From 4bcb77cf900ead8f2d9ba2f7306bb7eb9a3df2c2 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Fr=C3=A9d=C3=A9ric=20Marchal?= Date: Fri, 26 Jun 2009 07:29:47 +0000 Subject: [PATCH] Protection against buffer overflows in getword and friends and report the origin of the error instead of always blaming access.log. --- auth.c | 14 +- authfail.c | 11 +- convlog.c | 5 +- dansguardian_log.c | 33 +-- dansguardian_report.c | 12 +- datafile.c | 28 ++- denied.c | 11 +- download.c | 11 +- exclude.c | 26 +- getconf.c | 535 ++++++++++++++++++++++++++++++++---------- grepday.c | 20 +- html.c | 65 +++-- include/conf.h | 7 + index.c | 100 ++++++-- ip2name.c | 14 +- language.c | 14 +- lastlog.c | 5 +- log.c | 357 +++++++++++++++++++++------- realtime.c | 103 ++++++-- repday.c | 11 +- report.c | 32 ++- siteuser.c | 20 +- smartfilter.c | 12 +- sort.c | 10 +- splitlog.c | 5 +- squidguard_log.c | 61 +++-- squidguard_report.c | 12 +- topsites.c | 71 ++++-- totday.c | 11 +- useragent.c | 47 ++-- util.c | 173 ++++++++++---- 31 files changed, 1347 insertions(+), 489 deletions(-) diff --git a/auth.c b/auth.c index 332c6b1..6bbf383 100644 --- a/auth.c +++ b/auth.c @@ -25,21 +25,25 @@ #include "include/conf.h" -void htaccess(char *name) +void htaccess(const char *name) { + char htname[MAXLEN]; FILE *fp_auth; if(strncmp(UserAuthentication,"yes",3) !=0 ) return; - sprintf(warea,"%s/%s/.htaccess",dirname,name); - if((fp_auth=fopen(warea,"w"))==NULL) { - fprintf(stderr, "SARG: (auth) %s: %s\n",text[45],warea); + sprintf(htname,"%s/%s/.htaccess",dirname,name); + if((fp_auth=fopen(htname,"w"))==NULL) { + fprintf(stderr, "SARG: (auth) %s: %s\n",text[45],htname); exit(1); } strcpy(warea,Require); - getword(buf,warea,'%'); + if (getword(buf,sizeof(buf),warea,'%')<0) { + printf("SARG: The \"Require\" entry of your sarg.conf file is too long for your %s file.\n",htname); + exit(1); + } fputs("AuthUserFile ",fp_auth); fputs(AuthUserFile,fp_auth); fputs("\n",fp_auth); diff --git a/authfail.c b/authfail.c index 469f7eb..5a933c4 100644 --- a/authfail.c +++ b/authfail.c @@ -113,11 +113,12 @@ void authfail_report() fputs(url,fp_ou); while(fgets(buf,sizeof(buf),fp_in)!=NULL) { - getword(data,buf,' '); - getword(hora,buf,' '); - getword(user,buf,' '); - getword(ip,buf,' '); - getword(url,buf,' '); + if (getword_multisep(data,sizeof(data),buf,' ')<0 || getword_multisep(hora,sizeof(hora),buf,' ')<0 || + getword_multisep(user,sizeof(user),buf,' ')<0 || getword_multisep(ip,sizeof(ip),buf,' ')<0 || + getword_multisep(url,sizeof(url),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",authfail_in); + exit(1); + } if((str=(char *) strstr(user, "_")) != (char *) NULL ) { if((str=(char *) strstr(str+1, "_")) != (char *) NULL ) diff --git a/convlog.c b/convlog.c index ab1e3e7..6fefe38 100644 --- a/convlog.c +++ b/convlog.c @@ -47,7 +47,10 @@ void convlog(char *arq, char *df, int dfrom, int duntil) } while(fgets(buf,sizeof(buf),fp_in)!=NULL) { - getword(data,buf,' '); + if (getword(data,sizeof(data),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",arq); + exit(1); + } tt=atoi(data); t=localtime(&tt); diff --git a/dansguardian_log.c b/dansguardian_log.c index bcabde9..ced1d5c 100644 --- a/dansguardian_log.c +++ b/dansguardian_log.c @@ -97,16 +97,20 @@ int dansguardian_log() if(strncmp(buf,"#",1) == 0) continue; if(strstr(buf,"loglocation ") != 0) { - getword(loglocation,buf,'\''); - getword(loglocation,buf,'\''); + if (getword(loglocation,sizeof(loglocation),buf,'\'')<0 || getword(loglocation,sizeof(loglocation),buf,'\'')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",DansGuardianConf); + exit(1); + } break; } } if(debug) { strcpy(buf,text[7]); - getword(urly,buf,' '); - getword(href,buf,' '); + if (getword(urly,sizeof(urly),buf,' ')<0 || getword(href,sizeof(href),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s entry.\n",text[7]); + exit(1); + } sprintf(msg,"%s DansGuardian %s: %s",urly,buf,loglocation); debuga(msg); } @@ -119,18 +123,15 @@ int dansguardian_log() while(fgets(buf,sizeof(buf),fp_in) != NULL) { if(strstr(buf," *DENIED* ") == 0) continue; - getword(year,buf,'.'); - getword(mon,buf,'.'); - getword(day,buf,' '); - getword(hour,buf,' '); - getword(user,buf,' '); - getword(ip,buf,' '); - getword(url,buf,'/'); - getword(url,buf,'/'); - getword(url,buf,' '); - getword(code1,buf,' '); - getword(code1,buf,' '); - getword(code2,buf,' '); + if (getword(year,sizeof(year),buf,'.')<0 || getword(mon,sizeof(mon),buf,'.')<0 || + getword(day,sizeof(day),buf,' ')<0 || getword(hour,sizeof(hour),buf,' ')<0 || + getword(user,sizeof(user),buf,' ')<0 || getword(ip,sizeof(ip),buf,' ')<0 || + getword(url,sizeof(url),buf,'/')<0 || getword(url,sizeof(url),buf,'/')<0 || + getword(url,sizeof(url),buf,' ')<0 || getword(code1,sizeof(code1),buf,' ')<0 || + getword(code1,sizeof(code1),buf,' ')<0 || getword(code2,sizeof(code2),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",loglocation); + exit(1); + } sprintf(wdata,"%s%02d%s",year,atoi(mon),day); idata = atoi(wdata); diff --git a/dansguardian_report.c b/dansguardian_report.c index a3c85d4..ed90cf1 100644 --- a/dansguardian_report.c +++ b/dansguardian_report.c @@ -107,12 +107,12 @@ void dansguardian_report() fputs(url,fp_ou); while(fgets(buf,sizeof(buf),fp_in)!=NULL) { - getword(user,buf,' '); - getword(date2,buf,' '); - getword(hour,buf,' '); - getword(ip,buf,' '); - getword(url,buf,' '); - getword(rule,buf,'\n'); + if (getword(user,sizeof(user),buf,' ')<0 || getword(date2,sizeof(date2),buf,' ')<0 || + getword(hour,sizeof(hour),buf,' ')<0 || getword(ip,sizeof(ip),buf,' ')<0 || + getword(url,sizeof(url),buf,' ')<0 || getword(rule,sizeof(rule),buf,'\n')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",dansguardian_in); + exit(1); + } if(strcmp(UserIp,"yes") == 0) strcpy(user,ip); diff --git a/datafile.c b/datafile.c index f8533dd..c8be2cd 100644 --- a/datafile.c +++ b/datafile.c @@ -71,21 +71,22 @@ void data_file(char *tmp) } strcpy(wdname,direntp->d_name); strip_prefix: - getword(wname2,wdname,'.'); + if (getword(wname2,sizeof(wname2),wdname,'.')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s directory.\n",tmp); + exit(1); + } strcat(user,wname2); ttopen=0; while(fgets(buf,sizeof(buf),fp_in)!