Fossil SCM

The previous check-in [270b80db] is incorrect and causes memory allocation and use-after-free errors. Back it out.

drh 2015-05-18 22:17 trunk
Commit f7ce03e3fb3f7510b0d2b355aec06e841c5255ba
Parent 270b80dbf561dc2…
1 file changed +10 -11
~ src/login.c
M src/login.c
+10 -11
--- src/login.c
+++ src/login.c
@@ -134,16 +134,16 @@
134134
 return mprintf("%.*s", i, zIP);
135135
 }
136136
137137
 /*
138138
 ** Return an abbreviated project code. The abbreviation is the first
139
-** 16 characters of the project code, or "x" if there is no project-code.
139
+** 16 characters of the project code.
140140
 **
141141
 ** Memory is obtained from malloc.
142142
 */
143143
 static char *abbreviated_project_code(const char *zFullCode){
144
- return mprintf("%.16s", zFullCode ? zFullCode : "x");
144
+ return mprintf("%.16s", zFullCode);
145145
 }
146146
147147
148148
 /*
149149
 ** Check to see if the anonymous login is valid. If it is valid, return
@@ -232,17 +232,15 @@
232232
 ** subsequently stored in user.cookie for later validation.
233233
 **
234234
 ** The returned memory should be free()d after use.
235235
 */
236236
 char *login_gen_user_cookie_value(const char *zUsername, const char *zHash){
237
- char *zCode = abbreviated_project_code(db_get("project-code", 0));
238
- char *zCookie;
239
-
237
+ char *zProjCode = db_get("project-code",NULL);
238
+ char *zCode = abbreviated_project_code(zProjCode);
239
+ free(zProjCode);
240240
 assert((zUsername && *zUsername) && "Invalid user data.");
241
- zCookie = mprintf("%s/%z/%s", zHash, zCode, zUsername);
242
- free(zCode);
243
- return zCookie;
241
+ return mprintf("%s/%z/%s", zHash, zCode, zUsername);
244242
 }
245243
246244
 /*
247245
 ** Generates a login cookie for NON-ANONYMOUS users. Note that this
248246
 ** function "could" figure out the uid by itself but it currently
@@ -1457,11 +1455,11 @@
14571455
 Stmt q; /* Query of all peer-* entries in CONFIG */
14581456
14591457
 if( zPrefix==0 ) zPrefix = "";
14601458
 if( zSuffix==0 ) zSuffix = "";
14611459
 if( pzErrorMsg ) *pzErrorMsg = 0;
1462
- zSelfCode = abbreviated_project_code(db_get("project-code", 0));
1460
+ zSelfCode = abbreviated_project_code(db_get("project-code", "x"));
14631461
 blob_zero(&err);
14641462
 db_prepare(&q,
14651463
 "SELECT name, value FROM config"
14661464
 " WHERE name GLOB 'peer-repo-*'"
14671465
 " AND name <> 'peer-repo-%q'"
@@ -1551,11 +1549,11 @@
15511549
 /* Get the full pathname for our repository. Also the project code
15521550
 ** and project name for ourself. */
15531551
 file_canonical_name(g.zRepositoryName, &fullName, 0);
15541552
 zSelfRepo = fossil_strdup(blob_str(&fullName));
15551553
 blob_reset(&fullName);
1556
- zSelfProjCode = abbreviated_project_code(db_get("project-code", 0));
1554
+ zSelfProjCode = db_get("project-code", "unknown");
15571555
 zSelfLabel = db_get("project-name", 0);
15581556
 if( zSelfLabel==0 ){
15591557
 zSelfLabel = zSelfProjCode;
15601558
 }
15611559
@@ -1603,10 +1601,11 @@
16031601
 }
16041602
16051603
 /* Create all the necessary CONFIG table entries on both the
16061604
 ** other repository and on our own repository.
16071605
 */
1606
+ zSelfProjCode = abbreviated_project_code(zSelfProjCode);
16081607
 zOtherProjCode = abbreviated_project_code(zOtherProjCode);
16091608
 db_begin_transaction();
16101609
 db_multi_exec(
16111610
 "DELETE FROM \"%w\".config WHERE name GLOB 'peer-*';"
16121611
 "INSERT INTO \"%w\".config(name,value) VALUES('peer-repo-%q',%Q);"
@@ -1651,11 +1650,11 @@
16511650
 void login_group_leave(char **pzErrMsg){
16521651
 char *zProjCode;
16531652
 char *zSql;
16541653
16551654
 *pzErrMsg = 0;
1656
- zProjCode = abbreviated_project_code(db_get("project-code", 0));
1655
+ zProjCode = abbreviated_project_code(db_get("project-code","x"));
16571656
 zSql = mprintf(
16581657
 "DELETE FROM config WHERE name GLOB 'peer-*-%q';"
16591658
 "DELETE FROM config"
16601659
 " WHERE name='login-group-name'"
16611660
 " AND (SELECT count(*) FROM config WHERE name GLOB 'peer-*')==0;",
16621661
--- src/login.c
+++ src/login.c
@@ -134,16 +134,16 @@
134 return mprintf("%.*s", i, zIP);
135 }
136
137 /*
138 ** Return an abbreviated project code. The abbreviation is the first
139 ** 16 characters of the project code, or "x" if there is no project-code.
140 **
141 ** Memory is obtained from malloc.
142 */
143 static char *abbreviated_project_code(const char *zFullCode){
144 return mprintf("%.16s", zFullCode ? zFullCode : "x");
145 }
146
147
148 /*
149 ** Check to see if the anonymous login is valid. If it is valid, return
@@ -232,17 +232,15 @@
232 ** subsequently stored in user.cookie for later validation.
233 **
234 ** The returned memory should be free()d after use.
235 */
236 char *login_gen_user_cookie_value(const char *zUsername, const char *zHash){
237 char *zCode = abbreviated_project_code(db_get("project-code", 0));
238 char *zCookie;
239
240 assert((zUsername && *zUsername) && "Invalid user data.");
241 zCookie = mprintf("%s/%z/%s", zHash, zCode, zUsername);
242 free(zCode);
243 return zCookie;
244 }
245
246 /*
247 ** Generates a login cookie for NON-ANONYMOUS users. Note that this
248 ** function "could" figure out the uid by itself but it currently
@@ -1457,11 +1455,11 @@
1457 Stmt q; /* Query of all peer-* entries in CONFIG */
1458
1459 if( zPrefix==0 ) zPrefix = "";
1460 if( zSuffix==0 ) zSuffix = "";
1461 if( pzErrorMsg ) *pzErrorMsg = 0;
1462 zSelfCode = abbreviated_project_code(db_get("project-code", 0));
1463 blob_zero(&err);
1464 db_prepare(&q,
1465 "SELECT name, value FROM config"
1466 " WHERE name GLOB 'peer-repo-*'"
1467 " AND name <> 'peer-repo-%q'"
@@ -1551,11 +1549,11 @@
1551 /* Get the full pathname for our repository. Also the project code
1552 ** and project name for ourself. */
1553 file_canonical_name(g.zRepositoryName, &fullName, 0);
1554 zSelfRepo = fossil_strdup(blob_str(&fullName));
1555 blob_reset(&fullName);
1556 zSelfProjCode = abbreviated_project_code(db_get("project-code", 0));
1557 zSelfLabel = db_get("project-name", 0);
1558 if( zSelfLabel==0 ){
1559 zSelfLabel = zSelfProjCode;
1560 }
1561
@@ -1603,10 +1601,11 @@
1603 }
1604
1605 /* Create all the necessary CONFIG table entries on both the
1606 ** other repository and on our own repository.
1607 */
 
