH]; char *namecopy; const char *thorn; @@ -82,7 +83,7 @@ int HTTPi_RegisterThornPages(void) sprintf(pagename,"/Thorns/%s", thorn); - namecopy = Util_Strdup(thorn); + namecopy = Util_Strdup(thorn); /*SW isn't this a memory leak?*/ HTTP_RegisterPage(pagename, ThornPage, namecopy); } @@ -112,43 +113,37 @@ int HTTPi_RegisterThornPages(void) static int ThornMainPage(const cGH *cctkGH, httpRequest *request, void *data) { int i; - int retval; + int retval = -1; int foundone; const char *thorn; - char message[4098]; + String *message = String_New(); /* avoid compiler warning about unused parameter */ data = data; - /* Status message */ - strcpy(message,"HTTP/1.0 200 OK\r\n"); - - HTTP_Write(request, message, strlen(message)); - - /* Content-Type */ - strcpy(message,"Content-Type: text/html\r\n\r\n"); - - HTTP_Write(request, message, strlen(message)); - + SendHTTP_OK_Header( request ); + SetHTML_Doctype( message ); + Send_HTTP_String(request, message); /* Start the page */ - strcpy(message,"<HTML><HEAD><TITLE>Cactus Thorns</TITLE>\n"); + Send_HTTP(request,"<html><head><title>Cactus Thorns</title>\n"); + + SetHTML_HeadHeader( message); + Send_HTTP_String(request, message ); - HTTP_Write(request, message, strlen(message)); + Send_HTTP(request,"</head>\n<body>\n"); - /* HTTP_Write out the header part. */ + /* Send_HTTP_String out the header part. */ - HTTP_ContentHeader(cctkGH,0,strlen(message),message,NULL); + SetHTML_ContentHeader(cctkGH,0,message,NULL); - retval = HTTP_Write(request, message, strlen(message)); + retval = Send_HTTP_String(request, message); - strcpy(message, "<center><h1>Thorns</h1></center>" - "<p>These pages describe the thorns used in this simulation.</p>"); - retval = HTTP_Write(request, message, strlen(message)); + retval = Send_HTTP(request, "<h1>Thorns</h1>\n" + "<p>These pages describe the thorns used in this simulation.</p>\n"); - strcpy(message,"<TABLE><TR><TD VALIGN=TOP ALIGN=LEFT>"); - retval = HTTP_Write(request, message, strlen(message)); + retval = Send_HTTP(request,"<table><tr><td>\n"); foundone = 0; for (i = 0; i < CCTK_NumCompiledThorns (); i++) @@ -158,37 +153,33 @@ static int ThornMainPage(const cGH *cctkGH, httpRequest *request, void *data) { if (!foundone) { - strcpy(message, - "<H2>Active Thorns</H2>\n" - "<CENTER>\n" - "<TABLE ALIGN=TOP cellspacing=0 cellpadding=5 border=0\n>" - "<TR>\n" - "<TH ALIGN=LEFT>Thorn Name</TH>\n" - "<TH ALIGN=LEFT>Implementation</TH>\n" - "</TR>\n"); - HTTP_Write(request, message, strlen(message)); + Send_HTTP(request, + "<h2>Active Thorns</h2>\n" + "<div class=\"center\">\n" + "<table class=\"thorns\" cellspacing=\"0\" cellpadding=\"5\">\n" + "<tr>\n" + "<th>Thorn Name</th>\n" + "<th>Implementation</th>\n" + "</tr>\n"); foundone++; } - sprintf(message, - "<TR>\n" - "<TD VALIGN=TOP ALIGN=LEFT><A HREF=\"/Thorns/%s/\">%s</A></td>\n" - "<TD VALIGN=TOP ALIGN=LEFT>%s</TD>\n" - "</TR>\n", - thorn, thorn,CCTK_ThornImplementation(thorn)); - HTTP_Write(request, message, strlen(message)); + SetToCString(message, "<tr>\n<td><a href=\"/Thorns/"); + ConcatCString(message, thorn); + ConcatCString(message, "/\">"); + ConcatCString(message, thorn); + ConcatCString(message, "</a></td>\n<td>"); + ConcatCString(message, CCTK_ThornImplementation(thorn)); + ConcatCString(message, "</td>\n</tr>\n"); + Send_HTTP_String(request, message); } } if (foundone) { - strcpy(message,"</TABLE></CENTER>"); - HTTP_Write(request, message, strlen(message)); + Send_HTTP(request,"</table></div>\n"); } - - strcpy(message,"</TD><TD ALIGN=LEFT VALIGN=TOP>"); - retval = HTTP_Write(request, message, strlen(message)); - + retval = Send_HTTP(request,"</td><td>"); foundone = 0; for (i = 0; i < CCTK_NumCompiledThorns (); i++) @@ -199,44 +190,40 @@ static int ThornMainPage(const cGH *cctkGH, httpRequest *request, void *data) if (!foundone) { - strcpy(message, - "<H2>Dormant Thorns</H2>\n" - "<CENTER><TABLE CELL SPACING=0 cellpadding=5 border=0\n>" - "<TR>\n" - "<TH ALIGN=LEFT>Thorn Name</TH>\n" - "<TH