=NULL) { - getword(accdia,buf,' '); - getword(acchora,buf,' '); - getword(accuser,buf,' '); - getword(accip,buf,' '); - getword(accurl,buf,' '); - getword(accbytes,buf,' '); - getword(acccode,buf,' '); - getword(accelap,buf,' '); - getword(accsmart,buf,' '); - getword(accsmart,buf,'"'); + if (getword(accdia,sizeof(accdia),buf,' ')<0 || getword(acchora,sizeof(acchora),buf,' ')<0 || + getword(accuser,sizeof(accuser),buf,' ')<0 || getword(accip,sizeof(accip),buf,' ')<0 || + getword(accurl,sizeof(accurl),buf,' ')<0 || getword(accbytes,sizeof(accbytes),buf,' ')<0 || + getword(acccode,sizeof(acccode),buf,' ')<0 || getword(accelap,sizeof(accelap),buf,' ')<0 || + getword(accsmart,sizeof(accsmart),buf,' ')<0 || getword(accsmart,sizeof(accsmart),buf,'"')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",tmp3); + exit(1); + } if(strcmp(Ip2Name,"yes") == 0) { if(strcmp(accip,ipantes) != 0) { @@ -127,7 +128,10 @@ void data_file(char *tmp) nelap+=my_atoll(accelap); strcpy(wcrc,acccode); - getword(crc2,wcrc,'/'); + if (getword(crc2,sizeof(crc2),wcrc,'/')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",tmp3); + exit(1); + } if(strstr(crc2,"MISS") != 0) oucache+=my_atoll(accbytes); else incache+=my_atoll(accbytes); diff --git a/denied.c b/denied.c index 7610f70..ecf276e 100644 --- a/denied.c +++ b/denied.c @@ -103,11 +103,12 @@ void gen_denied_report() fputs(url,fp_ou); while(fgets(buf,sizeof(buf),fp_in)!=NULL) { - getword(data,buf,' '); - getword(hora,buf,' '); - getword(user,buf,' '); - getword(ip,buf,' '); - getword(url,buf,' '); + if (getword(data,sizeof(data),buf,' ')<0 || getword(hora,sizeof(hora),buf,' ')<0 || + getword(user,sizeof(user),buf,' ')<0 || getword(ip,sizeof(ip),buf,' ')<0 || + getword(url,sizeof(url),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",denied_in); + exit(1); + } if((str=(char *) strstr(user, "_")) != (char *) NULL ) { if((str=(char *) strstr(str+1, "_")) != (char *) NULL ) diff --git a/download.c b/download.c index e8f9387..cc1d6c1 100644 --- a/download.c +++ b/download.c @@ -110,11 +110,12 @@ void download_report() fputs(url,fp_ou); while(fgets(buf,sizeof(buf),fp_in)!=NULL) { - getword(data,buf,' '); - getword(hora,buf,' '); - getword(user,buf,' '); - getword(ip,buf,' '); - getword(url,buf,' '); + if (getword(data,sizeof(data),buf,' ')<0 || getword(hora,sizeof(hora),buf,' ')<0 || + getword(user,sizeof(user),buf,' ')<0 || getword(ip,sizeof(ip),buf,' ')<0 || + getword(url,sizeof(url),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",report_in); + exit(1); + } if((str=(char *) strstr(user, "_")) != (char *) NULL ) { if((str=(char *) strstr(str+1, "_")) != (char *) NULL ) diff --git a/exclude.c b/exclude.c index 9c9afc3..f4a1840 100644 --- a/exclude.c +++ b/exclude.c @@ -45,11 +45,16 @@ int vhexclude(char *excludefile, char *url) whost[0]='\0'; strcpy(str,excludefile); strcpy(wurl,url); - - getword(whost,str,' '); + if (getword(whost,sizeof(whost),str,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your exclude host file.\n"); + exit(1); + } if(strchr(wurl,':') != 0) { - getword(warea,wurl,':'); + if (getword(warea,sizeof(warea),wurl,':')<0) { + printf("SARG: Maybe you have a broken record or garbage in your excluded url.\n"); + exit(1); + } strcpy(wurl,warea); } @@ -60,15 +65,24 @@ int vhexclude(char *excludefile, char *url) return(0); } if(strchr(whost,'*') != 0) { - getword(warea,whost,'.'); - getword(warea,wurl,'.'); + if (getword(warea,sizeof(warea),whost,'.')<0) { + printf("SARG: Maybe you have a broken record or garbage in your exclude host file.\n"); + exit(1); + } + if (getword(warea,sizeof(warea),wurl,'.')<0) { + printf("SARG: Maybe you have a broken record or garbage in your exclude host file.\n"); + exit(1); + } if(strcmp(wurl,whost) == 0) { free(wurl); free(str); return(0); } } - getword(whost,str,' '); + if (getword(whost,sizeof(whost),str,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your exclude host file.\n"); + exit(1); + } } free(wurl); free(str); diff --git a/getconf.c b/getconf.c index 2d75530..86f242e 100644 --- a/getconf.c +++ b/getconf.c @@ -34,7 +34,10 @@ void parmtest(char *buf) { if(strstr(buf,"background_color") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in background_color parameter.\n"); + exit(1); + } strcpy(BgColor,buf); fixnone(BgColor); return; @@ -42,7 +45,10 @@ void parmtest(char *buf) if(strstr(buf,"text_color") != 0) { if(strstr(buf,"logo_text_color") == 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in text_color parameter.\n"); + exit(1); + } strcpy(TxColor,buf); fixnone(TxColor); return; @@ -50,21 +56,30 @@ void parmtest(char *buf) } if(strstr(buf,"text_bgcolor") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in text_bgcolor parameter.\n"); + exit(1); + } strcpy(TxBgColor,buf); fixnone(TxBgColor); return; } if(strstr(buf,"title_color") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in title_color parameter.\n"); + exit(1); + } strcpy(TiColor,buf); fixnone(TiColor); return; } if(strstr(buf,"logo_image") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in logo_image parameter.\n"); + exit(1); + } strcpy(LogoImage,buf); fixnone(LogoImage); return; @@ -72,57 +87,84 @@ void parmtest(char *buf) if(strstr(buf,"logo_text") != 0) { if(strstr(buf,"logo_text_color") == 0) { - getword(wbuf,buf,'"'); - getword(LogoText,buf,'"'); + if (getword(wbuf,sizeof(wbuf),buf,'"')<0) { + printf("SARG: Maybe you have a broken record or garbage in logo_text parameter.\n"); + exit(1); + } + if (getword(LogoText,sizeof(LogoText),buf,'"')<0) { + printf("SARG: Maybe you have a broken record or garbage in logo_text parameter.\n"); + exit(1); + } fixnone(LogoText); return; } } if(strstr(buf,"logo_text_color") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in logo_text_color parameter.\n"); + exit(1); + } strcpy(LogoTextColor,buf); fixnone(LogoTextColor); return; } if(strstr(buf,"background_image") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in background_image parameter.\n"); + exit(1); + } strcpy(BgImage,buf); fixnone(BgImage); return; } if(strstr(buf,"show_sarg_info") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in show_sarg_info parameter.\n"); + exit(1); + } strcpy(ShowSargInfo,buf); fixnone(ShowSargInfo); return; } if(strstr(buf,"show_sarg_logo") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in show_sarg_logo parameter.\n"); + exit(1); + } strcpy(ShowSargLogo,buf); fixnone(ShowSargLogo); return; } if(strstr(buf,"font_face") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in font_face parameter.\n"); + exit(1); + } strcpy(FontFace,buf); fixnone(FontFace); return; } if(strstr(buf,"header_color") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in header_color parameter.\n"); + exit(1); + } strcpy(HeaderColor,buf); fixnone(HeaderColor); return; } if(strstr(buf,"header_bgcolor") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in header_bgcolor parameter.\n"); + exit(1); + } strcpy(HeaderBgColor,buf); fixnone(HeaderBgColor); return; @@ -130,7 +172,10 @@ void parmtest(char *buf) if(strstr(buf,"font_size") != 0) { if(strstr(buf,"header_font_size") == 0 && strstr(buf,"title_font_size") == 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in font_size parameter.