diff --git a/lib/parse.cpp b/lib/parse.cpp
index 381358c..becc9b3 100644
--- a/lib/parse.cpp
+++ b/lib/parse.cpp
@@ -497,7 +497,7 @@ int XML_PARSER::scan_comment() {
char* p = buf;
while (1) {
int c = f->_getc();
- if (c == EOF) return XML_PARSE_EOF;
+ if (!c || c == EOF) return XML_PARSE_EOF;
*p++ = c;
*p = 0;
if (strstr(buf, "-->")) {
@@ -515,7 +515,7 @@ int XML_PARSER::scan_cdata(char* buf, int len) {
len--;
while (1) {
int c = f->_getc();
- if (c == EOF) return XML_PARSE_EOF;
+ if (!c || c == EOF) return XML_PARSE_EOF;
if (len) {
*p++ = c;
len--;
@@ -540,11 +540,12 @@ int XML_PARSER::scan_cdata(char* buf, int len) {
//
bool XML_PARSER::parse_str(const char* start_tag, char* buf, int len) {
bool eof;
- char end_tag[256], tag[256];
+ char end_tag[TAG_BUF_LEN], tag[TAG_BUF_LEN];
+
+ size_t n = strlen(parsed_tag);
// handle the archaic form , which means empty string
//
- size_t n = strlen(parsed_tag);
if (parsed_tag[n-1] == '/') {
strcpy(tag, parsed_tag);
tag[n-1] = 0;
@@ -600,7 +601,7 @@ bool XML_PARSER::parse_string(const char* start_tag, string& str) {
bool XML_PARSER::parse_int(const char* start_tag, int& i) {
char buf[256], *end;
bool eof;
- char end_tag[256], tag[256];
+ char end_tag[TAG_BUF_LEN], tag[TAG_BUF_LEN];
if (strcmp(parsed_tag, start_tag)) return false;
@@ -635,7 +636,7 @@ bool XML_PARSER::parse_int(const char* start_tag, int& i) {
bool XML_PARSER::parse_double(const char* start_tag, double& x) {
char buf[256], *end;
bool eof;
- char end_tag[256], tag[256];
+ char end_tag[TAG_BUF_LEN], tag[TAG_BUF_LEN];
if (strcmp(parsed_tag, start_tag)) return false;
@@ -670,7 +671,7 @@ bool XML_PARSER::parse_double(const char* start_tag, double& x) {
bool XML_PARSER::parse_ulong(const char* start_tag, unsigned long& x) {
char buf[256], *end;
bool eof;
- char end_tag[256], tag[256];
+ char end_tag[TAG_BUF_LEN], tag[TAG_BUF_LEN];
if (strcmp(parsed_tag, start_tag)) return false;
@@ -705,7 +706,7 @@ bool XML_PARSER::parse_ulong(const char* start_tag, unsigned long& x) {
bool XML_PARSER::parse_ulonglong(const char* start_tag, unsigned long long& x) {
char buf[256], *end=0;
bool eof;
- char end_tag[256], tag[256];
+ char end_tag[TAG_BUF_LEN], tag[TAG_BUF_LEN];
if (strcmp(parsed_tag, start_tag)) return false;
@@ -740,7 +741,7 @@ bool XML_PARSER::parse_ulonglong(const char* start_tag, unsigned long long& x) {
bool XML_PARSER::parse_bool(const char* start_tag, bool& b) {
char buf[256], *end;
bool eof;
- char end_tag[256], tag[256];
+ char end_tag[TAG_BUF_LEN], tag[TAG_BUF_LEN];
// handle the archaic form , which means true
//
@@ -774,7 +775,7 @@ bool XML_PARSER::parse_bool(const char* start_tag, bool& b) {
// parse a start tag (optionally preceded by )
//
bool XML_PARSER::parse_start(const char* start_tag) {
- char tag[256];
+ char tag[TAG_BUF_LEN];
bool eof;
eof = get(tag, sizeof(tag), is_tag);
@@ -800,7 +801,7 @@ bool XML_PARSER::parse_start(const char* start_tag) {
void XML_PARSER::skip_unexpected(
const char* start_tag, bool verbose, const char* where
) {
- char tag[256], end_tag[256];
+ char tag[TAG_BUF_LEN], end_tag[TAG_BUF_LEN];
if (verbose) {