ALIGN=LEFT>Implementation</TH>\n" - "</TR>\n"); - HTTP_Write(request, message, strlen(message)); + Send_HTTP(request, + "<h2>Dormant Thorns</h2>\n" + "<div class=\"centered\">\n" + "<table class=\"thorns\" cellspacing=\"0\" cellpadding=\"5\">\n" + "<tr>\n" + "<th>Thorn Name</th>\n" + "<th>Implementation</th>\n" + "</tr>\n"); foundone++; } - sprintf(message, - "<TR>\n" - "<TD VALIGN=TOP ALIGN=LEFT>\n" - "%s</td>\n" - "<TD VALIGN=TOP ALIGN=LEFT>%s</TD>\n" - "</TR>\n", - thorn, CCTK_ThornImplementation(thorn)); - HTTP_Write(request, message, strlen(message)); + SetToCString(message, "<tr>\n<td>\n"); + ConcatCString(message, thorn); + ConcatCString(message, "</td>\n<td>"); + ConcatCString(message, CCTK_ThornImplementation(thorn)); + ConcatCString(message, "</td>\n</tr>\n"); + Send_HTTP_String(request, message); } } if (foundone) { - strcpy(message,"</TABLE>\n</CENTER>\n"); - HTTP_Write(request, message, strlen(message)); + Send_HTTP(request,"</table>\n</div>\n"); } - strcpy(message,"</TD>\n</TR>\n</TABLE>\n"); - - retval = HTTP_Write(request, message, strlen(message)); + retval = Send_HTTP(request,"</td>\n</tr>\n</table>\n"); /* Write out the footer part. */ - HTTP_ContentFooter(cctkGH,0,strlen(message),message); - retval = HTTP_Write(request, message, strlen(message)); + SetHTML_ContentFooter(cctkGH,0,message); + retval = Send_HTTP_String(request, message); + String_Delete( message ); return retval; } @@ -259,49 +246,53 @@ static int ThornMainPage(const cGH *cctkGH, httpRequest *request, void *data) static int ThornPage(const cGH *cctkGH, httpRequest *request, void *data) { int retval=0; - char message[4098]; - const char *thorn; - - thorn = (const char *)data; - - strcpy(message,"HTTP/1.0 200 OK\r\n"); + String *message = String_New(); + const char *thorn = (const char *)data; - HTTP_Write(request, message, strlen(message)); + SendHTTP_OK_Header(request); - /* Content-Type */ - strcpy(message,"Content-Type: text/html\r\n\r\n"); - - HTTP_Write(request, message, strlen(message)); + SetHTML_Doctype( message ); + Send_HTTP_String(request, message); /* Start the page */ - sprintf(message, - "<HTML><HEAD><TITLE>Thorn Page : %s</TITLE></HEAD>\n", thorn); + SetToCString(message, "<html>\n<head>\n<title>Thorn Page : "); + ConcatCString(message, thorn); + ConcatCString(message, "</title>\n"); - HTTP_Write(request, message, strlen(message)); + Send_HTTP_String(request, message); + SetHTML_HeadHeader( message); + Send_HTTP_String(request, message ); - HTTP_ContentHeader(cctkGH,0,4098,message,NULL); + Send_HTTP(request,"</head>\n<body>\n"); - strcat(message,"<BODY>"); - HTTP_Write(request, message, strlen(message)); + SetHTML_ContentHeader(cctkGH,0,message,NULL); - sprintf(message,"<CENTER><H1>Thorn %s</H1></CENTER>\n",thorn); - HTTP_Write(request, message, strlen(message)); - - sprintf(message,"<P>This page will include all the information about thorn" - "%s. For now, only information about the parameters is given.</p>", - thorn); + Send_HTTP_String(request, message); - sprintf(message,"%s<UL>\n" - "<LI><A HREF=\"/Parameters/%s\">Parameters</A>\n" - "</UL>\n", - message,thorn); - HTTP_Write(request, message, strlen(message)); + SetToCString(message, "<h1>Thorn "); + ConcatCString(message, thorn); + ConcatCString(message, "</h1>\n"); + + Send_HTTP_String(request, message); + + SetToCString(message,"<p>This page will include all the information about thorn \'"); + ConcatCString(message, thorn); + ConcatCString(message, + "\'.\n For now, only information about the parameters is given.</p>\n"); + + ConcatCString(message, "<ul>\n" + "<li><a href=\"/Parameters/"); + ConcatCString(message, thorn ); + ConcatCString(message, "\">Parameters</a></li>\n" + "</ul>\n"); + Send_HTTP_String(request, message); /* Write out the footer part. */ - HTTP_ContentFooter(cctkGH, 0, 4098, message); - retval = HTTP_Write(request, message, strlen(message)); - + SetHTML_ContentFooter(cctkGH, 0, message); + retval = Send_HTTP_String(request, message); + + String_Delete( message ); return retval; } |