\n"); + exit(1); + } strcpy(FontSize,buf); fixnone(FontSize); return; @@ -138,58 +183,79 @@ void parmtest(char *buf) } if(strstr(buf,"header_font_size") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in header_font_size parameter.\n"); + exit(1); + } strcpy(HeaderFontSize,buf); fixnone(HeaderFontSize); return; } if(strstr(buf,"title_font_size") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in title_font_size parameter.\n"); + exit(1); + } strcpy(TitleFontSize,buf); fixnone(TitleFontSize); return; } if(strstr(buf,"image_size") != 0) { - getword(wbuf,buf,' '); - getword(Width,buf,' '); - strcpy(Height,buf); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0 || getword_multisep(Width,sizeof(Width),buf,' ')<0 || getword_multisep(Height,sizeof(Height),Height,0)<0) { + printf("SARG: Maybe you have a broken record or garbage in image_size parameter.\n"); + exit(1); + } fixnone(Width); fixnone(Height); return; } if(strstr(buf,"title") != 0) { - getword(wbuf,buf,'"'); - getword(Title,buf,'"'); + if (getword(wbuf,sizeof(wbuf),buf,'"')<0 || getword(Title,sizeof(Title),buf,'"')<0) { + printf("SARG: Maybe you have a broken record or garbage in title parameter.\n"); + exit(1); + } fixnone(Title); return; } if(strstr(buf,"resolve_ip") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in resolve_ip parameter.\n"); + exit(1); + } strcpy(Ip2Name,buf); fixnone(Ip2Name); return; } if(strstr(buf,"user_ip") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in user_ip parameter.\n"); + exit(1); + } strcpy(UserIp,buf); fixnone(UserIp); return; } if(strstr(buf,"max_elapsed") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in max_elapsed parameter.\n"); + exit(1); + } strcpy(MaxElapsed,buf); fixnone(MaxElapsed); return; } if(strstr(buf,"date_format") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in date_format parameter.\n"); + exit(1); + } strncpy(DateFormat,buf,1); fixnone(DateFormat); return; @@ -210,16 +276,20 @@ void parmtest(char *buf) } if(strstr(buf,"topuser_sort_field") != 0) { - getword(wbuf,buf,' '); - getword(TopuserSortField,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0 || getword_multisep(TopuserSortField,sizeof(TopuserSortField),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in topuser_sort_field parameter.\n"); + exit(1); + } strcpy(TopuserSortOrder,buf); fixnone(TopuserSortOrder); return; } if(strstr(buf,"user_sort_field") != 0) { - getword(wbuf,buf,' '); - getword(UserSortField,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0 || getword_multisep(UserSortField,sizeof(UserSortField),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in user_sort_field parameter.\n"); + exit(1); + } strcpy(UserSortOrder,buf); fixnone(UserSortOrder); return; @@ -227,7 +297,10 @@ void parmtest(char *buf) if(strstr(buf,"access_log") != 0) { if(strstr(buf,"realtime_access_log_lines") == 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in access_log parameter.\n"); + exit(1); + } strcpy(AccessLog,buf); fixnone(AccessLog); return; @@ -235,49 +308,70 @@ void parmtest(char *buf) } if(strstr(buf,"useragent_log") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in useragent_log parameter.\n"); + exit(1); + } strcpy(UserAgentLog,buf); fixnone(UserAgentLog); return; } if(strstr(buf,"exclude_hosts") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in exclude_hosts parameter.\n"); + exit(1); + } strcpy(ExcludeHosts,buf); fixnone(ExcludeHosts); return; } if(strstr(buf,"exclude_codes") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in exclude_codes parameter.\n"); + exit(1); + } strcpy(ExcludeCodes,buf); fixnone(ExcludeCodes); return; } if(strstr(buf,"exclude_users") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in exclude_users parameter.\n"); + exit(1); + } strcpy(ExcludeUsers,buf); fixnone(ExcludeUsers); return; } if(strstr(buf,"password") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in password parameter.\n"); + exit(1); + } strcpy(PasswdFile,buf); fixnone(PasswdFile); return; } if(strstr(buf,"temporary_dir") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in temporary_dir parameter.\n"); + exit(1); + } strcpy(TempDir,buf); fixnone(TempDir); return; } if(strstr(buf,"report_type") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in report_type parameter.\n"); + exit(1); + } strcpy(ReportType,buf); fixnone(ReportType); return; @@ -285,7 +379,10 @@ void parmtest(char *buf) if(strstr(buf,"output_dir") != 0) { if(strstr(buf,"output_dir_form") == 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in output_dir parameter.\n"); + exit(1); + } strcpy(OutputDir,buf); fixnone(OutputDir); return; @@ -293,15 +390,20 @@ void parmtest(char *buf) } if(strstr(buf,"output_email") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in output_email parameter.\n"); + exit(1); + } strcpy(OutputEmail,buf); fixnone(OutputEmail); return; } if(strstr(buf,"per_user_limit") != 0) { - getword(wbuf,buf,' '); - getword(PerUserLimitFile,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0 || getword_multisep(PerUserLimitFile,sizeof(PerUserLimitFile),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in per_user_limit parameter.\n"); + exit(1); + } strcpy(PerUserLimit,buf); fixnone(PerUserLimitFile); fixnone(PerUserLimit); @@ -310,28 +412,40 @@ void parmtest(char *buf) if(strstr(buf,"lastlog") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in lastlog parameter.\n"); + exit(1); + } strcpy(LastLog,buf); fixnone(LastLog); return; } if(strstr(buf,"remove_temp_files") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in remove_temp_files parameter.\n"); + exit(1); + } strcpy(RemoveTempFiles,buf); fixnone(RemoveTempFiles); return; } if(strstr(buf,"replace_index") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in replace_index parameter.\n"); + exit(1); + } strcpy(ReplaceIndex,buf); fixnone(ReplaceIndex); return; } if(strstr(buf,"index_tree") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in index_tree parameter.\n"); + exit(1); + } strcpy(IndexTree,buf); fixnone(IndexTree); return; @@ -339,7 +453,10 @@ void parmtest(char *buf) if(strstr(buf,"index") != 0) { if(strstr(buf,"index_sort_order") == 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in index parameter.\n"); + exit(1); + } strcpy(Index,buf); fixnone(Index); return; @@ -347,64 +464,90 @@ void parmtest(char *buf) } if(strstr(buf,"overwrite_report") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in overwrite_report parameter.\n"); + exit(1); + } strcpy(OverwriteReport,buf); fixnone(OverwriteReport); return; } if(strstr(buf,"records_without_userid") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in records_without_userid parameter.\n"); + exit(1); + } strcpy(RecordsWithoutUser,buf); fixnone(RecordsWithoutUser); return; } if(strstr(buf,"use_comma") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in use_comma parameter.