fprintf(stderr, "Unrecognized XML in %s: %s\n", where, start_tag);
@@ -821,7 +822,7 @@ void XML_PARSER::skip_unexpected(
// copy this entire element, including start and end tags, to the buffer
//
int XML_PARSER::copy_element(string& out) {
- char end_tag[256], buf[1024];
+ char end_tag[TAG_BUF_LEN], buf[1024];
// handle case
//
diff --git a/lib/parse.h b/lib/parse.h
index d16ed6e..5a8f490 100644
--- a/lib/parse.h
+++ b/lib/parse.h
@@ -34,6 +34,9 @@
#define XML_PARSE_CDATA 3
#define XML_PARSE_TAG 4
#define XML_PARSE_DATA 5
+#define XML_PARSE_OVERFLOW 6
+
+#define TAG_BUF_LEN 256
struct XML_PARSER {
int scan_comment();
@@ -47,29 +50,34 @@ struct XML_PARSER {
}
// read and copy text to buf; stop when find a <;
// ungetc() that so we read it again
- // Return true iff reached EOF
+ // Return XML_PARSE_DATA if successful
//
- inline bool copy_until_tag(char* buf, int len) {
+ inline int copy_until_tag(char* buf, int len) {
int c;
while (1) {
c = f->_getc();
- if (c == EOF) return true;
+ if (!c || c == EOF) return XML_PARSE_EOF;
if (c == '<') {
f->_ungetc(c);
*buf = 0;
- return false;
+ return XML_PARSE_DATA;
}
- if (--len > 0) {
- *buf++ = c;
+ if (--len <= 0) {
+ return XML_PARSE_OVERFLOW;
}
+ *buf++ = c;
}
}
+ // return true if EOF or error
+ //
inline bool get(
char* buf, int len, bool& _is_tag, char* attr_buf=0, int attr_len=0
) {
switch (get_aux(buf, len, attr_buf, attr_len)) {
- case XML_PARSE_EOF: return true;
+ case XML_PARSE_EOF:
+ case XML_PARSE_OVERFLOW:
+ return true;
case XML_PARSE_TAG:
_is_tag = true;
break;
@@ -83,7 +91,13 @@ struct XML_PARSER {
}
inline bool get_tag(char* ab=0, int al=0) {
- return get(parsed_tag, sizeof(parsed_tag), is_tag, ab, al);
+ if (get(parsed_tag, sizeof(parsed_tag), is_tag, ab, al)) {
+ return true;
+ }
+ if (strlen(parsed_tag) > TAG_BUF_LEN-10) {
+ return true;
+ }
+ return false;
}
inline bool match_tag(const char* tag) {
return !strcmp(parsed_tag, tag);
@@ -97,7 +111,7 @@ struct XML_PARSER {
int c;
while (1) {
c = f->_getc();
- if (c == EOF) return true;
+ if (!c || c == EOF) return true;
if (isspace(c)) continue;
first_char = c;
return false;
@@ -120,12 +134,12 @@ struct XML_PARSER {
if (c == '<') {
retval = scan_tag(buf, len, attr_buf, attr_len);
if (retval == XML_PARSE_EOF) return retval;
+ if (retval == XML_PARSE_OVERFLOW) return retval;
if (retval == XML_PARSE_COMMENT) continue;
} else {
buf[0] = c;
- eof = copy_until_tag(buf+1, len-1);
- if (eof) return XML_PARSE_EOF;
- retval = XML_PARSE_DATA;
+ retval = copy_until_tag(buf+1, len-1);
+ if (retval != XML_PARSE_DATA) return retval;
}
strip_whitespace(buf);
return retval;
@@ -153,7 +167,7 @@ struct XML_PARSER {
for (int i=0; ; i++) {
c = f->_getc();
- if (c == EOF) return XML_PARSE_EOF;
+ if (!c || c == EOF) return XML_PARSE_EOF;
if (c == '>') {
*buf = 0;
if (attr_buf) *attr_buf = 0;
@@ -169,6 +183,8 @@ struct XML_PARSER {
} else if (c == '/') {
if (--tag_len > 0) {
*buf++ = c;
+ } else {
+ return XML_PARSE_OVERFLOW;
}
} else {
if (found_space) {
@@ -180,6 +196,8 @@ struct XML_PARSER {
} else {
if (--tag_len > 0) {
*buf++ = c;
+ } else {
+ return XML_PARSE_OVERFLOW;
}
}
}
@@ -208,7 +226,7 @@ struct XML_PARSER {
