diff options
-rw-r--r-- | usr.sbin/httpd/src/modules/proxy/mod_proxy.h | 2 | ||||
-rw-r--r-- | usr.sbin/httpd/src/modules/proxy/proxy_cache.c | 19 | ||||
-rw-r--r-- | usr.sbin/httpd/src/modules/proxy/proxy_util.c | 11 |
3 files changed, 19 insertions, 13 deletions
diff --git a/usr.sbin/httpd/src/modules/proxy/mod_proxy.h b/usr.sbin/httpd/src/modules/proxy/mod_proxy.h index 79d1ed8998b..9d0817c6a70 100644 --- a/usr.sbin/httpd/src/modules/proxy/mod_proxy.h +++ b/usr.sbin/httpd/src/modules/proxy/mod_proxy.h @@ -302,7 +302,7 @@ void ap_proxy_write_headers(cache_req *c, const char *respline, table *t); int ap_proxy_liststr(const char *list, const char *key, char **val); void ap_proxy_hash(const char *it, char *val, int ndepth, int nlength); int ap_proxy_hex2sec(const char *x); -void ap_proxy_sec2hex(int t, char *y); +int ap_proxy_sec2hex(int t, char *y, int len); cache_req *ap_proxy_cache_error(cache_req *r); int ap_proxyerror(request_rec *r, int statuscode, const char *message); const char *ap_proxy_host2addr(const char *host, struct hostent *reqhp); diff --git a/usr.sbin/httpd/src/modules/proxy/proxy_cache.c b/usr.sbin/httpd/src/modules/proxy/proxy_cache.c index cbcb49b3c74..2784af60af0 100644 --- a/usr.sbin/httpd/src/modules/proxy/proxy_cache.c +++ b/usr.sbin/httpd/src/modules/proxy/proxy_cache.c @@ -1533,19 +1533,19 @@ int ap_proxy_cache_update(cache_req *c, table *resp_hdrs, /* we have all the header information we need - write it to the cache file */ c->version++; - ap_proxy_sec2hex(date, buff + 17 * (0)); + ap_proxy_sec2hex(date, buff + 17 * (0), sizeof(buff) - 17 * 0); buff[17 * (1) - 1] = ' '; - ap_proxy_sec2hex(lmod, buff + 17 * (1)); + ap_proxy_sec2hex(lmod, buff + 17 * (1), sizeof(buff) - 17 * 1); buff[17 * (2) - 1] = ' '; - ap_proxy_sec2hex(expc, buff + 17 * (2)); + ap_proxy_sec2hex(expc, buff + 17 * (2), sizeof(buff) - 17 * 2); buff[17 * (3) - 1] = ' '; - ap_proxy_sec2hex(c->version, buff + 17 * (3)); + ap_proxy_sec2hex(c->version, buff + 17 * (3), sizeof(buff) - 17 * 3); buff[17 * (4) - 1] = ' '; - ap_proxy_sec2hex(c->req_time, buff + 17 * (4)); + ap_proxy_sec2hex(c->req_time, buff + 17 * (4), sizeof(buff) - 17 * 4); buff[17 * (5) - 1] = ' '; - ap_proxy_sec2hex(c->resp_time, buff + 17 * (5)); + ap_proxy_sec2hex(c->resp_time, buff + 17 * (5), sizeof(buff) - 17 * 5); buff[17 * (6) - 1] = ' '; - ap_proxy_sec2hex(c->len, buff + 17 * (6)); + ap_proxy_sec2hex(c->len, buff + 17 * (6), sizeof(buff) - 17 * 6); buff[17 * (7) - 1] = '\n'; buff[17 * (7)] = '\0'; @@ -1575,7 +1575,8 @@ int ap_proxy_cache_update(cache_req *c, table *resp_hdrs, ( (c_clen = ap_strtol(c_clen_str, NULL, 10)) > 0) ) { ap_table_set(resp_hdrs, "Content-Length", c_clen_str); c->len = c_clen; - ap_proxy_sec2hex(c->len, buff + 17 * (6)); + ap_proxy_sec2hex(c->len, buff + 17 * (6), + sizeof(buff) - 17 * 6); buff[17 * (7) - 1] = '\n'; buff[17 * (7)] = '\0'; } @@ -1740,7 +1741,7 @@ void ap_proxy_cache_tidy(cache_req *c) c->len = bc; ap_bflush(c->fp); - ap_proxy_sec2hex(c->len, buff); + ap_proxy_sec2hex(c->len, buff, sizeof(buff)); curpos = lseek(ap_bfileno(c->fp, B_WR), 17 * 6, SEEK_SET); if (curpos == -1) ap_log_error(APLOG_MARK, APLOG_ERR, s, diff --git a/usr.sbin/httpd/src/modules/proxy/proxy_util.c b/usr.sbin/httpd/src/modules/proxy/proxy_util.c index 68ea8beca78..f85a460fc71 100644 --- a/usr.sbin/httpd/src/modules/proxy/proxy_util.c +++ b/usr.sbin/httpd/src/modules/proxy/proxy_util.c @@ -915,16 +915,20 @@ int ap_proxy_hex2sec(const char *x) /* * Converts a time integer to 16 hex digits */ -void ap_proxy_sec2hex(int t, char *y) +int ap_proxy_sec2hex(int t, char *y, int len) { int i, ch; unsigned int j = t; if (-1 == t) { - strcpy(y, "FFFFFFFFFFFFFFFF"); - return; + if (strlcpy(y, "FFFFFFFFFFFFFFFF", len) > len) + return (-1); + return (0); } + if (len < 17) + return (-1); + for (i = 15; i >= 0; i--) { ch = j & 0xF; j >>= 4; @@ -934,6 +938,7 @@ void ap_proxy_sec2hex(int t, char *y) y[i] = ch + '0'; } y[16] = '\0'; + return (0); } |