\n"); + exit(1); + } strcpy(UseComma,buf); fixnone(UseComma); return; } if(strstr(buf,"mail_utility") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in mail_utility parameter.\n"); + exit(1); + } strcpy(MailUtility,buf); fixnone(MailUtility); return; } if(strstr(buf,"topsites_num") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in topsites_num parameter.\n"); + exit(1); + } strcpy(TopSitesNum,buf); fixnone(TopSitesNum); return; } if(strstr(buf,"topuser_num") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in topuser_num parameter.\n"); + exit(1); + } strcpy(TopUsersNum,buf); fixnone(TopUsersNum); return; } if(strstr(buf,"usertab") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in usertab parameter.\n"); + exit(1); + } strcpy(UserTabFile,buf); fixnone(UserTabFile); return; } if(strstr(buf,"index_sort_order") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in index_sort_order parameter.\n"); + exit(1); + } strcpy(IndexSortOrder,buf); fixnone(IndexSortOrder); return; } if(strstr(buf,"topsites_sort_order") != 0) { - getword(wbuf,buf,' '); - getword(TopsitesSortField,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0 || getword_multisep(TopsitesSortField,sizeof(TopsitesSortField),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in topsites_sort_order parameter.\n"); + exit(1); + } strcpy(TopsitesSortType,buf); fixnone(TopsitesSortField); fixnone(TopsitesSortType); @@ -412,42 +555,60 @@ void parmtest(char *buf) } if(strstr(buf,"long_url") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in long_url parameter.\n"); + exit(1); + } strcpy(LongUrl,buf); fixnone(LongUrl); return; } if(strstr(buf,"language") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in language parameter.\n"); + exit(1); + } strcpy(language,buf); fixnone(language); return; } if(strstr(buf,"dansguardian_conf") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in dansguardian_conf parameter.\n"); + exit(1); + } strcpy(DansGuardianConf,buf); fixnone(DansGuardianConf); return; } if(strstr(buf,"squidguard_conf") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in squidguard_conf parameter.\n"); + exit(1); + } strcpy(SquidGuardConf,buf); fixnone(SquidGuardConf); return; } if(strstr(buf,"date_time_by") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in date_time_by parameter.\n"); + exit(1); + } strcpy(datetimeby,buf); fixnone(datetimeby); return; } if(strstr(buf,"charset") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in charset parameter.\n"); + exit(1); + } strcpy(CharSet,buf); fixnone(CharSet); ccharset(CharSet); @@ -455,23 +616,29 @@ void parmtest(char *buf) } if(strstr(buf,"user_invalid_char") != 0) { - getword(wbuf,buf,'"'); - getword(UserInvalidChar,buf,'"'); + if (getword_multisep(wbuf,sizeof(wbuf),buf,'"')<0 || getword_multisep(UserInvalidChar,sizeof(UserInvalidChar),buf,'"')<0) { + printf("SARG: Maybe you have a broken record or garbage in user_invalid_char parameter.\n"); + exit(1); + } fixnone(UserInvalidChar); return; } if(strstr(buf,"include_users") != 0) { - getword(wbuf,buf,'"'); - getword(wbuf,buf,'"'); + if (getword_multisep(wbuf,sizeof(wbuf),buf,'"')<0 || getword_multisep(wbuf,sizeof(wbuf),buf,'"')<0) { + printf("SARG: Maybe you have a broken record or garbage in include_users parameter.\n"); + exit(1); + } sprintf(IncludeUsers,":%s:",wbuf); fixnone(IncludeUsers); return; } if(strstr(buf,"exclude_string") != 0) { - getword(wbuf,buf,'"'); - getword(ExcludeString,buf,'"'); + if (getword_multisep(wbuf,sizeof(wbuf),buf,'"')<0 || getword_multisep(ExcludeString,sizeof(ExcludeString),buf,'"')<0) { + printf("SARG: Maybe you have a broken record or garbage in exclude_string parameter.\n"); + exit(1); + } fixnone(ExcludeString); return; } @@ -479,7 +646,10 @@ void parmtest(char *buf) if(strstr(buf,"privacy") != 0) { if(strstr(buf,"privacy_string") == 0 && \ strstr(buf,"privacy_string_color") == 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in privacy parameter.\n"); + exit(1); + } strcpy(Privacy,buf); fixnone(Privacy); return; @@ -488,86 +658,120 @@ void parmtest(char *buf) if(strstr(buf,"privacy_string") != 0) { if(strstr(buf,"privacy_string_color") == 0) { - getword(wbuf,buf,'"'); - getword(PrivacyString,buf,'"'); + if (getword_multisep(wbuf,sizeof(wbuf),buf,'"')<0 || getword_multisep(PrivacyString,sizeof(PrivacyString),buf,'"')<0) { + printf("SARG: Maybe you have a broken record or garbage in privacy_string parameter.\n"); + exit(1); + } fixnone(PrivacyString); return; } } if(strstr(buf,"privacy_string_color") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in privacy_string_color parameter.\n"); + exit(1); + } strcpy(PrivacyStringColor,buf); fixnone(PrivacyStringColor); return; } if(strstr(buf,"show_successful_message") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in show_successful_message parameter.\n"); + exit(1); + } strcpy(SuccessfulMsg,buf); fixnone(SuccessfulMsg); return; } if(strstr(buf,"show_read_statistics") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in show_read_statistics parameter.\n"); + exit(1); + } strcpy(ShowReadStatistics,buf); fixnone(ShowReadStatistics); return; } if(strstr(buf,"topuser_fields") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in topuser_fields parameter.\n"); + exit(1); + } strcpy(TopUserFields,buf); fixnone(TopUserFields); return; } if(strstr(buf,"bytes_in_sites_users_report") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in bytes_in_sites_users_report parameter.\n"); + exit(1); + } strcpy(BytesInSitesUsersReport,buf); fixnone(BytesInSitesUsersReport); return; } if(strstr(buf,"user_report_fields") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in user_report_fields parameter.\n"); + exit(1); + } strcpy(UserReportFields,buf); fixnone(UserReportFields); return; } if(strstr(buf,"bytes_in_sites_users_report") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in site_user_time_date_type parameter.\n"); + exit(1); + } strcpy(BytesInSitesUsersReport,buf); fixnone(BytesInSitesUsersReport); return; } if(strstr(buf,"datafile ") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in datafile parameter.\n"); + exit(1); + } strcpy(DataFile,buf); fixnone(DataFile); return; } if(strstr(buf,"datafile_delimiter") != 0) { - getword(wbuf,buf,' '); - getword(wbuf,buf,'"'); - getword(DataFileDelimiter,buf,'"'); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0 || getword(wbuf,sizeof(wbuf),buf,'"')<0 || + getword(DataFileDelimiter,sizeof(DataFileDelimiter),buf,'"')<0) { + printf("SARG: Maybe you have a broken record or garbage in datafile_delimiter parameter.\n"); + exit(1); + } fixnone(DataFileDelimiter); return; } if(strstr(buf,"datafile_fields") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in datafile_fields parameter.