From 379e22a4c0c00193b16fec3c46c4b68cdb63ee1a Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Sat, 11 Feb 2012 21:25:57 +0100 Subject: remove the arbitrary MAXLEN limit for response lines (Closes: #658346) --- methods/http.cc | 4 ---- methods/http.h | 4 +--- methods/https.h | 2 -- 3 files changed, 1 insertion(+), 9 deletions(-) (limited to 'methods') diff --git a/methods/http.cc b/methods/http.cc index 2721b1224..7ddf8e045 100644 --- a/methods/http.cc +++ b/methods/http.cc @@ -534,10 +534,6 @@ bool ServerState::HeaderLine(string Line) if (Line.empty() == true) return true; - // The http server might be trying to do something evil. - if (Line.length() >= MAXLEN) - return _error->Error(_("Got a single header line over %u chars"),MAXLEN); - string::size_type Pos = Line.find(' '); if (Pos == string::npos || Pos+1 > Line.length()) { diff --git a/methods/http.h b/methods/http.h index c73d4df5c..c061ad680 100644 --- a/methods/http.h +++ b/methods/http.h @@ -11,8 +11,6 @@ #ifndef APT_HTTP_H #define APT_HTTP_H -#define MAXLEN 360 - #include #include @@ -92,7 +90,7 @@ struct ServerState unsigned int Major; unsigned int Minor; unsigned int Result; - char Code[MAXLEN]; + char Code[360]; // These are some statistics from the last parsed header lines unsigned long long Size; diff --git a/methods/https.h b/methods/https.h index b7adeb880..3b57c7be6 100644 --- a/methods/https.h +++ b/methods/https.h @@ -11,8 +11,6 @@ #ifndef APT_HTTP_H #define APT_HTTP_H -#define MAXLEN 360 - #include #include -- cgit v1.2.3 From f40db111e15e0d7bed3a6432d96c17553ee6f68e Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Sat, 11 Feb 2012 21:26:42 +0100 Subject: just in case: correct the header-guard for https to not match http --- methods/https.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'methods') diff --git a/methods/https.h b/methods/https.h index 3b57c7be6..b1961a870 100644 --- a/methods/https.h +++ b/methods/https.h @@ -8,8 +8,8 @@ ##################################################################### */ /*}}}*/ -#ifndef APT_HTTP_H -#define APT_HTTP_H +#ifndef APT_HTTPS_H +#define APT_HTTPS_H #include #include -- cgit v1.2.3 From dcaa1185506986142bccd990a5dca4c6ec1228cf Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Sun, 4 Mar 2012 23:47:05 +0100 Subject: fix a bunch of cppcheck "(warning) Member variable '<#>' is not initialized in the constructor." messages (no functional change) --- methods/ftp.cc | 1 + methods/http.h | 7 ++++--- methods/rsh.cc | 4 +++- 3 files changed, 8 insertions(+), 4 deletions(-) (limited to 'methods') diff --git a/methods/ftp.cc b/methods/ftp.cc index ad8a7b828..b1e8d2b0a 100644 --- a/methods/ftp.cc +++ b/methods/ftp.cc @@ -77,6 +77,7 @@ FTPConn::FTPConn(URI Srv) : Len(0), ServerFd(-1), DataFd(-1), { Debug = _config->FindB("Debug::Acquire::Ftp",false); PasvAddr = 0; + Buffer[0] = '\0'; } /*}}}*/ // FTPConn::~FTPConn - Destructor /*{{{*/ diff --git a/methods/http.h b/methods/http.h index c061ad680..7a3ccda54 100644 --- a/methods/http.h +++ b/methods/http.h @@ -115,9 +115,10 @@ struct ServerState bool HeaderLine(std::string Line); bool Comp(URI Other) const {return Other.Host == ServerName.Host && Other.Port == ServerName.Port;}; - void Reset() {Major = 0; Minor = 0; Result = 0; Size = 0; StartPos = 0; - Encoding = Closes; time(&Date); ServerFd = -1; - Pipeline = true;}; + void Reset() {Major = 0; Minor = 