diff options
| -rw-r--r-- | httpd.h | 2 | ||||
| -rw-r--r-- | ls.c | 83 | ||||
| -rw-r--r-- | response.c | 5 |
3 files changed, 46 insertions, 44 deletions
@@ -220,7 +220,7 @@ void write_request(struct REQUEST *req); /* --- ls.c ----------------------------------------------------- */ void init_quote(void); -char* quote(unsigned char *path, int maxlength); +char* quote(unsigned char *path, int maxlength, char *buf, int bufsize); struct DIRCACHE *get_dir(struct REQUEST *req, char *filename); void free_dir(struct DIRCACHE *dir); @@ -140,15 +140,14 @@ init_quote(void) } char* -quote(unsigned char *path, int maxlength) +quote(unsigned char *path, int maxlength, char *buf, int bufsize) { - static unsigned char buf[2048]; /* FIXME: threads break this... */ int i,j,n=strlen(path); if (n > maxlength) n = maxlength; - for (i=0, j=0; i<n && j<sizeof(buf)-4; i++, j++) { + for (i=0, j=0; i<n && j<bufsize-4; i++, j++) { if (!do_quote[path[i]]) { buf[j] = path[i]; continue; @@ -195,7 +194,7 @@ ls(time_t now, char *hostname, char *filename, char *path, int *length) struct myfile **re1; char *h1,*h2,*re2,*buf = NULL; int count,len,size,i,uid,gid; - char line[1024]; + char line[MAX_PATH]; char *pw = NULL, *gr = NULL; if (debug) @@ -231,7 +230,7 @@ ls(time_t now, char *hostname, char *filename, char *path, int *length) if (NULL == files[count]) goto oom; strcpy(files[count]->n,file->d_name); - sprintf(line,"%s/%s",filename,file->d_name); + snprintf(line,sizeof(line),"%s/%s",filename,file->d_name); if (-1 == stat(line,&files[count]->s)) { free(files[count]); count--; @@ -264,11 +263,11 @@ ls(time_t now, char *hostname, char *filename, char *path, int *length) goto oom; len = 0; - len += sprintf(buf+len, - "<head><title>%s:%d%s</title></head>\n" - "<body bgcolor=white text=black link=darkblue vlink=firebrick alink=red>\n" - "<h1>listing: \n", - hostname,tcp_port,path); + len += snprintf(buf+len, size-len, + "<head><title>%s:%d%s</title></head>\n" + "<body bgcolor=white text=black link=darkblue vlink=firebrick alink=red>\n" + "<h1>listing: \n", + hostname,tcp_port,path); h1 = path, h2 = path+1; for (;;) { @@ -281,11 +280,11 @@ ls(time_t now, char *hostname, char *filename, char *path, int *length) goto oom; buf = re2; } - len += sprintf(buf+len,"<a href=\"%s\">%*.*s</a>", - quote(path,h2-path), - (int)(h2-h1), - (int)(h2-h1), - h1); + len += snprintf(buf+len, size-len, "<a href=\"%s\">%*.*s</a>", + quote(path, h2-path, line, sizeof(line)), + (int)(h2-h1), + (int)(h2-h1), + h1); h1 = h2; h2 = strchr(h2,'/'); if (NULL == h2) @@ -293,10 +292,10 @@ ls(time_t now, char *hostname, char *filename, char *path, int *length) h2++; } - len += sprintf(buf+len, - "</h1><hr noshade size=1><pre>\n" - "<b>access user group date " - "size name</b>\n\n"); + len += snprintf(buf+len, size-len, + "</h1><hr noshade size=1><pre>\n" + "<b>access user group date " + "size name</b>\n\n"); for (i = 0; i < count; i++) { if (len > size) @@ -318,63 +317,63 @@ ls(time_t now, char *hostname, char *filename, char *path, int *length) /* user */ pw = xgetpwuid(files[i]->s.st_uid); if (NULL != pw) - len += sprintf(buf+len,"%-8.8s ",pw); + len += snprintf(buf+len, size-len, "%-8.8s ",pw); else - len += sprintf(buf+len,"%8d ",(int)files[i]->s.st_uid); + len += snprintf(buf+len, size-len, "%8d ",(int)files[i]->s.st_uid); /* group */ gr = xgetgrgid(files[i]->s.st_gid); if (NULL != gr) - len += sprintf(buf+len,"%-8.8s ",gr); + len += snprintf(buf+len, size-len, "%-8.8s ",gr); else - len += sprintf(buf+len,"%8d ",(int)files[i]->s.st_gid); + len += snprintf(buf+len, size-len, "%8d ",(int)files[i]->s.st_gid); /* mtime */ if (now - files[i]->s.st_mtime > 60*60*24*30*6) - len += strftime(buf+len,255,"%b %d %Y ", + len += strftime(buf+len, size-len, "%b %d %Y ", gmtime(&files[i]->s.st_mtime)); else - len += strftime(buf+len,255,"%b %d %H:%M ", + len += strftime(buf+len, size-len, "%b %d %H:%M ", gmtime(&files[i]->s.st_mtime)); /* size */ if (S_ISDIR(files[i]->s.st_mode)) { - len += sprintf(buf+len," <DIR> "); + len += snprintf(buf+len, size-len, " <DIR> "); } else if (!S_ISREG(files[i]->s.st_mode)) { - len += sprintf(buf+len," -- "); + len += snprintf(buf+len, size-len, " -- "); } else if (files[i]->s.st_size < 1024*9) { - len += sprintf(buf+len,"%4d B ", + len += snprintf(buf+len, size-len, "%4d B ", (int)files[i]->s.st_size); } else if (files[i]->s.st_size < 1024*1024*9) { - len += sprintf(buf+len,"%4d kB ", + len += snprintf(buf+len, size-len, "%4d kB ", (int)(files[i]->s.st_size>>10)); } else if ((int64_t)(files[i]->s.st_size) < (int64_t)1024*1024*1024*9) { - len += sprintf(buf+len,"%4d MB ", + len += snprintf(buf+len, size-len, "%4d MB ", (int)(files[i]->s.st_size>>20)); } else if ((int64_t)(files[i]->s.st_size) < (int64_t)1024*1024*1024*1024*9) { - len += sprintf(buf+len,"%4d GB ", + len += snprintf(buf+len, size-len, "%4d GB ", (int)(files[i]->s.st_size>>30)); } else { - len += sprintf(buf+len,"%4d TB ", + len += snprintf(buf+len, size-len, "%4d TB ", (int)(files[i]->s.st_size>>40)); } /* filename */ if (files[i]->r) { - len += sprintf(buf+len,"<a href=\"%s%s\">%s</a>\n", - quote(files[i]->n,9999), - S_ISDIR(files[i]->s.st_mode) ? "/" : "", - files[i]->n); + len += snprintf(buf+len, size-len, "<a href=\"%s%s\">%s</a>\n", + quote(files[i]->n, 9999, line, sizeof(line)), + S_ISDIR(files[i]->s.st_mode) ? "/" : "", + files[i]->n); } else { - len += sprintf(buf+len,"%s\n",files[i]->n); + len += snprintf(buf+len, size-len, "%s\n", files[i]->n); } } strftime(line,32,"%d/%b/%Y %H:%M:%S GMT",gmtime(&now)); - len += sprintf(buf+len, - "</pre><hr noshade size=1>\n" - "<small><a href=\"%s\">%s</a> %s</small>\n" - "</body>\n", - HOMEPAGE,server_name,line); + len += snprintf(buf+len, size-len, + "</pre><hr noshade size=1>\n" + "<small><a href=\"%s\">%s</a> %s</small>\n" + "</body>\n", + HOMEPAGE,server_name,line); for (i = 0; i < count; i++) free(files[i]); if (count) @@ -209,6 +209,8 @@ mkerror(struct REQUEST *req, int status, int ka) void mkredirect(struct REQUEST *req) { + char buf[MAX_PATH]; + req->status = 302; req->body = req->path; req->lbody = strlen(req->body); @@ -219,7 +221,8 @@ mkredirect(struct REQUEST *req) "Content-Length: %" PRId64 "\r\n", "302 Redirect",server_name, req->keep_alive ? "Keep-Alive" : "Close", - req->hostname,tcp_port,quote(req->path,9999), + req->hostname, tcp_port, + quote(req->path,9999,buf,sizeof(buf)), (int64_t)req->lbody); req->lres += strftime(req->hres+req->lres,80, "Date: " RFC1123 "\r\n\r\n", |