1608 zOtherProjCode = abbreviated_project_code(zOtherProjCode);
1609 db_begin_transaction();
1610 db_multi_exec(
1611 "DELETE FROM \"%w\".config WHERE name GLOB 'peer-*';"
1612 "INSERT INTO \"%w\".config(name,value) VALUES('peer-repo-%q',%Q);"
@@ -1651,11 +1650,11 @@
1651 void login_group_leave(char **pzErrMsg){
1652 char *zProjCode;
1653 char *zSql;
1654
1655 *pzErrMsg = 0;
1656 zProjCode = abbreviated_project_code(db_get("project-code", 0));
1657 zSql = mprintf(
1658 "DELETE FROM config WHERE name GLOB 'peer-*-%q';"
1659 "DELETE FROM config"
1660 " WHERE name='login-group-name'"
1661 " AND (SELECT count(*) FROM config WHERE name GLOB 'peer-*')==0;",
1662
--- src/login.c
+++ src/login.c
@@ -134,16 +134,16 @@
134 return mprintf("%.*s", i, zIP);
135 }
136
137 /*
138 ** Return an abbreviated project code. The abbreviation is the first
139 ** 16 characters of the project code.
140 **
141 ** Memory is obtained from malloc.
142 */
143 static char *abbreviated_project_code(const char *zFullCode){
144 return mprintf("%.16s", zFullCode);
145 }
146
147
148 /*
149 ** Check to see if the anonymous login is valid. If it is valid, return
@@ -232,17 +232,15 @@
232 ** subsequently stored in user.cookie for later validation.
233 **
234 ** The returned memory should be free()d after use.
235 */
236 char *login_gen_user_cookie_value(const char *zUsername, const char *zHash){
237 char *zProjCode = db_get("project-code",NULL);
238 char *zCode = abbreviated_project_code(zProjCode);
239 free(zProjCode);
240 assert((zUsername && *zUsername) && "Invalid user data.");
241 return mprintf("%s/%z/%s", zHash, zCode, zUsername);
 