0; Result = 0; Code[0] = '\0'; Size = 0; + StartPos = 0; Encoding = Closes; time(&Date); HaveContent = false; + State = Header; Persistent = false; ServerFd = -1; + Pipeline = true;}; /** \brief Result of the header acquire */ enum RunHeadersResult { diff --git a/methods/rsh.cc b/methods/rsh.cc index d249ae961..fb3782314 100644 --- a/methods/rsh.cc +++ b/methods/rsh.cc @@ -42,7 +42,9 @@ int RSHMethod::FailFd = -1; // --------------------------------------------------------------------- /* */ RSHConn::RSHConn(URI Srv) : Len(0), WriteFd(-1), ReadFd(-1), - ServerName(Srv), Process(-1) {} + ServerName(Srv), Process(-1) { + Buffer[0] = '\0'; +} /*}}}*/ // RSHConn::RSHConn - Destructor /*{{{*/ // --------------------------------------------------------------------- -- cgit v1.2.3 From ce3c2407d9ac8cc5b45bda5f5991ac0fa89d1d98 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Sun, 4 Mar 2012 23:56:06 +0100 Subject: fix "(error) Possible null pointer dereference: BindAddr" by ensuring that BindAddr isn't NULL after getaddrinfo() --- methods/ftp.cc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'methods') diff --git a/methods/ftp.cc b/methods/ftp.cc index b1e8d2b0a..89c81f384 100644 --- a/methods/ftp.cc +++ b/methods/ftp.cc @@ -721,14 +721,14 @@ bool FTPConn::CreateDataFd() DataListenFd = -1; // Get the information for a listening socket. - struct addrinfo *BindAddr = 0; + struct addrinfo *BindAddr = NULL; struct addrinfo Hints; memset(&Hints,0,sizeof(Hints)); Hints.ai_socktype = SOCK_STREAM; Hints.ai_flags |= AI_PASSIVE; Hints.ai_family = ((struct sockaddr *)&ServerAddr)->sa_family; int Res; - if ((Res = getaddrinfo(0,"0",&Hints,&BindAddr)) != 0) + if ((Res = getaddrinfo(0,"0",&Hints,&BindAddr)) != 0 || BindAddr == NULL) return _error->Error(_("getaddrinfo was unable to get a listening socket")); // Construct the socket -- cgit v1.2.3 From cddbc86debef12020fd367588ffbc9947a83da60 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Sun, 4 Mar 2012 23:58:23 +0100 Subject: fix two "(style) Variable 'Res' is assigned a value that is never used" --- methods/ftp.cc | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'methods') diff --git a/methods/ftp.cc b/methods/ftp.cc index 89c81f384..d55ac1224 100644 --- a/methods/ftp.cc +++ b/methods/ftp.cc @@ -622,8 +622,7 @@ bool FTPConn::ExtGoPasv() } // Get a new passive address. - int Res; - if ((Res = getaddrinfo(IP.c_str(),PStr,&Hints,&PasvAddr)) != 0) + if (getaddrinfo(IP.c_str(),PStr,&Hints,&PasvAddr) != 0) return true; return true; @@ -727,8 +726,7 @@ bool FTPConn::CreateDataFd() Hints.ai_socktype = SOCK_STREAM; Hints.ai_flags |= AI_PASSIVE; Hints.ai_family = ((struct sockaddr *)&ServerAddr)->sa_family; - int Res; - if ((Res = getaddrinfo(0,"0",&Hints,&BindAddr)) != 0 || BindAddr == NULL) + if (getaddrinfo(0,"0",&Hints,&BindAddr) != 0 || BindAddr == NULL) return _error->Error(_("getaddrinfo was unable to get a listening socket")); // Construct the socket -- cgit v1.2.3 From 74865d5d41f9d234625560ac1dd6d9863da27ac4 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Mon, 5 Mar 2012 00:19:50 +0100 Subject: ensure that (s)scanf doesn't parse a too long Code now that a previous commit lifted the Line-length limit --- methods/http.cc | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) (limited to 'methods') diff --git a/methods/http.cc b/methods/http.cc index 7ddf8e045..7979af299 100644 --- a/methods/http.cc +++ b/methods/http.cc @@ -42,6 +42,7 @@ #include #include #include +#include #include #include @@ -557,7 +558,7 @@ bool ServerState::HeaderLine(string Line) // Evil servers return no version if (Line[4] == '/') { - int const elements = sscanf(Line.c_str(),"HTTP/%u.