From: Frédéric Marchal Date: Wed, 14 Jul 2010 18:14:54 +0000 (+0000) Subject: Be more consistent with the use of the temporary directory (i.e. always use /tmp... X-Git-Tag: v2.3.1~28 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4e302ff5d0e8dee5462691fb9bbd66c12ae3c330;p=thirdparty%2Fsarg.git Be more consistent with the use of the temporary directory (i.e. always use /tmp/sarg instead of a mix of /tmp and /tmp/sarg). --- diff --git a/authfail.c b/authfail.c index ff3a365..9f1ad28 100644 --- a/authfail.c +++ b/authfail.c @@ -61,17 +61,17 @@ void authfail_report(void) ouser2[0]='\0'; oip[0]='\0'; - snprintf(tmp4,sizeof(tmp4),"%s/sarg/authfail.log.unsort",TempDir); + snprintf(tmp4,sizeof(tmp4),"%s/authfail.log.unsort",tmp); if(authfail_count == 0) { unlink(tmp4); return; } - snprintf(authfail_in,sizeof(authfail_in),"%s/authfail.log",TempDir); + snprintf(authfail_in,sizeof(authfail_in),"%s/authfail.log",tmp); snprintf(report,sizeof(report),"%s/authfail.html",outdirname); - snprintf(csort,sizeof(csort),"sort -b -T \"%s\" -k 3,3 -k 5,5 -o \"%s\" \"%s\"", TempDir, authfail_in, tmp4); + snprintf(csort,sizeof(csort),"sort -b -T \"%s\" -k 3,3 -k 5,5 -o \"%s\" \"%s\"", tmp, authfail_in, tmp4); cstatus=system(csort); if (!WIFEXITED(cstatus) || WEXITSTATUS(cstatus)) { debuga(_("sort command return status %d\n"),WEXITSTATUS(cstatus)); diff --git a/datafile.c b/datafile.c index 7b08eca..8bab494 100644 --- a/datafile.c +++ b/datafile.c @@ -70,7 +70,6 @@ void data_file(char *tmp) nameantes[0]='\0'; olduser[0]='\0'; - strcat(tmp,"/sarg"); oldurl=NULL; ourl_size=0; diff --git a/denied.c b/denied.c index 042c028..637fad5 100644 --- a/denied.c +++ b/denied.c @@ -55,7 +55,7 @@ void gen_denied_report(void) ouser[0]='\0'; ouser2[0]='\0'; - sprintf(denied_in,"%s/sarg/denied.log",TempDir); + sprintf(denied_in,"%s/denied.log",tmp); if(!denied_count) { unlink(denied_in); return; diff --git a/documentation/util.txt b/documentation/util.txt index 23c5d42..9758871 100644 --- a/documentation/util.txt +++ b/documentation/util.txt @@ -763,16 +763,6 @@ Close the header opened by write_html_header(). -/*! \fn void baddata(void) -Display an error message telling that sarg suspects an attempt to execute arbitrary code and terminate sarg. - -Any temporary file created by sarg is deleted. -*/ - - - - - /*! \fn void url_hostname(const char *url,char *hostname,int hostsize) Extract the host name from the URL. diff --git a/download.c b/download.c index 1d1dff1..60b4fe5 100644 --- a/download.c +++ b/download.c @@ -60,7 +60,7 @@ void download_report(void) ouser[0]='\0'; ouser2[0]='\0'; - snprintf(report_in,sizeof(report_in),"%s/sarg/download.log",TempDir); + snprintf(report_in,sizeof(report_in),"%s/download.log",tmp); if(access(report_in, R_OK) != 0) return; diff --git a/email.c b/email.c index 63a77f3..1b8f266 100644 --- a/email.c +++ b/email.c @@ -259,11 +259,7 @@ int geramail(const char *dirname, int debug, const char *outdir, const char *ema } } - if (snprintf(warea,sizeof(warea),"%s/sarg",TempDir)>=sizeof(warea)) { - debuga(_("Temporary directory name too long: %s\n"),warea); - exit(EXIT_FAILURE); - } - unlinkdir(warea,0); + unlinkdir(TempDir,0); return (0); } diff --git a/html.c b/html.c index a58d74f..8d617d3 100644 --- a/html.c +++ b/html.c @@ -64,10 +64,10 @@ void htmlrel(void) if((ReportType & REPORT_TYPE_USERS_SITES) == 0) return; - strcpy(tmp2,TempDir); + strcpy(tmp2,tmp); strcat(tmp2,"/sargtmp.unsort"); - strcpy(tmp3,TempDir); + strcpy(tmp3,tmp); strcat(tmp3,"/sargtmp.log"); snprintf(arqper,sizeof(arqper),"%s/sarg-general",outdirname); @@ -377,7 +377,7 @@ void htmlrel(void) fclose(fp_ip); fclose(fp_ip2); - sprintf(csort,"sort -n -T \"%s\" -k 1,1 -k 5,5 -o \"%s\" \"%s\"",TempDir,tmp3,tmp2); + sprintf(csort,"sort -n -T \"%s\" -k 1,1 -k 5,5 -o \"%s\" \"%s\"",tmp,tmp3,tmp2); cstatus=system(csort); if (!WIFEXITED(cstatus) || WEXITSTATUS(cstatus)) { debuga(_("sort command return status %d\n"),WEXITSTATUS(cstatus)); diff --git a/include/defs.h b/include/defs.h index 3d74dfd..4922bc7 100755 --- a/include/defs.h +++ b/include/defs.h @@ -247,7 +247,6 @@ void getperiod_fromrange(struct periodstruct *period,int dfrom,int duntil); int getperiod_buildtext(struct periodstruct *period); void removetmp(const char *outdir); void zdate(char *ftime,int ftimesize, const char *DateFormat); -void baddata(void); char *get_param_value(const char *param,char *line); int compar( const void *, const void * ); void unlinkdir(const char *dir,int contentonly); diff --git a/log.c b/log.c index 982e5c9..34d1f63 100644 --- a/log.c +++ b/log.c @@ -92,7 +92,6 @@ int main(int argc,char *argv[]) char ano[30]; char hora[30]; char wtemp[MAXLEN]; - char wtemp2[255]; char date[255]; char arq[255]; char arq_log[255]; @@ -105,7 +104,6 @@ int main(int argc,char *argv[]) char tbuf2[128]; char zip[20]; char *str; - char tmp2[MAXLEN]; char tmp3[MAXLEN]; char denied_unsort[MAXLEN]; char denied_sort[MAXLEN]; @@ -301,10 +299,8 @@ int main(int argc,char *argv[]) ano[0]='\0'; hora[0]='\0'; tmp[0]='\0'; - tmp2[0]='\0'; tmp3[0]='\0'; wtemp[0]='\0'; - wtemp2[0]='\0'; us[0]='\0'; date[0]='\0'; df[0]='\0'; @@ -611,6 +607,11 @@ int main(int argc,char *argv[]) if(tmp[0] == '\0') strcpy(tmp,TempDir); else strcpy(TempDir,tmp); + /* + For historical reasons, the temporary directory is the subdirectory "sarg" of the path + provided by the user. + */ + strcat(tmp,"/sarg"); if(df[0] == '\0') strcpy(df,DateFormat); else strcpy(DateFormat,df); @@ -624,29 +625,19 @@ int main(int argc,char *argv[]) if(email[0] == '\0' && OutputEmail[0] != '\0') strcpy(email,OutputEmail); - strcpy(tmp2,tmp); - if(email[0] != '\0') { - snprintf(wtemp2,sizeof(wtemp2),"%s/sarg",tmp2); - my_mkdir(wtemp2); - strcat(tmp2,"/sarg"); - strcpy(outdir,tmp2); + my_mkdir(tmp); + strcpy(outdir,tmp); strcat(outdir,"/"); } - strcat(tmp2,"/sarg.log"); - - sprintf(tmp3,"%s/sarg",tmp); - if(access(tmp3, R_OK) == 0) { - unlinkdir(tmp3,1); + if(access(tmp, R_OK) == 0) { + unlinkdir(tmp,1); } - my_mkdir(tmp3); - strcpy(denied_unsort,tmp3); - strcpy(denied_sort,tmp3); - strcpy(authfail_unsort,tmp3); - strcat(denied_unsort,"/denied.log.unsort"); - strcat(denied_sort,"/denied.log"); - strcat(authfail_unsort,"/authfail.log.unsort"); + my_mkdir(tmp); + snprintf(denied_unsort,sizeof(denied_unsort),"%s/denied.log.unsort",tmp); + snprintf(denied_sort,sizeof(denied_sort),"%s/denied.log",tmp); + snprintf(authfail_unsort,sizeof(authfail_unsort),"%s/authfail.log.unsort",tmp); if(debug) { debuga(_("Parameters:\n")); @@ -755,7 +746,7 @@ int main(int argc,char *argv[]) exit(EXIT_FAILURE); } - snprintf(sz_Download_Unsort,sizeof(sz_Download_Unsort),"%s/sarg/download.unsort", tmp); + snprintf(sz_Download_Unsort,sizeof(sz_Download_Unsort),"%s/download.unsort", tmp); if(DataFile[0]=='\0') { if((ReportType & REPORT_TYPE_DENIED) != 0) { @@ -1458,8 +1449,8 @@ int main(int argc,char *argv[]) } } } - if (snprintf (tmp3, sizeof(tmp3), "%s/sarg/%s.unsort", tmp, ufile->user->filename)>=sizeof(tmp3)) { - debuga(_("Temporary user file name too long: %s/sarg/%s.unsort\n"), tmp, ufile->user->filename); + if (snprintf (tmp3, sizeof(tmp3), "%s/%s.unsort", tmp, ufile->user->filename)>=sizeof(tmp3)) { + debuga(_("Temporary user file name too long: %s/%s.unsort\n"), tmp, ufile->user->filename); exit(EXIT_FAILURE); } if ((ufile->file = MY_FOPEN (tmp3, "a")) == NULL) { @@ -1471,7 +1462,7 @@ int main(int argc,char *argv[]) /*if ( strcmp ( user , sz_Last_User ) != 0 ) { if ( fp_Write_User ) fclose( fp_Write_User ) ; - sprintf (tmp3, "%s/sarg/%s.unsort", tmp, user); + sprintf (tmp3, "%s/%s.unsort", tmp, user); if ((fp_Write_User = MY_FOPEN (tmp3, "a")) == NULL) { fprintf (stderr, "%s: (log) %s: %s - %s\n", argv[0], _("Cannot open temporary file"), tmp3, strerror(errno)); @@ -1670,7 +1661,6 @@ int main(int argc,char *argv[]) else gerarel(); - unlink(tmp2); if((ReportType & REPORT_TYPE_DENIED) != 0) unlink(denied_sort); diff --git a/report.c b/report.c index 3bf1b2b..aab9312 100644 --- a/report.c +++ b/report.c @@ -101,7 +101,6 @@ void gerarel(void) } puinfo=NULL; - strncat(tmp,"/sarg",5); fp_tt=NULL; if ((dirp = opendir(tmp)) == NULL) { @@ -391,7 +390,7 @@ void gerarel(void) if(SuccessfulMsg) debuga(_("Successful report generated on %s\n"),outdirname); } else { - geramail(outdirname, debug, outdir, email, TempDir); + geramail(outdirname, debug, outdir, email, tmp); if((strcmp(email,"stdout") != 0) && SuccessfulMsg) debuga(_("Successful report generated and sent to %s\n"),email); diff --git a/sort.c b/sort.c index 14b5cd9..ad7a784 100644 --- a/sort.c +++ b/sort.c @@ -93,7 +93,7 @@ void tmpsort(void) } strcat(arqou,".txt"); - sprintf(csort,"sort -n -T \"%s\" %s -k %s -k %s -k %s -o \"%s\" \"%s\"",TempDir,order,field1,field2,field3,arqou,arqin); + sprintf(csort,"sort -n -T \"%s\" %s -k %s -k %s -k %s -o \"%s\" \"%s\"",tmp,order,field1,field2,field3,arqou,arqin); cstatus=system(csort); if (!WIFEXITED(cstatus) || WEXITSTATUS(cstatus)) { debuga(_("sort command return status %d\n"),WEXITSTATUS(cstatus)); @@ -113,7 +113,6 @@ void sort_users_log(const char *tmp, int debug) DIR *dirp; struct dirent *direntp; char csort[MAXLEN]; - char wtmp[MAXLEN]; char user[MAXLEN]; char wdname[MAXLEN]; int cstatus; @@ -125,10 +124,8 @@ void sort_users_log(const char *tmp, int debug) debuga(_("pre-sorting files\n")); } - snprintf(wtmp,sizeof(wtmp),"%s/sarg",tmp); - - if ((dirp = opendir(wtmp)) == NULL) { - debuga(_("Failed to open directory %s - %s\n"),wtmp,strerror(errno)); + if ((dirp = opendir(tmp)) == NULL) { + debuga(_("Failed to open directory %s - %s\n"),tmp,strerror(errno)); exit(EXIT_FAILURE); } while ( (direntp = readdir( dirp )) != NULL ){ @@ -149,10 +146,10 @@ void sort_users_log(const char *tmp, int debug) if(strcmp(direntp->d_name,"download.unsort") == 0) clen=snprintf(csort,sizeof(csort),"sort -T \"%s\" -k 3,3 -k 1,1 -k 2,2 -k 5,5 -o \"%s/%s.log\" \"%s/%s.unsort\"", - tmp, wtmp, user, wtmp, user); + tmp, tmp, user, tmp, user); else clen=snprintf(csort,sizeof(csort),"sort -T \"%s\" -k 4,4 -k 1,1 -k 2,2 -o \"%s/%s.log\" \"%s/%s.unsort\"", - tmp, wtmp, user, wtmp, user); + tmp, tmp, user, tmp, user); if (clen>=sizeof(csort)) { debuga(_("user name too long to sort %s\n"),csort); exit(EXIT_FAILURE); @@ -163,8 +160,8 @@ void sort_users_log(const char *tmp, int debug) debuga(_("sort command: %s\n"),csort); exit(EXIT_FAILURE); } - if (snprintf(wdname,sizeof(wdname),"%s/%s.unsort",wtmp,user)>=sizeof(wdname)) { - debuga(_("user name too long for %s/%s.unsort\n"),wtmp,user); + if (snprintf(wdname,sizeof(wdname),"%s/%s.unsort",tmp,user)>=sizeof(wdname)) { + debuga(_("user name too long for %s/%s.unsort\n"),tmp,user); exit(EXIT_FAILURE); } unlink(wdname); diff --git a/topuser.c b/topuser.c index f63885a..444cfc2 100644 --- a/topuser.c +++ b/topuser.c @@ -148,7 +148,7 @@ void topuser(void) order=""; snprintf(top1,sizeof(top1),"%s/top",outdirname); - sprintf(csort,"sort -T \"%s\" %s %s -o \"%s\" \"%s\"", TempDir, order, sfield, top1, top2); + sprintf(csort,"sort -T \"%s\" %s %s -o \"%s\" \"%s\"", tmp, order, sfield, top1, top2); cstatus=system(csort); if (!WIFEXITED(cstatus) || WEXITSTATUS(cstatus)) { debuga(_("sort command return status %d\n"),WEXITSTATUS(cstatus)); diff --git a/useragent.c b/useragent.c index 492fa8a..a26bce5 100644 --- a/useragent.c +++ b/useragent.c @@ -59,8 +59,8 @@ void useragent(void) ipbefore[0]='\0'; namebefore[0]='\0'; - sprintf(tmp3,"%s/sarg/squagent.unsort",TempDir); - sprintf(tmp2,"%s/sarg/squagent.log",TempDir); + sprintf(tmp3,"%s/squagent.unsort",tmp); + sprintf(tmp2,"%s/squagent.log",tmp); if((fp_in=fopen(UserAgentLog,"r"))==NULL) { debuga(_("(useragent) Cannot open file %s\n"),UserAgentLog); diff --git a/util.c b/util.c index e0e7104..6c6439c 100644 --- a/util.c +++ b/util.c @@ -1676,27 +1676,6 @@ void output_html_url(FILE *fp_ou,const char *url) } } -void baddata(void) -{ - char dir[1024]; - - printf("SARG: ------------------------------------------------------------------------------\n"); - printf(_("SARG: MALICIUS CODE DETECTED.\n")); - printf(_("SARG: I think someone is trying to execute arbitrary code in your system using sarg.\n")); - printf(_("SARG: please review your access.log and/or your useragent.log file.\n")); - printf(_("SARG: process stoped. No actions taken.\n")); - printf("SARG: ------------------------------------------------------------------------------\n"); - - if (snprintf(dir,sizeof(dir),"%s/sarg",tmp)>=sizeof(dir)) { - debuga(_("temporary directory too long: %s/sarg\n"),tmp); - exit(EXIT_FAILURE); - } - unlinkdir(dir,0); - unlinkdir(outdirname,0); - - exit(EXIT_FAILURE); -} - void url_hostname(const char *url,char *hostname,int hostsize) { int i;