\n"); + exit(1); + } strcpy(DataFileFields,buf); fixnone(DataFileFields); return; } if(strstr(buf,"datafile_url") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in datafile_url parameter.\n"); + exit(1); + } strcpy(DataFileUrl,buf); fixnone(DataFileUrl); return; @@ -575,7 +779,10 @@ void parmtest(char *buf) if(strstr(buf,"parsed_output_log") != 0) { if(strstr(buf,"parsed_output_log_compress") == 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in parsed_output_log parameter.\n"); + exit(1); + } strcpy(ParsedOutputLog,buf); fixnone(ParsedOutputLog); return; @@ -583,195 +790,281 @@ void parmtest(char *buf) } if(strstr(buf,"parsed_output_log_compress") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in parsed_output_log_compress parameter.\n"); + exit(1); + } strcpy(ParsedOutputLogCompress,buf); fixnone(ParsedOutputLogCompress); return; } if(strstr(buf,"displayed_values") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in displayed_values parameter.\n"); + exit(1); + } strcpy(DisplayedValues,buf); fixnone(DisplayedValues); return; } if(strstr(buf,"authfail_report_limit") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in authfail_report_limit parameter.\n"); + exit(1); + } AuthfailReportLimit=atoi(buf); return; } if(strstr(buf,"denied_report_limit") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in denied_report_limit parameter.\n"); + exit(1); + } DeniedReportLimit=atoi(buf); return; } if(strstr(buf,"siteusers_report_limit") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in siteusers_report_limit parameter.\n"); + exit(1); + } SiteUsersReportLimit=atoi(buf); return; } if(strstr(buf,"dansguardian_report_limit") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in dansguardian_report_limit parameter.\n"); + exit(1); + } DansGuardianReportLimit=atoi(buf); return; } if(strstr(buf,"squidguard_report_limit") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in squidguard_report_limit parameter.\n"); + exit(1); + } SquidGuardReportLimit=atoi(buf); return; } if(strstr(buf,"user_report_limit") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in user_report_limit parameter.\n"); + exit(1); + } UserReportLimit=atoi(buf); return; } if(strstr(buf,"download_report_limit") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in download_report_limit parameter.\n"); + exit(1); + } DownloadReportLimit=atoi(buf); return; } if(strstr(buf,"www_document_root") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in www_document_root parameter.\n"); + exit(1); + } strcpy(wwwDocumentRoot,buf); fixnone(wwwDocumentRoot); return; } if(strstr(buf,"block_it") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in block_it parameter.\n"); + exit(1); + } strcpy(BlockIt,buf); fixnone(BlockIt); return; } if(strstr(buf,"external_css_file") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in external_css_file parameter.\n"); + exit(1); + } strcpy(ExternalCSSFile,buf); fixnone(ExternalCSSFile); return; } if(strstr(buf,"user_authentication") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in user_authentication parameter.\n"); + exit(1); + } strcpy(UserAuthentication,buf); fixnone(UserAuthentication); return; } if(strstr(buf,"AuthUserFile") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in AuthUserFile parameter.\n"); + exit(1); + } strcpy(AuthUserFile,buf); fixnone(AuthUserFile); return; } if(strstr(buf,"AuthName") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in AuthName parameter.\n"); + exit(1); + } strcpy(AuthName,buf); fixnone(AuthName); return; } if(strstr(buf,"AuthType") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in AuthType parameter.\n"); + exit(1); + } strcpy(AuthType,buf); fixnone(AuthType); return; } if(strstr(buf,"Require") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in Require parameter.\n"); + exit(1); + } strcpy(Require,buf); fixnone(Require); return; } if(strstr(buf,"download_suffix") != 0) { - getword(wbuf,buf,'"'); - getword(DownloadSuffix,buf,'"'); + if (getword_multisep(wbuf,sizeof(wbuf),buf,'"')<0 || getword_multisep(DownloadSuffix,sizeof(DownloadSuffix),buf,'"')<0) { + printf("SARG: Maybe you have a broken record or garbage in download_suffix parameter.\n"); + exit(1); + } fixnone(DownloadSuffix); return; } if(strstr(buf,"graphs") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in graphs parameter.\n"); + exit(1); + } strcpy(Graphs,buf); fixnone(Graphs); return; } if(strstr(buf,"graph_days_bytes_bar_color") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in graph_days_bytes_bar_color parameter.\n"); + exit(1); + } strcpy(GraphDaysBytesBarColor,buf); fixnone(GraphDaysBytesBarColor); return; } if(strstr(buf,"squidguard_log_format") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in squidguard_log_format parameter.\n"); + exit(1); + } strcpy(SquidGuardLogFormat,buf); fixnone(SquidGuardLogFormat); return; } if(strstr(buf,"squidguard_ignore_date") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in squidguard_ignore_date parameter.\n"); + exit(1); + } strcpy(SquidguardIgnoreDate,buf); fixnone(SquidguardIgnoreDate); return; } if(strstr(buf,"dansguardian_ignore_date") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in dansguardian_ignore_date parameter.\n"); + exit(1); + } strcpy(DansguardianIgnoreDate,buf); fixnone(DansguardianIgnoreDate); return; } if(strstr(buf,"ulimit") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in ulimit parameter.\n"); + exit(1); + } strcpy(Ulimit,buf); fixnone(Ulimit); return; } if(strstr(buf,"ntlm_user_format") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in ntlm_user_format parameter.\n"); + exit(1); + } strcpy(NtlmUserFormat,buf); fixnone(NtlmUserFormat); return; } if(strstr(buf,"realtime_types") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in realtime_types parameter.\n"); + exit(1); + } strcpy(RealtimeTypes,buf); fixnone(RealtimeTypes); return; } if(strstr(buf,"realtime_unauthenticated_records") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in realtime_unauthenticated_records parameter.\n"); + exit(1); + } strcpy(RealtimeUnauthRec,buf); fixnone(RealtimeUnauthRec); return; } if(strstr(buf,"realtime_refresh_time") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in realtime_refresh_time parameter.\n"); + exit(1); + } realtime_refresh=atoi(buf); return; } if(strstr(buf,"realtime_access_log_lines") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in realtime_access_log_lines parameter.\n"); + exit(1); + } realtime_access_log_lines=atoi(buf); return; } @@ -782,9 +1075,15 @@ void parmtest(char *buf) } if(strstr(buf,"byte_cost") != 0) { - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in byte_cost parameter.