[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[patch] cgi: checking if all needed environment variables are set (Was: Re: [hobbit] [bug?] Crash of hobbitsvc.cgi on trends column display)



Ok, I went thru the /web directory and edited the cgi to add the crude environment checking I've been talking on earlier. Compiled cgis have been tested individually without parameters and in line as drop-in replacements for the existing cgi, "it works for me".

This patch applies to a hobbit-4.2.0 with the all-in-one patch applied using "patch -p1 <sanity_check.patch".

As always, feedback are welcome

Cheers
Gildas

Charles Goyard wrote:
Hi again,

As an extra info, I found the reason why the program crashes :

in loadhosts.c, when there :

if (result || !host->defaulthost || (strcasecmp(host->bbhostname, ".default.") == 0))
	return result;
else
	return bbh_find_item(host->defaulthost, item);

I get in the "else". At that point, host->defaulthost is not null, but
points to garbage. I dont't get what the default host should be.

(btw, thanks for the patch Gildas)

diff -Naur hobbit-4.2.0-allinone/web/bb-ack.c hobbit-4.2.0-sanity/web/bb-ack.c
--- hobbit-4.2.0-allinone/web/bb-ack.c	2006-11-08 14:08:15.000000000 +0000
+++ hobbit-4.2.0-sanity/web/bb-ack.c	2006-11-29 15:13:26.638253639 +0000
@@ -190,6 +190,12 @@
 	char *envarea = NULL;
 	int obeycookies = 1;
 
+	/* first of all, sanity checks */
+	char *reqenv[] = {
+		"HTMLCONTENTTYPE", "SCRIPT_NAME", "REMOTE_USER", NULL
+	};
+	envcheck(reqenv);
+
 	for (argi = 1; (argi < argc); argi++) {
 		if (argnmatch(argv[argi], "--env=")) {
 			char *p = strchr(argv[argi], '=');
diff -Naur hobbit-4.2.0-allinone/web/bb-csvinfo.c hobbit-4.2.0-sanity/web/bb-csvinfo.c
--- hobbit-4.2.0-allinone/web/bb-csvinfo.c	2006-08-09 21:10:12.000000000 +0100
+++ hobbit-4.2.0-sanity/web/bb-csvinfo.c	2006-11-29 15:13:09.132234961 +0000
@@ -92,6 +92,12 @@
 	int i, found;
 	int argi;
 
+	/* first of all, sanity checks */
+	char *reqenv[] = {
+		"BBHOME", "HTMLCONTENTTYPE", NULL
+	};
+	envcheck(reqenv);
+
 	for (argi=1; (argi < argc); argi++) {
 		if (argnmatch(argv[argi], "--env=")) {
 			char *p = strchr(argv[argi], '=');
diff -Naur hobbit-4.2.0-allinone/web/bb-datepage.c hobbit-4.2.0-sanity/web/bb-datepage.c
--- hobbit-4.2.0-allinone/web/bb-datepage.c	2006-11-08 14:08:15.000000000 +0000
+++ hobbit-4.2.0-sanity/web/bb-datepage.c	2006-11-29 15:14:55.790163668 +0000
@@ -78,6 +78,12 @@
 	int bgcolor = COL_BLUE;
 	char *envarea = NULL;
 
+	/* first of all, sanity checks */
+	char *reqenv[] = {
+		"BBHOSTS", "HTMLCONTENTTYPE", NULL
+	};
+	envcheck(reqenv);
+
 	for (argi = 1; (argi < argc); argi++) {
 		if (argnmatch(argv[argi], "--env=")) {
 			char *p = strchr(argv[argi], '=');
diff -Naur hobbit-4.2.0-allinone/web/bb-eventlog.c hobbit-4.2.0-sanity/web/bb-eventlog.c
--- hobbit-4.2.0-allinone/web/bb-eventlog.c	2006-11-08 14:08:15.000000000 +0000
+++ hobbit-4.2.0-sanity/web/bb-eventlog.c	2006-11-29 15:09:33.700617477 +0000
@@ -101,6 +101,12 @@
 	int argi;
 	char *envarea = NULL;
 
+	/* first of all, sanity checks */
+	char *reqenv[] = {
+		"BBHOSTS", "HTMLCONTENTTYPE", NULL
+	};
+	envcheck(reqenv);
+
 	for (argi=1; (argi < argc); argi++) {
 		if (argnmatch(argv[argi], "--env=")) {
 			char *p = strchr(argv[argi], '=');
diff -Naur hobbit-4.2.0-allinone/web/bb-findhost.c hobbit-4.2.0-sanity/web/bb-findhost.c
--- hobbit-4.2.0-allinone/web/bb-findhost.c	2006-11-08 14:08:15.000000000 +0000
+++ hobbit-4.2.0-sanity/web/bb-findhost.c	2006-11-29 15:11:48.871319006 +0000
@@ -135,6 +135,12 @@
 	char    re_errstr[BUFSIZE];
 	int 	re_status;
 
