[packages/cvs-nserver.git] / cvs-nserver-CAN-2004-0414.patch

diff -urN cvs-nserver-1.11.1.52.org/src/server.c cvs-nserver-1.11.1.52/src/server.c
--- cvs-nserver-1.11.1.52.org/src/server.c	2004-06-11 15:06:44.381011584 +0200
+++ cvs-nserver-1.11.1.52/src/server.c	2004-06-11 15:11:06.136218744 +0200
@@ -1619,8 +1619,7 @@
     char *cp;
     char *timefield;
 
-    if (error_pending ())
-	return;
+    if (error_pending ()) return;
 
     if (outside_dir (arg))
 	return;
@@ -1634,7 +1633,16 @@
 	    && strlen (arg) == cp - name
 	    && strncmp (arg, name, cp - name) == 0)
 	{
-	    timefield = strchr (cp + 1, '/') + 1;
+	    if (!(timefield = strchr (cp + 1, '/')) || *++timefield == '\0')
+	    {
+		/* We didn't find the record separator or it is followed by
+		 * the end of the string, so just exit.
+		 */
+		if (alloc_pending (80))
+		    sprintf (pending_error_text,
+		             "E Malformed Entry encountered.");
+		return;
+	    }
 	    /* If the time field is not currently empty, then one of
 	     * serve_modified, serve_is_modified, & serve_unchanged were
 	     * already called for this file.  We would like to ignore the
@@ -1681,8 +1689,7 @@
     /* Have we found this file in "entries" yet.  */
     int found;
 
-    if (error_pending ())
-	return;
+    if (error_pending ()) return;
 
     if (outside_dir (arg))
 	return;
@@ -1697,7 +1704,16 @@
 	    && strlen (arg) == cp - name
 	    && strncmp (arg, name, cp - name) == 0)
 	{
-	    timefield = strchr (cp + 1, '/') + 1;
+	    if (!(timefield = strchr (cp + 1, '/')) || *++timefield == '\0')
+	    {
+		/* We didn't find the record separator or it is followed by
+		 * the end of the string, so just exit.
+		 */
+		if (alloc_pending (80))
+		    sprintf (pending_error_text,
+		             "E Malformed Entry encountered.");
+		return;
+	    }
 	    /* If the time field is not currently empty, then one of
 	     * serve_modified, serve_is_modified, & serve_unchanged were
 	     * already called for this file.  We would like to ignore the
@@ -1782,8 +1798,30 @@
 {
     struct an_entry *p;
     char *cp;
+    int i = 0;
     if (error_pending()) return;
-    p = (struct an_entry *) malloc (sizeof (struct an_entry));
+
+    /* Verify that the entry is well-formed.  This can avoid problems later.
+     * At the moment we only check that the Entry contains five slashes in
+     * approximately the correct locations since some of the code makes
+     * assumptions about this.
+     */
+    
+    cp = arg;
+    if (*cp == 'D') cp++;
+    while (i++ < 5)
+    {
+	if (!cp || *cp != '/')
+	{
+	    if (alloc_pending (80))
+		sprintf (pending_error_text,
+			"E protocol error: Malformed Entry");
+	    return;
+	}
+	cp = strchr (cp + 1, '/');
+    }
+    
+    p = (struct an_entry *) xmalloc (sizeof (struct an_entry));
     if (p == NULL)
     {
 	pending_error = ENOMEM;
Commit	Line	Data
1ac47269 AM	1	diff -urN cvs-nserver-1.11.1.52.org/src/server.c cvs-nserver-1.11.1.52/src/server.c
	2	--- cvs-nserver-1.11.1.52.org/src/server.c 2004-06-11 15:06:44.381011584 +0200
	3	+++ cvs-nserver-1.11.1.52/src/server.c 2004-06-11 15:11:06.136218744 +0200
	4	@@ -1619,8 +1619,7 @@
	5	char *cp;
	6	char *timefield;
	7
	8	- if (error_pending ())
	9	- return;
	10	+ if (error_pending ()) return;
	11
	12	if (outside_dir (arg))
	13	return;
	14	@@ -1634,7 +1633,16 @@
	15	&& strlen (arg) == cp - name
	16	&& strncmp (arg, name, cp - name) == 0)
	17	{
	18	- timefield = strchr (cp + 1, '/') + 1;
	19	+ if (!(timefield = strchr (cp + 1, '/')) \|\| *++timefield == '\0')
	20	+ {
	21	+ /* We didn't find the record separator or it is followed by
	22	+ * the end of the string, so just exit.
	23	+ */
	24	+ if (alloc_pending (80))
	25	+ sprintf (pending_error_text,
	26	+ "E Malformed Entry encountered.");
	27	+ return;
	28	+ }
	29	/* If the time field is not currently empty, then one of
	30	* serve_modified, serve_is_modified, & serve_unchanged were
	31	* already called for this file. We would like to ignore the
	32	@@ -1681,8 +1689,7 @@
	33	/* Have we found this file in "entries" yet. */
	34	int found;
	35
	36	- if (error_pending ())
	37	- return;
	38	+ if (error_pending ()) return;
	39
	40	if (outside_dir (arg))
	41	return;
	42	@@ -1697,7 +1704,16 @@
	43	&& strlen (arg) == cp - name
	44	&& strncmp (arg, name, cp - name) == 0)
	45	{
	46	- timefield = strchr (cp + 1, '/') + 1;
	47	+ if (!(timefield = strchr (cp + 1, '/')) \|\| *++timefield == '\0')
	48	+ {
	49	+ /* We didn't find the record separator or it is followed by
	50	+ * the end of the string, so just exit.
	51	+ */
	52	+ if (alloc_pending (80))
	53	+ sprintf (pending_error_text,
	54	+ "E Malformed Entry encountered.");
	55	+ return;
	56	+ }
	57	/* If the time field is not currently empty, then one of
	58	* serve_modified, serve_is_modified, & serve_unchanged were
	59	* already called for this file. We would like to ignore the
	60	@@ -1782,8 +1798,30 @@
	61	{
	62	struct an_entry *p;
	63	char *cp;
	64	+ int i = 0;
65	if (error_pending()) return;
66	- p = (struct an_entry *) malloc (sizeof (struct an_entry));
67	+
68	+ /* Verify that the entry is well-formed. This can avoid problems later.
69	+ * At the moment we only check that the Entry contains five slashes in
70	+ * approximately the correct locations since some of the code makes
71	+ * assumptions about this.
72	+ */
73	+
74	+ cp = arg;
75	+ if (*cp == 'D') cp++;
76	+ while (i++ < 5)
77	+ {
78	+ if (!cp \|\| *cp != '/')
79	+ {
80	+ if (alloc_pending (80))
81	+ sprintf (pending_error_text,
82	+ "E protocol error: Malformed Entry");
83	+ return;
84	+ }
85	+ cp = strchr (cp + 1, '/');
86	+ }
87	+
88	+ p = (struct an_entry *) xmalloc (sizeof (struct an_entry));
89	if (p == NULL)
90	{
91	pending_error = ENOMEM;