\n"); + exit(1); + } cost=atol(buf); - getword(wbuf,buf,' '); + if (getword_multisep(wbuf,sizeof(wbuf),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in byte_cost parameter.\n"); + exit(1); + } nocost=my_atoll(buf); return; } diff --git a/grepday.c b/grepday.c index 3c5596b..0073187 100644 --- a/grepday.c +++ b/grepday.c @@ -419,16 +419,24 @@ void greport_day(char *user, int *iprel, int *ipuser) } else strcpy(name,user); while(fgets(buf,sizeof(buf),fp_in)!=NULL) { - getword(data,buf,' '); - getword(day,data,'/'); - if(strcmp(DateFormat,"u") == 0) - getword(day,data,'/'); + if (getword(data,sizeof(data),buf,' ')<0 || getword(day,sizeof(day),data,'/')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",tmp5); + exit(1); + } + if(strcmp(DateFormat,"u") == 0) { + if (getword(day,sizeof(day),data,'/')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",tmp5); + exit(1); + } + } if(!count) { strcpy(oday,day); count++; } - getword(bytes,buf,' '); - getword(bytes,buf,' '); + if (getword(bytes,sizeof(bytes),buf,' ')<0 || getword(bytes,sizeof(bytes),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",tmp5); + exit(1); + } bytes[strlen(bytes)-1]='\0'; if(strcmp(oday,day) != 0) { diff --git a/html.c b/html.c index 678fb68..dcc432a 100644 --- a/html.c +++ b/html.c @@ -78,16 +78,22 @@ void htmlrel() while(fgets(buf,sizeof(buf),fp_in)!=NULL) { if(strstr(buf,"TOTAL") == 0) { - getword(wtemp,buf,' '); + if (getword(wtemp,sizeof(wtemp),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",arqper); + exit(1); + } ttnacc+=my_atoll(buf); - getword(wtemp,buf,' '); - getword(wtemp,buf,' '); + if (getword(wtemp,sizeof(wtemp),buf,' ')<0 || getword(wtemp,sizeof(wtemp),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",arqper); + exit(1); + } totbytes+=my_atoll(wtemp); - getword(wtemp,buf,' '); - getword(wtemp,buf,' '); - getword(wtemp,buf,' '); - getword(wtemp,buf,' '); - getword(wtemp,buf,' '); + if (getword(wtemp,sizeof(wtemp),buf,' ')<0 || getword(wtemp,sizeof(wtemp),buf,' ')<0 || + getword(wtemp,sizeof(wtemp),buf,' ')<0 || getword(wtemp,sizeof(wtemp),buf,' ')<0 || + getword(wtemp,sizeof(wtemp),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",arqper); + exit(1); + } totelap+=my_atoll(wtemp); } } @@ -104,7 +110,10 @@ void htmlrel() wusuario[0]='\0'; striptxt: - getword(warea,usuario,'.'); + if (getword(warea,sizeof(warea),usuario,'.')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s directory.\n",tmp); + exit(1); + } strcpy(denied_report,warea); strcat(wusuario,warea); @@ -147,17 +156,31 @@ void htmlrel() } while(fgets(buf,sizeof(buf),fp_in)!=NULL) { - getword(wtemp,buf,' '); + if (getword(wtemp,sizeof(wtemp),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",arqin); + exit(1); + } tnacc+=my_atoll(wtemp); - getword(wtemp,buf,' '); + if (getword(wtemp,sizeof(wtemp),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",arqin); + exit(1); + } tnbytes+=my_atoll(wtemp); - getword(wtemp,buf,' '); - getword(wtemp,buf,' '); - getword(wtemp,buf,' '); + if (getword(wtemp,sizeof(wtemp),buf,' ')<0 || getword(wtemp,sizeof(wtemp),buf,' ')<0 || + getword(wtemp,sizeof(wtemp),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",arqin); + exit(1); + } tnelap+=my_atoll(wtemp); - getword(wtemp,buf,' '); + if (getword(wtemp,sizeof(wtemp),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",arqin); + exit(1); + } tnincache+=my_atoll(wtemp); - getword(wtemp,buf,' '); + if (getword(wtemp,sizeof(wtemp),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",arqin); + exit(1); + } tnoucache+=my_atoll(wtemp); } @@ -337,13 +360,19 @@ void htmlrel() sprintf(wwork3,"%s",fixnum2(nnelap,1)); if(strcmp(LongUrl,"yes") != 0) { - getword(warea,url,'/'); + if (getword(warea,sizeof(warea),url,'/')<0) { + printf("SARG: Maybe you have a broken record or garbage in the url of the %s file.\n",arqin); + exit(1); + } sprintf(url,"%s",warea); strcpy(urly,url); } else { strcpy(urly,url); url_module(url, module); - getword(warea,url,'/'); + if (getword(warea,sizeof(warea),url,'/')<0) { + printf("SARG: Maybe you have a broken record or garbage in the url of the %s file.\n",arqin); + exit(1); + } sprintf(url,"%s...%s",warea,module); } diff --git a/include/conf.h b/include/conf.h index 4f8883f..2aaf653 100755 --- a/include/conf.h +++ b/include/conf.h @@ -347,3 +347,10 @@ DIR *dirp; struct dirent *direntp; int getnumlist( char *, numlist *, const int, const int ); +int getword(char *word, int limit, char *line, int stop); +int getword_multisep(char *word, int limit, char *line, int stop); +int getword3(char *word, int limit, char *line, int stop); +void name_month(char *month,int month_len); + + + \ No newline at end of file diff --git a/index.c b/index.c index ebeb239..725364f 100644 --- a/index.c +++ b/index.c @@ -122,7 +122,10 @@ void make_index() bzero(newname,512); strcpy(warea,direntp2->d_name); if(strstr(warea,"-") != 0) { - getword(m1,warea,'-'); + if (getword_multisep(m1,sizeof(m1),warea,'-')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s directory.\n",val2); + exit(1); + } strcpy(m2,warea); conv_month_name(m1); conv_month_name(m2); @@ -133,7 +136,10 @@ void make_index() } strcpy(warea,direntp3->d_name); if(strstr(warea,"-") != 0) { - getword(d1,warea,'-'); + if (getword_multisep(d1,sizeof(d1),warea,'-')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s directory.\n",val2); + exit(1); + } strcpy(d2,warea); } else { strcpy(d1,warea); @@ -167,6 +173,7 @@ void make_index() dirp = opendir(outdir); while ((direntp = readdir( dirp )) != NULL) { + char *p; if(strcmp(IndexTree,"date") == 0) { if(strlen(direntp->d_name) > 4 || !isdigit(direntp->d_name[0]) && !isdigit(direntp->d_name[1])) continue; fprintf(fp_tmp,"%s %s\n",direntp->d_name,get_size(outdir,direntp->d_name)); @@ -190,16 +197,41 @@ void make_index() obtuser(outdir,direntp->d_name,tuser); obttotal(outdir,direntp->d_name,tbytes,tuser,media); strcpy(html,data); - getword(mon,html,' '); - getword(mon,html,' '); - getword(day,html,' '); - getword(hour,html,' '); - getword(year,html,' '); - getword(year,html,' '); + if (getword_multisep(mon,sizeof(mon),html,' ')<0) { + printf("SARG: Maybe you have a broken week day in your %s%s/sarg-date file.\n",outdir,direntp->d_name); + exit(1); + } + if (getword_multisep(mon,sizeof(mon),html,' ')<0) { + printf("SARG: Maybe you have a broken month in your %s%s/sarg-date file.\n",outdir,direntp->d_name); + exit(1); + } + if (getword_multisep(day,sizeof(day),html,' ')<0) { + printf("SARG: Maybe you have a broken day in your %s%s/sarg-date file.\n",outdir,direntp->d_name); + exit(1); + } + if (getword_multisep(hour,sizeof(hour),html,' ')<0) { + printf("SARG: Maybe you have a broken time in your %s%s/sarg-date file.