 
242 }
243
244 /*
245 ** Generates a login cookie for NON-ANONYMOUS users. Note that this
246 ** function "could" figure out the uid by itself but it currently
@@ -1457,11 +1455,11 @@
1455 Stmt q; /* Query of all peer-* entries in CONFIG */
1456
1457 if( zPrefix==0 ) zPrefix = "";
1458 if( zSuffix==0 ) zSuffix = "";
1459 if( pzErrorMsg ) *pzErrorMsg = 0;
1460 zSelfCode = abbreviated_project_code(db_get("project-code", "x"));
1461 blob_zero(&err);
1462 db_prepare(&q,
1463 "SELECT name, value FROM config"
1464 " WHERE name GLOB 'peer-repo-*'"
1465 " AND name <> 'peer-repo-%q'"
@@ -1551,11 +1549,11 @@
1549 /* Get the full pathname for our repository. Also the project code
1550 ** and project name for ourself. */
1551 file_canonical_name(g.zRepositoryName, &fullName, 0);
1552 zSelfRepo = fossil_strdup(blob_str(&fullName));
1553 blob_reset(&fullName);
1554 zSelfProjCode = db_get("project-code", "unknown");
1555 zSelfLabel = db_get("project-name", 0);
1556 if( zSelfLabel==0 ){
1557 zSelfLabel = zSelfProjCode;
1558 }
1559
@@ -1603,10 +1601,11 @@
1601 }
1602
1603 /* Create all the necessary CONFIG table entries on both the
1604 ** other repository and on our own repository.
1605 */
1606 zSelfProjCode = abbreviated_project_code(zSelfProjCode);
1607 zOtherProjCode = abbreviated_project_code(zOtherProjCode);
1608 db_begin_transaction();
1609 db_multi_exec(
1610 "DELETE FROM \"%w\".config WHERE name GLOB 'peer-*';"
1611 "INSERT INTO \"%w\".config(name,value) VALUES('peer-repo-%q',%Q);"
@@ -1651,11 +1650,11 @@
1650 void login_group_leave(char **pzErrMsg){
1651 char *zProjCode;
1652 char *zSql;
1653
1654 *pzErrMsg = 0;
1655 zProjCode = abbreviated_project_code(db_get("project-code","x"));
1656 zSql = mprintf(
1657 "DELETE FROM config WHERE name GLOB 'peer-*-%q';"
1658 "DELETE FROM config"
1659 " WHERE name='login-group-name'"
1660 " AND (SELECT count(*) FROM config WHERE name GLOB 'peer-*')==0;",
1661

Keyboard Shortcuts

Open search /
Next entry (timeline) j
Previous entry (timeline) k
Open focused entry Enter
Show this help ?
Toggle theme Top nav button