break;
}
int c = f->_getc();
- if (c == EOF) {
+ if (!c || c == EOF) {
retval = ERR_XML_PARSE;
break;
}
diff --git a/sched/handle_request.cpp b/sched/handle_request.cpp
index 97f26d1..c2e7857 100644
--- a/sched/handle_request.cpp
+++ b/sched/handle_request.cpp
@@ -172,7 +172,7 @@ void unlock_sched() {
// find the user's most recently-created host with given host CPID
//
static bool find_host_by_cpid(DB_USER& user, char* host_cpid, DB_HOST& host) {
- char buf[256], buf2[256];
+ char buf[1024], buf2[256];
sprintf(buf, "%s%s", host_cpid, user.email_addr);
md5_block((const unsigned char*)buf, strlen(buf), buf2);
@@ -241,7 +241,7 @@ static void mark_results_over(DB_HOST& host) {
//
int authenticate_user() {
int retval;
- char buf[256];
+ char buf[1024];
DB_HOST host;
DB_USER user;
DB_TEAM team;
@@ -299,6 +299,7 @@ int authenticate_user() {
strlcpy(
user.authenticator, g_request->authenticator, sizeof(user.authenticator)
);
+ escape_string(user.authenticator, sizeof(user.authenticator));
sprintf(buf, "where authenticator='%s'", user.authenticator);
retval = user.lookup(buf);
if (retval) {
@@ -365,6 +366,7 @@ lookup_user_and_make_new_host:
user.authenticator, g_request->authenticator,
sizeof(user.authenticator)
);
+ escape_string(user.authenticator, sizeof(user.authenticator));
sprintf(buf, "where authenticator='%s'", user.authenticator);
retval = user.lookup(buf);
}
@@ -497,7 +499,7 @@ got_host:
static int modify_host_struct(HOST& host) {
host.timezone = g_request->host.timezone;
strncpy(host.domain_name, g_request->host.domain_name, sizeof(host.domain_name));
- char buf[256], buf2[256];
+ char buf[1024], buf2[1024];
sprintf(buf, "[BOINC|%d.%d.%d]",
g_request->core_client_major_version,
g_request->core_client_minor_version,
@@ -704,7 +706,7 @@ int send_result_abort() {
// 2) send global prefs in reply msg if needed
//
int handle_global_prefs() {
- char buf[BLOB_SIZE];
+ char buf[BLOB_SIZE+256];
g_reply->send_global_prefs = false;
bool have_working_prefs = (strlen(g_request->working_global_prefs_xml)>0);
bool have_master_prefs = (strlen(g_request->global_prefs_xml)>0);
diff --git a/sched/sched_locality.cpp b/sched/sched_locality.cpp
index 29e2be2..ade1d05 100644
--- a/sched/sched_locality.cpp
+++ b/sched/sched_locality.cpp
@@ -73,7 +73,7 @@ int delete_file_from_host() {
#endif
int nfiles = (int)g_request->file_infos.size();
- char buf[256];
+ char buf[1024];
if (!nfiles) {
double maxdisk = max_allowable_disk();
@@ -1232,7 +1232,7 @@ void send_file_deletes() {
int num_useless = g_request->files_not_needed.size();
int i;
for (i=0; ifiles_not_needed[i];
g_reply->file_deletes.push_back(fi);
if (config.debug_locality) {
diff --git a/sched/sched_types.cpp b/sched/sched_types.cpp
index c130035..66fffca 100644
--- a/sched/sched_types.cpp
+++ b/sched/sched_types.cpp
@@ -1355,7 +1355,7 @@ void PROJECT_FILES::init() {
}
void get_weak_auth(USER& user, char* buf) {
- char buf2[256], out[256];
+ char buf2[1024], out[256];
sprintf(buf2, "%s%s", user.authenticator, user.passwd_hash);
md5_block((unsigned char*)buf2, strlen(buf2), out);
sprintf(buf, "%d_%s", user.id, out);