\n",outdir,direntp->d_name); + exit(1); + } + p = strchr(html, ' '); + if (!p) p = html; + if (getword_multisep(year,sizeof(year),html,' ')<0) { + printf("SARG: Maybe you have a broken year in your %s%s/sarg-date file.\n",outdir,direntp->d_name); + exit(1); + } strcpy(html,hour); - getword(h,html,':'); - getword(m,html,':'); - strcpy(s,html); + if (getword_multisep(h,sizeof(h),html,':')<0) { + printf("SARG: Maybe you have a broken hour in your %s%s/sarg-date file.\n",outdir,direntp->d_name); + exit(1); + } + if (getword_multisep(m,sizeof(m),html,':')<0) { + printf("SARG: Maybe you have a broken minute in your %s%s/sarg-date file.\n",outdir,direntp->d_name); + exit(1); + } + if (getword_multisep(s,sizeof(s),html,0)<0) { + printf("SARG: Maybe you have a broken second in your %s%s/sarg-date file.\n",outdir,direntp->d_name); + exit(1); + } buildymd(day,mon,year,ftime); fprintf(fp_tmp,"%s%s%s%s;%s;%s;%s;%s;%s;%s\n",ftime, h, m, s, direntp->d_name, data, tuser, tbytes, media,newname); continue; @@ -228,7 +260,10 @@ void make_index() write_html_header(fp_ou, "."); fprintf(fp_ou,"%s%s\n",hbc1,text[130],hbc1,text[132]); while(fgets(wwork1,MAXLEN,fp_tmp)!=NULL) { - getword(tmp4,wwork1,' '); + if (getword_multisep(tmp4,sizeof(tmp4),wwork1,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",wdir_tmp2); + exit(1); + } fprintf(fp_ou,"%s%s\n",tmp4,tmp4,wwork1); sprintf(tmp2,"%s%s",outdir,tmp4); sprintf(tmp3,"%s%s/index.unsort",outdir,tmp4); @@ -265,14 +300,17 @@ void make_index() wwork1[strlen(wwork1)-1]='\0'; strcpy(tmp5,wwork1); if(strstr(tmp5,"-") != 0) { - getword(warea,tmp5,'-'); - name_month(warea); + if (getword_multisep(warea,sizeof(warea),tmp5,'-')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",wdir_tmp3); + exit(1); + } + name_month(warea,sizeof(warea)); sprintf(tmp6,"%s-",warea); - name_month(tmp5); + name_month(tmp5,sizeof(tmp5)); sprintf(nmonth,"%s%s",tmp6,tmp5); } else { strcpy(nmonth,tmp5); - name_month(nmonth); + name_month(nmonth,sizeof(nmonth)); } fprintf(fp_ou2,"%s %s\n",wwork1,tmp4,nmonth); @@ -345,12 +383,30 @@ void make_index() exit(1); } while(fgets(buf,MAXLEN,fp_tmp2)!=NULL) { - getword(period,buf,';'); - getword(period,buf,';'); - getword(data,buf,';'); - getword(tuser,buf,';'); - getword(tbytes,buf,';'); - getword(media,buf,';'); + if (getword_multisep(period,sizeof(period),buf,';')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",wdir_tmp2); + exit(1); + } + if (getword_multisep(period,sizeof(period),buf,';')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",wdir_tmp2); + exit(1); + } + if (getword_multisep(data,sizeof(data),buf,';')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",wdir_tmp2); + exit(1); + } + if (getword_multisep(tuser,sizeof(tuser),buf,';')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",wdir_tmp2); + exit(1); + } + if (getword_multisep(tbytes,sizeof(tbytes),buf,';')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",wdir_tmp2); + exit(1); + } + if (getword_multisep(media,sizeof(media),buf,';')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",wdir_tmp2); + exit(1); + } fprintf(fp_ou,"%s%s%s%s%s\n",period,ReplaceIndex,period,data,tuser,tbytes,media); } if(fp_tmp2) fclose(fp_tmp2); diff --git a/ip2name.c b/ip2name.c index 8465861..3f7c409 100644 --- a/ip2name.c +++ b/ip2name.c @@ -59,7 +59,10 @@ void name2ip(char *name) char n4[4]; if(strstr(name,":") > 0) { - getword(work,name,':'); + if (getword(work,sizeof(work),name,':')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s name.\n",name); + exit(1); + } strcpy(name,work); } @@ -69,10 +72,11 @@ void name2ip(char *name) memcpy(&ia.s_addr,hp->h_addr_list[0],sizeof(ia.s_addr)); ia.s_addr=ntohl(ia.s_addr); sprintf(name,"%s",inet_ntoa(ia)); - getword(n4,name,'.'); - getword(n3,name,'.'); - getword(n2,name,'.'); - strcpy(n1,name); + if (getword(n4,sizeof(n4),name,'.')<0 || getword(n3,sizeof(n3),name,'.')<0 || + getword(n2,sizeof(n2),name,'.')<0 || getword(n1,sizeof(n1),name,0)<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s ip address.\n",name); + exit(1); + } sprintf(name,"%s.%s.%s.%s",n1,n2,n3,n4); } diff --git a/language.c b/language.c index 9604af4..fbae8cc 100644 --- a/language.c +++ b/language.c @@ -27,20 +27,22 @@ void language_load(char *language) { - + char lfile[FILENAME_MAX]; FILE *fp_text; int record=0; - sprintf(warea,"%s/languages/%s",SYSCONFDIR,language); + sprintf(lfile,"%s/languages/%s",SYSCONFDIR,language); - if((fp_text=fopen(warea,"r"))==NULL) { - fprintf(stderr, "SARG: (language) Cannot open language file: %s\n",warea); + if((fp_text=fopen(lfile,"r"))==NULL) { + fprintf(stderr, "SARG: (language) Cannot open language file: %s\n",lfile); exit(1); } while(fgets(buf,MAXLEN,fp_text)!=NULL) { - getword(warea,buf,'"'); - getword(warea,buf,'"'); + if (getword(warea,sizeof(warea),buf,'"')<0 || getword(warea,sizeof(warea),buf,'"')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",lfile); + exit(1); + } strcpy(text[record],warea); if(langcode) diff --git a/lastlog.c b/lastlog.c index e2ec99c..f1f6bff 100644 --- a/lastlog.c +++ b/lastlog.c @@ -88,7 +88,10 @@ void mklastlog() } while(fgets(buf,sizeof(buf),fp_in)!=NULL) { - getword(warea,buf,' '); + if (getword(warea,sizeof(warea),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",temp); + exit(1); + } buf[strlen(buf)-1]='\0'; if(ftot) { diff --git a/log.c b/log.c index 335b102..f8edecd 100644 --- a/log.c +++ b/log.c @@ -300,7 +300,10 @@ int main(argc,argv) case 'd': strcpy(date,optarg); strcpy(cduntil,optarg); - getword(cdfrom,cduntil,'-'); + if (getword(cdfrom,sizeof(cdfrom),cduntil,'-')<0) { + printf("SARG: Maybe you have a broken record or garbage in your date range.\n"); + exit(1); + } date_from(date, cdfrom, cduntil); dfrom=atoi(cdfrom); duntil=atoi(cduntil); @@ -351,7 +354,10 @@ int main(argc,argv) strcpy(hm,optarg); strcpy(hmf,optarg); } else { - getword(hm,optarg,'-'); + if (getword(hm,sizeof(hm),optarg,'-')<0) { + printf("SARG: Maybe you have a broken record or garbage in your time range.\n"); + exit(1); + } strcpy(hmf,optarg); } if(strlen(hm) > 5) { @@ -360,13 +366,19 @@ int main(argc,argv) } bzero(whm,15); if(strstr(hm,":") != 0) { - getword(warea,hm,':'); + if (getword(warea,sizeof(warea),hm,':')<0) { + printf("SARG: Maybe you have a broken record or garbage in your time range.\n"); + exit(1); + } sprintf(whm,"%s%s",warea,hm); strcpy(hm,whm); } bzero(whm,15); if(strstr(hmf,":") != 0) { - getword(warea,hmf,':'); + if (getword(warea,sizeof(warea),hmf,':')<0) { + printf("SARG: Maybe you have a broken record or garbage in your time range.\n"); + exit(1); + } sprintf(whm,"%s%s",warea,hmf); strcpy(hmf,whm); } @@ -692,7 +704,10 @@ int main(argc,argv) while(fgets(buf,MAXLEN,fp_usr)!