From 06c64aacf29db1bbf135e80aa98ec03ec8c6719c Mon Sep 17 00:00:00 2001 From: oetiker Date: Sun, 8 Aug 2004 21:54:07 +0000 Subject: [PATCH] port forward of fixes from the stable version of rrd_cgi git-svn-id: svn://svn.oetiker.ch/rrdtool/trunk/program@288 a5681a0c-68f1-0310-ab6d-d61299d08faa --- src/rrd_cgi.c | 123 +++++++++++++++++++++++++++++++++------------------------- 1 file changed, 71 insertions(+), 52 deletions(-) diff --git a/src/rrd_cgi.c b/src/rrd_cgi.c index d72879f..411b02b 100644 --- a/src/rrd_cgi.c +++ b/src/rrd_cgi.c @@ -220,6 +220,9 @@ rrd_expand_vars(char* buffer) parse(&buffer, i, "= 1) { - readfile(args[0], &buffer, 0); + char* filename = args[0]; + readfile(filename, &buffer, 0); if (rrd_test_error()) { char *err = malloc((strlen(rrd_get_error())+DS_NAM_SIZE)); sprintf(err, "[ERROR: %s]",rrd_get_error()); @@ -604,55 +622,58 @@ char* cgigetq(long argc, const char **args){ paths which came in via cgi do not go UP ... */ char* cgigetqp(long argc, const char **args){ - if (argc>= 1) { - char *buf = rrdstrip(cgiGetValue(cgiArg,args[0])); - char *buf2; - char *c,*d; - int qc=0; - - if (buf==NULL) - return NULL; - - for(c=buf;*c != '\0';c++) { - if (*c == '"') { - qc++; - } - } - - if ((buf2 = malloc((strlen(buf) + 4 * qc + 4))) == NULL) { - perror("Malloc Buffer"); - exit(1); + char* buf; + char* buf2; + char* p; + char* d; + + if (argc < 1) + { + return stralloc("[ERROR: not enough arguments for RRD::CV::PATH]"); + } + + buf = rrdstrip(cgiGetValue(cgiArg, args[0])); + if (!buf) + { + return NULL; + } + + buf2 = malloc(strlen(buf)+1); + if (!buf2) + { + perror("cgigetqp(): Malloc Path Buffer"); + exit(1); }; - c=buf; - d=buf2; - - *(d++) = '"'; - while (*c != '\0') { - if (*c == '"') { - *(d++) = '"'; - *(d++) = '\''; - *(d++) = '"'; - *(d++) = '\''; - } - if(*c == '/') { - *(d++) = '_'; - c++; - } else { - if (*c=='.' && *(c+1) == '.') { - c += 2; - *(d++) = '_'; *(d++) ='_'; - } else { - *(d++) = *(c++); - } - } + p = buf; + d = buf2; + + while (*p) + { + /* prevent mallicious paths from entering the system */ + if (p[0] == '.' && p[1] == '.') + { + p += 2; + *d++ = '_'; + *d++ = '_'; + } + else + { + *d++ = *p++; + } } - *(d++) = '"'; - *(d) = '\0'; + + *d = 0; free(buf); + + /* Make sure the path is relative, e.g. does not start with '/' */ + p = buf2; + while ('/' == *p) + { + *p++ = '_'; + } + return buf2; - } - return stralloc("[ERROR: not enough arguments for RRD::CV::PATH]"); } @@ -816,7 +837,7 @@ scanargs(char *line, int *argument_count, char ***arguments) { case ' ': if (Quote || tagcount) { - /* copy quoted/tagged string */ + /* copy quoted/tagged (=RRD expanded) string */ *putP++ = c; } else if (in_arg) @@ -842,7 +863,7 @@ scanargs(char *line, int *argument_count, char ***arguments) } } else { if (!in_arg) { - /* reference argument string in argument array */ + /* reference start of argument string in argument array */ argv[argc++] = putP; in_arg=1; } @@ -851,7 +872,6 @@ scanargs(char *line, int *argument_count, char ***arguments) break; default: - if (!Quote) { if (!in_arg) { /* start new argument */ argv[argc++] = putP; @@ -868,7 +888,6 @@ scanargs(char *line, int *argument_count, char ***arguments) curarg_contains_rrd_directives = 1; } } - } *putP++ = c; break; } -- 2.11.0