Package: webalizer Version: 2.01.10-32 Severity: wishlist Tags: patch Hi,
I think this patch makes the parsing of the database webalizer.current more robust. Bye, Jörg.
From 097a8409475bc25c88cf10dd6d715d0ba6371c46 Mon Sep 17 00:00:00 2001 Message-Id: <097a8409475bc25c88cf10dd6d715d0ba6371c46.1259165262.git.joerg.som...@ateo.de> In-Reply-To: <ecff2b0815768dc2b1897390adc3e9e68a0c5689.1259165261.git.joerg.som...@ateo.de> References: <ecff2b0815768dc2b1897390adc3e9e68a0c5689.1259165261.git.joerg.som...@ateo.de> From: =?utf-8?q?J=C3=B6rg=20Sommer?= <jo...@alea.gnuu.de> Date: Wed, 25 Nov 2009 15:16:18 +0100 Subject: [PATCH 3/5] New Patch to check the return value of sscanf in preserve.c --- debian/patches/00list | 1 + debian/patches/23_check_sscanf_return.dpatch | 46 ++++++++++++++++++++++++++ 2 files changed, 47 insertions(+), 0 deletions(-) create mode 100644 debian/patches/23_check_sscanf_return.dpatch diff --git a/debian/patches/00list b/debian/patches/00list index 053219e..8d40347 100644 --- a/debian/patches/00list +++ b/debian/patches/00list @@ -20,3 +20,4 @@ 20_fix_capital_letter_option 21_remove_-v_option 22_php_as_htm_in_sample.conf +23_check_sscanf_return.dpatch diff --git a/debian/patches/23_check_sscanf_return.dpatch b/debian/patches/23_check_sscanf_return.dpatch new file mode 100644 index 0000000..0bcd158 --- /dev/null +++ b/debian/patches/23_check_sscanf_return.dpatch @@ -0,0 +1,46 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 23_check_sscanf_return.dpatch by Jörg Sommer <jo...@alea.gnuu.de> +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Bug # showed that it's better to check this return value the be +## DP: sure to really have read what we've expected. + +...@dpatch@ +diff --git a/preserve.c b/preserve.c +index a93ae86..181a53d 100644 +--- a/preserve.c ++++ b/preserve.c +@@ -575,10 +575,12 @@ int restore_state() + if (!isdigit((int)buffer[0])) return 8; /* error exit */ + + /* load temporary node data */ +- sscanf(buffer,"%d %lld %lld %lf %lld %lld %lf %lf", +- &t_hnode.flag,&t_hnode.count, +- &t_hnode.files, &t_hnode.xfer, +- &t_hnode.visit, &t_hnode.tstamp, &t_hnode.ixfer, &t_hnode.oxfer); ++ if (sscanf(buffer,"%d %lld %lld %lf %lld %lld %lf %lf", ++ &t_hnode.flag,&t_hnode.count, ++ &t_hnode.files, &t_hnode.xfer, ++ &t_hnode.visit, &t_hnode.tstamp, ++ &t_hnode.ixfer, &t_hnode.oxfer) != 8) ++ return 8; /* error exit */ + + /* get last url */ + if ((fgets(buffer,BUFSIZE,fp)) == NULL) return 8; /* error exit */ +@@ -616,10 +618,12 @@ int restore_state() + if (!isdigit((int)buffer[0])) return 9; /* error exit */ + + /* load temporary node data */ +- sscanf(buffer,"%d %lld %lld %lf %lld %lld %lf %lf", +- &t_hnode.flag,&t_hnode.count, +- &t_hnode.files, &t_hnode.xfer, +- &t_hnode.visit, &t_hnode.tstamp, &t_hnode.ixfer, &t_hnode.oxfer); ++ if (sscanf(buffer,"%d %lld %lld %lf %lld %lld %lf %lf", ++ &t_hnode.flag,&t_hnode.count, ++ &t_hnode.files, &t_hnode.xfer, ++ &t_hnode.visit, &t_hnode.tstamp, ++ &t_hnode.ixfer, &t_hnode.oxfer) != 8) ++ return 8; /* error exit */ + + /* get last url */ + if ((fgets(buffer,BUFSIZE,fp)) == NULL) return 9; /* error exit */ -- 1.6.3.3
signature.asc
Description: Digital signature http://en.wikipedia.org/wiki/OpenPGP
