Subject: CVS commit: pkgsrc/www/cgic
From: Adam Ciarcinski
Date: 2014-04-07 17:01:44
Message id:

Log Message:
Changes 2.06:
* In main(), when parsing form input fails, the CGI script exits without
  producing any output whatsoever.  Wouldn't it be better to actually
  emit an error status, instead of expecting the server to do something
  sane with a script that produces no output?

* In mpRead(), a check is done to insure the requested length is not
  greater than the amount of data still available, and to adjust it
  if necessary.  However, this check is currently done _after_ reading
  data from the putback buffer, in which process len is decremented by
  the amount of putback data read, but mpp->offset is not correspondingly
  incremented (this happens later).  As a result, the check uses too
  small a value for len, and so fails to stop reading soon enough if
  the requested length is greater than what is available _and_ there
  was any data in the putback buffer.
  The fix is to move the check to the beginning of mpRead()

* Further, if a read request is satisfied _entirely_ from the putback
  buffer, mpp->offset is not updated at all, resulting in a similar
  problem.  The solution is to update mpp->offset in the "else if (got)"

* In cgiParsePostMultipartInput(), if the Content-Disposition of a part
  is not "form-data", afterNextBoundary() is not called before beginning
  to process the next part.  As a result, parsing of the next part headers
  begins with the body of the unwanted part.  It is necessary in this case
  to call afterNextBoundary() before continuing with the next cycle.

* In handling out-of-memory conditions in afterNextBoundary(), *outP is
  set to '\0'.  While this is technically legal ('\0' is "an integral
  constant expression with the value 0"), it looks funny.

* In cgiCookieString(), a change was introduced in v2.02 which purports
  to prevent an overrun in cases where cgiCookie is exactly equal to
  the requested cookie name.  In fact, the problem can also occur if
  the requested name occurs with no values at the end of cgiCookie.
  Further, the change from v2.02 does not fix the problem, because it
  compares the _pointers_ p and n to NULL, which they will never equal,
  rather than comparing the pointers they point at to NUL.

* Also in cgiCookieString(), there is a comment suggesting that the main
  loop never terminates except with a return.  This is not the case.
  For example, it will terminate if the requested cookie is not found
  and the cgiCookie string ends in a semicolon.

* Why did days[] (formerly daysOfWeek[]) and months[] become non-static?
  This pollutes the namespace of programs using CGIC.

* In cgiReadEnvironment(), when reading in the contents of an uploaded
  file, it is possible that a temporary file is successfully created
  but then cannot be opened.  In this case, no attempt is made to remove
  the tempoary file.

* Further, when a form entry does _not_ include an uploaded file,
  e->tfileName is set to malloc'd but uninitialized memory.  It should
  be set to an empty string, by setting e->tfileName[0] to zero after
  the 1-byte buffer is allocated.