%u %u%[^\n]",&Major,&Minor,&Result,Code); + int const elements = sscanf(Line.c_str(),"HTTP/%3u.%3u %3u%359[^\n]",&Major,&Minor,&Result,Code); if (elements == 3) { Code[0] = '\0'; @@ -571,7 +572,7 @@ bool ServerState::HeaderLine(string Line) { Major = 0; Minor = 9; - if (sscanf(Line.c_str(),"HTTP %u%[^\n]",&Result,Code) != 2) + if (sscanf(Line.c_str(),"HTTP %3u%359[^\n]",&Result,Code) != 2) return _error->Error(_("The HTTP server sent an invalid reply header")); } @@ -599,9 +600,10 @@ bool ServerState::HeaderLine(string Line) // The length is already set from the Content-Range header if (StartPos != 0) return true; - - if (sscanf(Val.c_str(),"%llu",&Size) != 1) - return _error->Error(_("The HTTP server sent an invalid Content-Length header")); + + Size = strtoull(Val.c_str(), NULL, 10); + if (Size == ULLONG_MAX) + return _error->Errno("HeaderLine", _("The HTTP server sent an invalid Content-Length header")); return true; } -- cgit v1.2.3 From deb0d61de51d2e30b224720a7c90ff7a6413a346 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Mon, 5 Mar 2012 00:20:28 +0100 Subject: fix "(style) Checking if unsigned variable 'Minor' is less than zero." --- methods/http.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'methods') diff --git a/methods/http.cc b/methods/http.cc index 7979af299..135771643 100644 --- a/methods/http.cc +++ b/methods/http.cc @@ -582,7 +582,7 @@ bool ServerState::HeaderLine(string Line) Persistent = false; else { - if (Major == 1 && Minor <= 0) + if (Major == 1 && Minor == 0) Persistent = false; else Persistent = true; -- cgit v1.2.3 From b4a6673c488200a1a52fd2732566ed05a4bc0dbb Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Mon, 5 Mar 2012 00:21:25 +0100 Subject: fix "(performance) Possible inefficient checking for 'R' emptiness." --- methods/http.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'methods') diff --git a/methods/http.cc b/methods/http.cc index 135771643..d2e03cfbc 100644 --- a/methods/http.cc +++ b/methods/http.cc @@ -1327,7 +1327,7 @@ int HttpMethod::Loop() after the same URI is seen twice in a queue item. */ StringVector &R = Redirected[Queue->DestFile]; bool StopRedirects = false; - if (R.size() == 0) + if (R.empty() == true) R.push_back(Queue->Uri); else if (R[0] == "STOP" || R.size() > 10) StopRedirects = true; -- cgit v1.2.3 From 13ad8ce30c129d2b204f0d13c730584b5a190044 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Mon, 5 Mar 2012 00:28:39 +0100 Subject: micro-optimize "(performance) Prefer prefix ++/-- operators for non-primitive types." --- methods/mirror.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'methods') diff --git a/methods/mirror.cc b/methods/mirror.cc index 3d5983efa..3b2ab8ede 100644 --- a/methods/mirror.cc +++ b/methods/mirror.cc @@ -147,7 +147,7 @@ bool MirrorMethod::DownloadMirrorFile(string mirror_uri_str) // append all architectures std::vector vec = APT::Configuration::getArchitectures(); for (std::vector::const_iterator I = vec.begin(); - I != vec.end(); I++) + I != vec.end(); ++I) if (I == vec.begin()) fetch += "?arch" + (*I); else -- cgit v1.2.3