[sqwebmail] Re: imageurl & templatedir environ patch

Jesse Guardiani Wed, 09 Jul 2003 11:47:31 -0700

On Wednesday 09 July 2003 14:09, you wrote:
> Jesse Guardiani writes:
> > On Wednesday 09 July 2003 12:27, Sam Varshavchik wrote:
> >> Jesse Guardiani writes:
> >> > On Thursday 03 July 2003 14:04, Jesse Guardiani wrote:
> >> >> Sam,
> >> >>
> >> >> Take a look at the attached patches, please.
> >> >
> >> > Sorry. I forgot to attach the patches. Here they are. See attached.
> >>
> >> The malloc version serves no useful purpose.  Copying the pathnames to a
> >> malloced buffer, and freeing it afterwards does not do anything useful.
> >>
> >> Furthermore, you're allocating one byte too short, which will result in
> >> subtle memory corruption.
> >
> > ok. I admit it. I suck with malloc. That's why I wanted you to look it
> > over first. I can fix the off by one error easily.
> >
> >> The non-malloc version has a rather obvious exploitable buffer overflow,
> >
> > That was the purpose of the malloc version. Avoid buffer overflow.
> >
> > What would you suggest instead?
>
> You're making things too complicated than they need to be.  Replacing the
> manifest constants with a getenv(), will be sufficient.  And if getenv
> comes back empty, fall back to the original manifest constant.


ok, thanks. See attached.

-- 
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v)  423-559-5145 (f)
http://www.wingnet.net

Only in sqwebmail-3.5.3.20030629: config.rpath
Only in sqwebmail-3.5.3.20030629/http11: http11.h
Only in sqwebmail-3.5.3.20030629/sqwebmail/html: README_LANG.txt
Only in sqwebmail-3.5.3.20030629.imageurl_templatedir_patch/sqwebmail/html: en
diff -ur sqwebmail-3.5.3.20030629/sqwebmail/newmsg_create.c sqwebmail-3.5.3.20030629.imageurl_templatedir_patch/sqwebmail/newmsg_create.c
--- sqwebmail-3.5.3.20030629/sqwebmail/newmsg_create.c	Mon Jun  2 19:47:16 2003
+++ sqwebmail-3.5.3.20030629.imageurl_templatedir_patch/sqwebmail/newmsg_create.c	Wed Jul  9 14:32:33 2003
@@ -929,14 +929,10 @@
 
 	if (do_footer)
 	{
-		char	*templatedir=getenv("SQWEBMAIL_TEMPLATEDIR");
-	
-		if (!templatedir || !*templatedir)
-			templatedir=HTMLLIBDIR;
-
-		fp=http11_open_langfile(templatedir,
+		fp=http11_open_langfile(get_templatedir(),
 					sqwebmail_content_language,
 					"footer");
+		
 		if (fp != 0)
 		{
 			while ((n=fread(buf, 1, sizeof(buf), fp)) > 0)
Only in sqwebmail-3.5.3.20030629.imageurl_templatedir_patch/sqwebmail: newmsg_create.c.orig
diff -ur sqwebmail-3.5.3.20030629/sqwebmail/sqwebmail.c sqwebmail-3.5.3.20030629.imageurl_templatedir_patch/sqwebmail/sqwebmail.c
--- sqwebmail-3.5.3.20030629/sqwebmail/sqwebmail.c	Tue Jun 24 09:12:21 2003
+++ sqwebmail-3.5.3.20030629.imageurl_templatedir_patch/sqwebmail/sqwebmail.c	Wed Jul  9 14:31:44 2003
@@ -409,15 +409,34 @@
 	fake_exit(1);
 }
 
+
+char *get_templatedir()
+{
+char	*templatedir=getenv("SQWEBMAIL_TEMPLATEDIR");
+	
+	if (!templatedir || !*templatedir)	templatedir=HTMLLIBDIR;
+
+	return templatedir;
+}
+
+
+char *get_imageurl()
+{
+char	*imageurl=getenv("SQWEBMAIL_IMAGEURL");
+	
+	if (!imageurl || !*imageurl)	imageurl=IMGPATH;
+
+	return imageurl;
+}
+
+
 FILE *open_langform(const char *lang, const char *formname,
 		    int print_header)
 {
 char	*formpath;
 FILE	*f;
-char	*templatedir=getenv("SQWEBMAIL_TEMPLATEDIR");
+char	*templatedir=get_templatedir();
 	
-	if (!templatedir || !*templatedir)	templatedir=HTMLLIBDIR;
-
 	/* templatedir/lang/formname */
 
 	if (!(formpath=malloc(strlen(templatedir)+3+
@@ -428,7 +447,9 @@
 		lang), "/"), formname);
 
 	f=fopen(formpath, "r");
+
 	free(formpath);
+	
 	if (f && print_header)
 		printf("Content-Language: %s\n", lang);
 	if (f)
@@ -509,8 +530,9 @@
 		MKIMG('c');
 		MKIMG('=');
 		MKIMG('"');
-		for (p=IMGPATH; *p; p++)
+		for (p=get_imageurl(); *p; p++)
 			MKIMG(*p);
+
 		MKIMG('/');
 		while ((c=getc(f)) >= 0
 		       && c != '@' && c != ',')
@@ -1286,7 +1308,7 @@
 		}
 		else if (strcmp(kw, "SQWEBMAILCSS") == 0)
 		{
-			printf(IMGPATH "/sqwebmail.css");
+			printf("%s/sqwebmail.css", get_imageurl());
 		}
 		else if (strcmp(kw, "timezonelist") == 0)
 		{
Only in sqwebmail-3.5.3.20030629.imageurl_templatedir_patch/sqwebmail: sqwebmail.c.orig
diff -ur sqwebmail-3.5.3.20030629/sqwebmail/sqwebmail.h sqwebmail-3.5.3.20030629.imageurl_templatedir_patch/sqwebmail/sqwebmail.h
--- sqwebmail-3.5.3.20030629/sqwebmail/sqwebmail.h	Sat Mar 22 23:50:44 2003
+++ sqwebmail-3.5.3.20030629.imageurl_templatedir_patch/sqwebmail/sqwebmail.h	Wed Jul  9 14:34:06 2003
@@ -102,6 +102,8 @@
 extern void freeargs();
 extern void insert_include(const char *);
 extern const char *getarg(const char *);
+extern char *get_templatedir();
+extern char *get_imageurl();
 
 #define	GPGDIR "gpg"
 
Only in sqwebmail-3.5.3.20030629.imageurl_templatedir_patch/sqwebmail: sqwebmail.h.orig
Only in sqwebmail-3.5.3.20030629.imageurl_templatedir_patch/sqwebmail: tags
Only in sqwebmail-3.5.3.20030629: sqwebmail.spec

[sqwebmail] Re: imageurl & templatedir environ patch

Reply via email to