diff options
-rw-r--r-- | fileio.c | 7 | ||||
-rw-r--r-- | wfm.c | 27 | ||||
-rw-r--r-- | wfm.h | 21 |
3 files changed, 28 insertions, 27 deletions
@@ -165,7 +165,7 @@ void edit_save(void) { int size=0; int tmpfd; char *buff; - char tempname[64]={0}; + char tempname[4096]={0}; //FILE *output; FILE *tempf; #ifndef WFMGIT @@ -428,7 +428,7 @@ off_t du(char *pdir) { void re_dir_ui(char *vdir, int level) { struct dirent **direntry; struct stat fileinfo; - char child[sizeof(wp.virt_dirname)]={0}; + char child[sizeof(wp.virt_dirname)+2]={0}; char phy_child[sizeof(wp.phys_dirname)]={0}; char re_phys_dirname[sizeof(wp.phys_dirname)]={0}; int n; @@ -448,8 +448,7 @@ void re_dir_ui(char *vdir, int level) { snprintf(phy_child, sizeof(phy_child), "%s/%s/%s", cfg.homedir, vdir, direntry[e]->d_name); if((direntry[e]->d_name[0]!='.') && (lstat(phy_child, &fileinfo)==0) && S_ISDIR(fileinfo.st_mode)) { - - snprintf(child, sizeof(wp.virt_dirname), "%s/%s", vdir, direntry[e]->d_name); + snprintf(child, sizeof(child), "%s/%s", vdir, direntry[e]->d_name); fprintf(cgiOut, "<OPTION VALUE=\"%s\">", child); @@ -167,7 +167,7 @@ void access_check(char *access_string) { rt.access_level=PERM_RW; rt.access_as_user=1; - strncpy(rt.loggedinuser, getenv("REMOTE_USER"), sizeof(rt.loggedinuser)); + snprintf(rt.loggedinuser, sizeof(rt.loggedinuser), "%s", getenv("REMOTE_USER") ); } } } @@ -184,7 +184,7 @@ void checkfilename(char *inp_filename) { char *bname; if(inp_filename && strlen(inp_filename)) { - strncpy(temp_filename, inp_filename, sizeof(wp.virt_filename)); + snprintf(temp_filename, sizeof(temp_filename), "%s", inp_filename); } else if(cgiFormFileName("filename", temp_filename, sizeof(wp.virt_filename)) == cgiFormSuccess) { @@ -206,7 +206,7 @@ void checkfilename(char *inp_filename) { (void) *bname++; strip(bname, sizeof(wp.virt_filename), VALIDCHRS); - strncpy(wp.virt_filename, bname, sizeof(wp.virt_filename)); + snprintf(wp.virt_filename, sizeof(wp.virt_filename), "%s", bname); wp.virt_filename_urlencoded=url_encode(wp.virt_filename); snprintf(wp.phys_filename, sizeof(wp.phys_filename), "%s/%s", wp.phys_dirname, wp.virt_filename); @@ -216,8 +216,9 @@ void checkfilename(char *inp_filename) { if(strstr(wp.phys_filename, "..")) error("Double dots in pfilename"); if(strstr(wp.virt_filename, "..")) error("Double dots in vfilename"); - strncpy(temp_dirname, wp.phys_filename, sizeof(wp.phys_filename)); - if(strlen(dirname(temp_dirname)) < strlen(cfg.homedir)) error("Basename path too short"); + snprintf(temp_dirname, sizeof(temp_dirname), "%s", wp.phys_filename); + if(strlen(dirname(temp_dirname)) < strlen(cfg.homedir)) + error("Basename path too short"); } // @@ -232,9 +233,9 @@ void checkdestination(void) { cgiFormInteger("absdst", &absolute_destination, 0); // move operation relies on absolute paths, rename does not if(absolute_destination) - snprintf(wp.phys_destination, sizeof(wp.phys_filename), "%s/%s", cfg.homedir, wp.virt_destination); + snprintf(wp.phys_destination, sizeof(wp.phys_destination), "%s/%s", cfg.homedir, wp.virt_destination); else - snprintf(wp.phys_destination, sizeof(wp.phys_filename), "%s/%s", wp.phys_dirname, wp.virt_destination); + snprintf(wp.phys_destination, sizeof(wp.phys_destination), "%s/%s", wp.phys_dirname, wp.virt_destination); if(strlen(wp.phys_destination)<1 || strlen(wp.phys_destination)>(sizeof(wp.phys_filename)-2)) error("Invalid pdestination lenght [%d]", strlen(wp.phys_destination)); if(strlen(wp.virt_destination)<1 || strlen(wp.virt_destination)>(sizeof(wp.virt_filename)-2)) error("Invalid