+	/* first of all, sanity checks */
+	char *reqenv[] = {
+		"BBHOSTS", "BBWEB", "BBWEBHOST", "HTMLCONTENTTYPE", NULL
+	};
+	envcheck(reqenv);
+
 	for (argi=1; (argi < argc); argi++) {
 		if (argnmatch(argv[argi], "--env=")) {
 			char *p = strchr(argv[argi], '=');
diff -Naur hobbit-4.2.0-allinone/web/bb-replog.c hobbit-4.2.0-sanity/web/bb-replog.c
--- hobbit-4.2.0-allinone/web/bb-replog.c	2006-08-09 21:10:12.000000000 +0100
+++ hobbit-4.2.0-sanity/web/bb-replog.c	2006-11-29 15:09:59.033751032 +0000
@@ -109,6 +109,12 @@
 	char *envarea = NULL;
 	namelist_t *hinfo;
 
+	/* first of all, sanity checks */
+	char *reqenv[] = {
+		"BBHOSTS", "BBHIST", "BBREP", "BBREPURL", "HTMLCONTENTTYPE", NULL
+	};
+	envcheck(reqenv);
+
 	for (argi=1; (argi < argc); argi++) {
 		if (argnmatch(argv[argi], "--env=")) {
 			char *p = strchr(argv[argi], '=');
diff -Naur hobbit-4.2.0-allinone/web/bb-snapshot.c hobbit-4.2.0-sanity/web/bb-snapshot.c
--- hobbit-4.2.0-allinone/web/bb-snapshot.c	2006-11-08 14:08:15.000000000 +0000
+++ hobbit-4.2.0-sanity/web/bb-snapshot.c	2006-11-29 15:11:25.983909485 +0000
@@ -151,6 +151,12 @@
 	bbgen_argv[newargi++] = bbgencmd;
 	bbgen_argv[newargi++] = bbgentimeopt;
 
+        /* first of all, sanity checks */
+	char *reqenv[] = {
+		"HTMLCONTENTTYPE", "HTTP_USER_AGENT", "BBSNAP", "BBSNAPURL", NULL
+	};
+	envcheck(reqenv);
+
 	for (argi=1; (argi < argc); argi++) {
 		if (argnmatch(argv[argi], "--env=")) {
 			char *p = strchr(argv[argi], '=');
diff -Naur hobbit-4.2.0-allinone/web/bb-webpage.c hobbit-4.2.0-sanity/web/bb-webpage.c
--- hobbit-4.2.0-allinone/web/bb-webpage.c	2006-08-09 21:10:12.000000000 +0100
+++ hobbit-4.2.0-sanity/web/bb-webpage.c	2006-11-29 12:10:12.944630660 +0000
@@ -22,7 +22,7 @@
 #include "version.h"
 
 char *reqenv[] = {
-	"BBHOME",
+	"BBHOME", "HTMLCONTENTTYPE",
 	NULL
 };
 
diff -Naur hobbit-4.2.0-allinone/web/boilerplate.c hobbit-4.2.0-sanity/web/boilerplate.c
--- hobbit-4.2.0-allinone/web/boilerplate.c	2006-08-09 21:10:12.000000000 +0100
+++ hobbit-4.2.0-sanity/web/boilerplate.c	2006-11-29 15:20:45.967534585 +0000
@@ -48,6 +48,13 @@
 	char *envarea = NULL;
 	char *hffile = "boilerplate";
 	int bgcolor = COL_BLUE;
+	
+	/* first of all, sanity checks */
+	char *reqenv[] = {
+		"HTMLCONTENTTYPE",
+		NULL
+	};
+	envcheck(reqenv);
 
 	for (argi = 1; (argi < argc); argi++) {
 		if (argnmatch(argv[argi], "--env=")) {
diff -Naur hobbit-4.2.0-allinone/web/hobbit-ackinfo.c hobbit-4.2.0-sanity/web/hobbit-ackinfo.c
--- hobbit-4.2.0-allinone/web/hobbit-ackinfo.c	2006-08-09 21:10:12.000000000 +0100
+++ hobbit-4.2.0-sanity/web/hobbit-ackinfo.c	2006-11-29 15:19:18.619419208 +0000
@@ -66,6 +66,13 @@
 	char *bbmsg;
 	int res;
 
