Fossil SCM

Improved code saftey for the TH1-taint implementation, after a code audit.

drh 2025-04-22 17:40 trunk

Commit ded2126db663be15a58d9cb62ad9832dc9f2ea74ff5e45c40416ab1cc571719f

Parent 064d20ee382ec77…

3 files changed +2 +3 -1 +1 -2

M src/th.c

		--- src/th.c
		+++ src/th.c
		@@ -1799,10 +1799,12 @@
1799	1799	output.nBuf = *pnList;
1800	1800	output.nBufAlloc = output.nBuf;
1801	1801
1802	1802	if( nElem<0 ){
1803	1803	nElem = th_strlen(zElem);
	1804	+ }else{
	1805	+ nElem = TH1_LEN(nElem);
1804	1806	}
1805	1807	if( output.nBuf>0 ){
1806	1808	thBufferAddChar(interp, &output, ' ');
1807	1809	}
1808	1810
1809	1811

	--- src/th.c
	+++ src/th.c
	@@ -1799,10 +1799,12 @@
1799	output.nBuf = *pnList;
1800	output.nBufAlloc = output.nBuf;
1801
1802	if( nElem<0 ){
1803	nElem = th_strlen(zElem);


1804	}
1805	if( output.nBuf>0 ){
1806	thBufferAddChar(interp, &output, ' ');
1807	}
1808
1809

	--- src/th.c
	+++ src/th.c
	@@ -1799,10 +1799,12 @@
1799	output.nBuf = *pnList;
1800	output.nBufAlloc = output.nBuf;
1801
1802	if( nElem<0 ){
1803	nElem = th_strlen(zElem);
1804	}else{
1805	nElem = TH1_LEN(nElem);
1806	}
1807	if( output.nBuf>0 ){
1808	thBufferAddChar(interp, &output, ' ');
1809	}
1810
1811

M src/th_lang.c

+3 -1

		--- src/th_lang.c
		+++ src/th_lang.c
		@@ -586,11 +586,13 @@
586	586	/* If the last parameter in the parameter list is "args", then set the
587	587	** ProcDefn.hasArgs flag. The "args" parameter does not require an
588	588	** entry in the ProcDefn.azParam[] or ProcDefn.azDefault[] arrays.
589	589	*/
590	590	if( nParam>0 ){
591		- if( anParam[nParam-1]==4 && 0==memcmp(azParam[nParam-1], "args", 4) ){
	591	+ if( TH1_LEN(anParam[nParam-1])==4
	592	+ && 0==memcmp(azParam[nParam-1], "args", 4)
	593	+ ){
592	594	p->hasArgs = 1;
593	595	nParam--;
594	596	}
595	597	}
596	598
597	599

	--- src/th_lang.c
	+++ src/th_lang.c
	@@ -586,11 +586,13 @@
586	/* If the last parameter in the parameter list is "args", then set the
587	** ProcDefn.hasArgs flag. The "args" parameter does not require an
588	** entry in the ProcDefn.azParam[] or ProcDefn.azDefault[] arrays.
589	*/
590	if( nParam>0 ){
591	if( anParam[nParam-1]==4 && 0==memcmp(azParam[nParam-1], "args", 4) ){


592	p->hasArgs = 1;
593	nParam--;
594	}
595	}
596
597

	--- src/th_lang.c
	+++ src/th_lang.c
	@@ -586,11 +586,13 @@
586	/* If the last parameter in the parameter list is "args", then set the
587	** ProcDefn.hasArgs flag. The "args" parameter does not require an
588	** entry in the ProcDefn.azParam[] or ProcDefn.azDefault[] arrays.
589	*/
590	if( nParam>0 ){
591	if( TH1_LEN(anParam[nParam-1])==4
592	&& 0==memcmp(azParam[nParam-1], "args", 4)
593	){
594	p->hasArgs = 1;
595	nParam--;
596	}
597	}
598
599

M src/th_main.c

+1 -2

		--- src/th_main.c
		+++ src/th_main.c
		@@ -540,13 +540,12 @@
540	540	n = argl[1];
541	541	if( encode==0 && n>0 && TH1_TAINTED(n) ){
542	542	if( Th_ReportTaint(interp, "output string", argv[1], n) ){
543	543	return TH_ERROR;
544	544	}
545		- n = TH1_LEN(n);
546	545	}
547		- sendText(0,(char*)argv[1], n, encode);
	546	+ sendText(0,(char*)argv[1], TH1_LEN(n), encode);
548	547	return TH_OK;
549	548	}
550	549
551	550	/*
552	551	** TH1 command: redirect URL ?withMethod?
553	552

	--- src/th_main.c
	+++ src/th_main.c
	@@ -540,13 +540,12 @@
540	n = argl[1];
541	if( encode==0 && n>0 && TH1_TAINTED(n) ){
542	if( Th_ReportTaint(interp, "output string", argv[1], n) ){
543	return TH_ERROR;
544	}
545	n = TH1_LEN(n);
546	}
547	sendText(0,(char*)argv[1], n, encode);
548	return TH_OK;
549	}
550
551	/*
552	** TH1 command: redirect URL ?withMethod?
553

	--- src/th_main.c
	+++ src/th_main.c
	@@ -540,13 +540,12 @@
540	n = argl[1];
541	if( encode==0 && n>0 && TH1_TAINTED(n) ){
542	if( Th_ReportTaint(interp, "output string", argv[1], n) ){
543	return TH_ERROR;
544	}

545	}
546	sendText(0,(char*)argv[1], TH1_LEN(n), encode);
547	return TH_OK;
548	}
549
550	/*
551	** TH1 command: redirect URL ?withMethod?
552