vdestination lenght [%d]", strlen(wp.virt_destination)); @@ -258,7 +259,7 @@ void checkdirectory(void) { wp.virt_dirname_urlencoded=url_encode(wp.virt_dirname); // parent - strncpy(temp, wp.virt_dirname, sizeof(wp.virt_dirname)); + strncpy(temp, wp.virt_dirname, sizeof(temp)); strncpy(wp.virt_parent, dirname(temp), sizeof(wp.virt_dirname)); wp.virt_parent_urlencoded=url_encode(wp.virt_parent); @@ -279,7 +280,7 @@ void checkdirectory(void) { if(strlen(real) > sizeof(wp.phys_dirname)-2) error("Resolved path too long"); - strncpy(wp.phys_dirname, real, sizeof(wp.phys_dirname)); + snprintf(wp.phys_dirname, sizeof(wp.phys_dirname), "%s", real); free(real); } @@ -513,10 +514,10 @@ void cfgload(void) { while(fgets(cfgline, sizeof(cfgline), cfgfile)) { if((*cfgline==';')||(*cfgline=='/')||(*cfgline=='#')||(*cfgline=='\n')) continue; - else if(strncmp(cfgline, c_homedir, strlen(c_homedir))==0) strncpy(cfg.homedir, cfgline+strlen(c_homedir), sizeof(cfg.homedir)); - else if(strncmp(cfgline, c_homeurl, strlen(c_homeurl))==0) strncpy(cfg.homeurl, cfgline+strlen(c_homeurl), sizeof(cfg.homeurl)); - else if(strncmp(cfgline, c_tagline, strlen(c_tagline))==0) strncpy(cfg.tagline, cfgline+strlen(c_tagline), sizeof(cfg.tagline)); - else if(strncmp(cfgline, c_favicon, strlen(c_favicon))==0) strncpy(cfg.favicon, cfgline+strlen(c_favicon), sizeof(cfg.favicon)); + else if(strncmp(cfgline, c_homedir, strlen(c_homedir))==0) snprintf(cfg.homedir, sizeof(cfg.homedir), "%s", cfgline+strlen(c_homedir)); + else if(strncmp(cfgline, c_homeurl, strlen(c_homeurl))==0) snprintf(cfg.homeurl, sizeof(cfg.homeurl), "%s", cfgline+strlen(c_homeurl)); + else if(strncmp(cfgline, c_tagline, strlen(c_tagline))==0) snprintf(cfg.tagline, sizeof(cfg.tagline), "%s", cfgline+strlen(c_tagline)); + else if(strncmp(cfgline, c_favicon, strlen(c_favicon))==0) snprintf(cfg.favicon, sizeof(cfg.favicon), "%s", cfgline+strlen(c_favicon)); else if(strncmp(cfgline, c_editdef, strlen(c_editdef))==0) cfg.edit_by_default=1; else if(strncmp(cfgline, c_editany, strlen(c_editany))==0) cfg.edit_any_file=1; else if(strncmp(cfgline, c_largeset, strlen(c_largeset))==0) cfg.largeset=1; @@ -1,6 +1,7 @@ -#define VERSION "1.4.0" +#define VERSION "1.4.1" #define COPYRIGHT "<!-- WFM Version " VERSION ", Mountain View, CA, " __DATE__ " [" __TIME__ "] -->\n" \ - "<!-- Copyright (c) 1994-2018 by Antoni Sawicki -->\n" + "<!-- Copyright (c) 1994-2018 by Antoni Sawicki -->\n" \ + "<!-- Copyright (c) 2019 by Google LLC -->\n" #define FONT_SIZE "12px" @@ -75,12 +76,12 @@ struct wfm_paths { char virt_filename[NAME_MAX]; char *virt_filename_urlencoded; char virt_destination[NAME_MAX]; - char virt_parent[NAME_MAX]; + char virt_parent[1024]; char *virt_parent_urlencoded; - char phys_dirname[PATH_MAX]; - char phys_filename[PATH_MAX]; - char phys_destination[PATH_MAX]; - char final_destination[PATH_MAX]; + char phys_dirname[2048]; + char phys_filename[4096]; + char phys_destination[4096]; + char final_destination[8192]; } wp; struct config_struct { @@ -89,7 +90,7 @@ struct config_struct { int edit_any_file; int recursive_du; int largeset; - char homedir[1024]; + char homedir[PATH_MAX]; char homeurl[1024]; char tagline[1024]; char favicon[1024]; @@ -97,7 +98,7 @@ struct config_struct { struct runtime_struct { char token[256]; - char iconsurl[1024]; + char iconsurl[64]; char loggedinuser[64]; int access_level; int access_as_user; @@ -113,7 +114,7 @@ enum { CHANGE, DELETE, MOVE }; typedef struct asdir_ { - char name[NAME_MAX]; + char name[1024]; mode_t type; off_t size; time_t atime, mtime, rtime; |