+	/* first of all, sanity checks */
+	char *reqenv[] = {
+		"HTTP_REFERER", "HTMLCONTENTTYPE",
+		NULL
+	};
+	envcheck(reqenv);
+
 	for (argi = 1; (argi < argc); argi++) {
 		if (argnmatch(argv[argi], "--env=")) {
 			char *p = strchr(argv[argi], '=');
diff -Naur hobbit-4.2.0-allinone/web/hobbit-confreport.c hobbit-4.2.0-sanity/web/hobbit-confreport.c
--- hobbit-4.2.0-allinone/web/hobbit-confreport.c	2006-11-08 14:08:15.000000000 +0000
+++ hobbit-4.2.0-sanity/web/hobbit-confreport.c	2006-11-29 15:16:49.232325047 +0000
@@ -645,6 +645,14 @@
 	int hostcount = 0, maxtests = 0;
 	time_t now = time(NULL);
 
+	/* first of all, sanity checks */
+	char *reqenv[] = {
+		"BBHOSTS", "INFOCOLUMN", "TRENDSCOLUMN", "PINGCOLUMN", "ALERTCOLORS",
+		"ALERTREPEAT", "BBHOME", "BBRRDS", 
+		NULL
+	};
+	envcheck(reqenv);
+
 	for (argi=1; (argi < argc); argi++) {
 		if (argnmatch(argv[argi], "--env=")) {
 			char *p = strchr(argv[argi], '=');
diff -Naur hobbit-4.2.0-allinone/web/hobbit-enadis.c hobbit-4.2.0-sanity/web/hobbit-enadis.c
--- hobbit-4.2.0-allinone/web/hobbit-enadis.c	2006-11-08 14:08:15.000000000 +0000
+++ hobbit-4.2.0-sanity/web/hobbit-enadis.c	2006-11-29 15:16:32.011273977 +0000
@@ -255,6 +255,14 @@
 int main(int argc, char *argv[])
 {
 	int argi, i;
+
+	/* first of all, sanity checks */
+	char *reqenv[] = {
+		"BBHOSTS", "HTMLCONTENTTYPE", "HTTP_REFERER", "REMOTE_USER", "REMOTE_HOST", "REMOTE_ADDR",
+		NULL
+	};
+	envcheck(reqenv);
+
 	char *username = getenv("REMOTE_USER");
 	char *userhost = getenv("REMOTE_HOST");
 	char *userip   = getenv("REMOTE_ADDR");
diff -Naur hobbit-4.2.0-allinone/web/hobbit-ghosts.c hobbit-4.2.0-sanity/web/hobbit-ghosts.c
--- hobbit-4.2.0-allinone/web/hobbit-ghosts.c	2006-08-09 21:10:12.000000000 +0100
+++ hobbit-4.2.0-sanity/web/hobbit-ghosts.c	2006-11-29 15:21:23.121330214 +0000
@@ -98,6 +98,12 @@
 	int bgcolor = COL_BLUE;
 	char *ghosts = NULL;
 
+	/* first of all, sanity checks */
+	char *reqenv[] = {
+		"HTMLCONTENTTYPE", NULL
+	};
+	envcheck(reqenv);
+
 	for (argi = 1; (argi < argc); argi++) {
 		if (argnmatch(argv[argi], "--env=")) {
 			char *p = strchr(argv[argi], '=');
diff -Naur hobbit-4.2.0-allinone/web/hobbit-hostgraphs.c hobbit-4.2.0-sanity/web/hobbit-hostgraphs.c
--- hobbit-4.2.0-allinone/web/hobbit-hostgraphs.c	2006-11-08 14:08:15.000000000 +0000
+++ hobbit-4.2.0-sanity/web/hobbit-hostgraphs.c	2006-11-29 15:21:05.942274212 +0000
@@ -184,6 +184,13 @@
 	char *hffile = "hostgraphs";
 	char *formfile = "hostgraphs_form";
 
+	/* first of all, sanity checks */
+	char *reqenv[] = {
+		"HTMLCONTENTTYPE", "CGIBINURL",
+		NULL
+	};
+       	envcheck(reqenv);
+
 	for (argi = 1; (argi < argc); argi++) {
 		if (argnmatch(argv[argi], "--env=")) {
 			char *p = strchr(argv[argi], '=');
diff -Naur hobbit-4.2.0-allinone/web/hobbit-nkedit.c hobbit-4.2.0-sanity/web/hobbit-nkedit.c
--- hobbit-4.2.0-allinone/web/hobbit-nkedit.c	2006-11-08 14:08:15.000000000 +0000
+++ hobbit-4.2.0-sanity/web/hobbit-nkedit.c	2006-11-29 15:18:49.097760048 +0000
@@ -367,6 +367,12 @@
 	char *envarea = NULL;
 	char *configfn = NULL;
 
+	/* first of all, sanity checks */
+	char *reqenv[] = {
+		"HTMLCONTENTTYPE", "REMOTE_USER", NULL
+	};
+	envcheck(reqenv);
+
 	operator = getenv("REMOTE_USER");
 	if (!operator) operator = "Anonymous";
 
diff -Naur hobbit-4.2.0-allinone/web/hobbit-nkview.c hobbit-4.2.0-sanity/web/hobbit-nkview.c
--- hobbit-4.2.0-allinone/web/hobbit-nkview.c	2006-11-08 14:08:15.000000000 +0000
+++ hobbit-4.2.0-sanity/web/hobbit-nkview.c	2006-11-29 15:17:41.262436805 +0000
@@ -390,6 +390,15 @@
 	int argi;
 	char *envarea = NULL;
 
+	/* first of all, sanity checks */
+	char *reqenv[] = {
+		"BBHOSTS", "HTMLCONTENTTYPE", "INFOCOLUMN",
+		"MKBBCOLFONT", "MKBBROWFONT", 
+		"DOTHEIGHT", "DOTWIDTH",
+		NULL
+	};
+	envcheck(reqenv);
+
 	for (argi = 1; (argi < argc); argi++) {
 		if (argnmatch(argv[argi], "--env=")) {
 			char *p = strchr(argv[argi], '=');
diff -Naur hobbit-4.2.0-allinone/web/hobbit-statusreport.c hobbit-4.2.0-sanity/web/hobbit-statusreport.c
--- hobbit-4.2.0-allinone/web/hobbit-statusreport.c	2006-11-08 14:08:15.000000000 +0000
+++ hobbit-4.2.0-sanity/web/hobbit-statusreport.c	2006-11-29 15:19:34.756593047 +0000
@@ -38,6 +38,12 @@
 	char *req, *board, *l;
 	int argi, res;
 
+	/* first of all, sanity checks */
+	char *reqenv[] = {
+		"HTMLCONTENTTYPE", "INFOCOLUMN", NULL
+	};
+	envcheck(reqenv);
+
 	init_timestamp();
 	for (argi=1; (argi < argc); argi++) {
 		if (argnmatch(argv[argi], "--env=")) {
diff -Naur hobbit-4.2.0-allinone/web/hobbitgraph.c hobbit-4.2.0-sanity/web/hobbitgraph.c
--- hobbit-4.2.0-allinone/web/hobbitgraph.c	2006-11-08 14:08:15.000000000 +0000
+++ hobbit-4.2.0-sanity/web/hobbitgraph.c	2006-11-28 15:16:10.492252944 +0000
@@ -490,6 +490,13 @@
 	char *okuri, *p;
 	int urilen;
 
+	/* first of all, sanity checks */
+	char *reqenv[] = {
+		"BBHOME", "BBRRDS", "SCRIPT_NAME", "RRDHEIGHT",
+		"RRDWIDTH", "HTMLCONTENTTYPE", NULL
+	};
+	envcheck(reqenv);
+
 	graphwidth = atoi(xgetenv("RRDWIDTH"));
 	graphheight = atoi(xgetenv("RRDHEIGHT"));
 
diff -Naur hobbit-4.2.0-allinone/web/hobbitsvc.c hobbit-4.2.0-sanity/web/hobbitsvc.c
--- hobbit-4.2.0-allinone/web/hobbitsvc.c	2006-08-09 21:10:13.000000000 +0100
+++ hobbit-4.2.0-sanity/web/hobbitsvc.c	2006-11-29 15:15:20.994311188 +0000
@@ -460,6 +460,14 @@
 	int argi;
 	char *envarea = NULL;
 
+	/* first of all, sanity checks */
+	char *reqenv[] = {
+		"BBHOSTS", "HTMLCONTENTTYPE", "SCRIPT_NAME", "CLIENTLOGS", 
+		"BBVAR", "TRENDSCOLUMN", "INFOCOLUMN", "BBHISTLOGS",
+		NULL
+	};
+	envcheck(reqenv);
+
 	for (argi = 1; (argi < argc); argi++) {
 		if (strcmp(argv[argi], "--historical") == 0) {
 			source = SRC_HISTLOGS;