=NULL) { buf[strlen(buf)-1]='\0'; if(strstr(buf,"\r") != 0) buf[strlen(buf)-1]='\0'; - getword(bufy,buf,' '); + if (getword_multisep(bufy,sizeof(bufy),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",UserTabFile); + exit(1); + } for(z1=0; z1<=strlen(bufy); z1++) { userfile[z2]=bufy[z1]; z2++; @@ -733,10 +748,11 @@ int main(argc,argv) if(!isalog && strncmp(bufz,"#Software: Mic",14) == 0) isalog++; if(strncmp(bufz,"*** SARG Log ***",16) == 0) { - getword(val2,arqtt,'-'); - getword(val2,arqtt,'_'); - getword(val3,arqtt,'-'); - getword(val3,arqtt,'_'); + if (getword(val2,sizeof(val2),arqtt,'-')<0 || getword(val2,sizeof(val2),arqtt,'_')<0 || + getword(val3,sizeof(val3),arqtt,'-')<0 || getword(val3,sizeof(val3),arqtt,'_')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",arq); + exit(1); + } sprintf(period,"%s-%s",val2,val3); sarglog=1; } else lseek(fileno(fp_in), 0, 0); @@ -816,7 +832,10 @@ int main(argc,argv) strcpy(warea,bufz); strcpy(html,ExcludeString); while(strstr(html,":") != 0) { - getword(val1,html,':'); + if (getword_multisep(val1,sizeof(val1),html,':')<0) { + printf("SARG: Maybe you have a broken record or garbage in your exclusion string.\n"); + exit(1); + } if((str=(char *) strstr(warea,val1)) != (char *) NULL ) exstring++; } @@ -835,29 +854,38 @@ int main(argc,argv) printf("BUF=%s\n",bufz); if(!sarglog && !isalog) { - getword(data,bufz,' '); + if (getword(data,sizeof(data),bufz,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your access.log file.\n"); + exit(1); + } if((str=(char *) strstr(data, ".")) != (char *) NULL ) { if((str=(char *) strstr(str+1, ".")) != (char *) NULL ) { strcpy(ip,data); strcpy(elap,"0"); - if(squid24) { - getword(user,bufz,' '); - getword(none,bufz,' '); - } else { - getword(none,bufz,' '); - getword(user,bufz,' '); - } - getword(data,bufz,']'); - getword(fun,bufz,'"'); - getword(fun,bufz,' '); - getword(url,bufz,' '); - getword(code2,bufz,' '); - getword(code2,bufz,' '); - getword(tam,bufz,' '); - - - if((str=(char *) strstr(bufz, " ")) != (char *) NULL ) - getword(code,bufz,' '); + if(squid24) { + if (getword(user,sizeof(user),bufz,' ')<0 || getword(none,sizeof(none),bufz,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",arq); + exit(1); + } + } else { + if (getword(none,sizeof(none),bufz,' ')<0 || getword(user,sizeof(user),bufz,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",arq); + exit(1); + } + } + if (getword(data,sizeof(data),bufz,']')<0 || getword(fun,sizeof(fun),bufz,'"')<0 || + getword(fun,sizeof(fun),bufz,' ')<0 || getword(url,sizeof(url),bufz,' ')<0 || + getword(code2,sizeof(code2),bufz,' ')<0 || getword(code2,sizeof(code2),bufz,' ')<0 || + getword(tam,sizeof(tam),bufz,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",arq); + exit(1); + } + if((str=(char *) strstr(bufz, " ")) != (char *) NULL ) { + if (getword(code,sizeof(code),bufz,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",arq); + exit(1); + } + } else strcpy(code,bufz); if ((str = strchr(code, ':')) != NULL) @@ -872,37 +900,94 @@ int main(argc,argv) } if(!common) { - getword(elap,bufz,' '); + if (getword(elap,sizeof(elap),bufz,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",arq); + exit(1); + } while(strcmp(elap,"") == 0 && strlen(bufz) > 0) - getword(elap,bufz,' '); + if (getword(elap,sizeof(elap),bufz,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",arq); + exit(1); + } if(strlen(elap) < 1) continue; - getword(ip,bufz,' '); - getword(code,bufz,' '); - getword(tam,bufz,' '); - getword(fun,bufz,' '); - getword(url,bufz,' '); + if (getword(ip,sizeof(ip),bufz,' ')<0){ + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",arq); + exit(1); + } + if (getword(code,sizeof(code),bufz,' ')<0){ + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",arq); + exit(1); + } + if (getword(tam,sizeof(tam),bufz,' ')<0){ + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",arq); + exit(1); + } + if (getword(fun,sizeof(fun),bufz,' ')<0){ + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",arq); + exit(1); + } + if (getword(url,sizeof(url),bufz,' ')<0){ + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",arq); + exit(1); + } // while (strstr(bufz,"%20") != 0) { // getword(warea,bufz,' '); // strcat(url,warea); // } - getword(user,bufz,' '); - squid_log=1; - } + if (getword(user,sizeof(user),bufz,' ')<0){ + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",arq); + exit(1); + } + squid_log=1; + } } else if(!isalog) { - getword(data,bufz,' '); - getword(hora,bufz,' '); - getword(user,bufz,' '); - getword(ip,bufz,' '); - getword(url,bufz,' '); - getword(tam,bufz,' '); - getword(code,bufz,' '); - getword(elap,bufz,' '); - getword(smartfilter,bufz,' '); + if (getword(data,sizeof(data),bufz,' ')<0){ + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",arq); + exit(1); + } + if (getword(hora,sizeof(hora),bufz,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",arq); + exit(1); + } + if (getword(user,sizeof(user),bufz,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",arq); + exit(1); + } + if (getword(ip,sizeof(ip),bufz,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",arq); + exit(1); + } + if (getword(url,sizeof(url),bufz,' ')<0){ + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",arq); + exit(1); + } + if (getword(tam,sizeof(tam),bufz,' ')<0){ + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",arq); + exit(1); + } + if (getword(code,sizeof(code),bufz,' ')<0){ + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",arq); + exit(1); + } + if (getword(elap,sizeof(elap),bufz,' ')<0){ + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",arq); + exit(1); + } + if (getword(smartfilter,sizeof(smartfilter),bufz,' ')<0){ + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",arq); + exit(1); + } } else if(isalog) { if(!i0) { - getword(val1,bufz,' '); + if (getword(val1,sizeof(val1),bufz,' ')<0){ + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",arq); + exit(1); + } while(strstr(bufz,"\t") != 0) { - getword(val1,bufz,'\t'); + if (getword(val1,sizeof(val1),bufz,'\t')<0){ + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",arq); + exit(1); + } i0++; if(strcmp(val1,"c-ip") == 0) i1=i0; if(strcmp(val1,"cs-username") == 0) i2=i0; @@ -916,28 +1001,74 @@ int main(argc,argv) } fgets(bufz,sizeof(bufz),fp_in); strcpy(val1,bufz); - for(x=0; x<=i1-1; x++) getword3(ip,val1,'\t'); + for(x=0; x<=i1-1; x++) { + if (getword3(ip,sizeof(ip),val1,'\t')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",arq); + exit(1); + } + } strcpy(val1,bufz); - for(x=0; x<=i2-1; x++) getword3(user,val1,'\t'); + for(x=0; x<=i2-1; x++) { + if (getword3(user,sizeof(user),val1,'\t')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",arq); + exit(1); + } + } strcpy(val1,bufz); - for(x=0; x<=i3-1; x++) getword3(data,val1,'\t'); + for(x=0; x<=i3-1; x++) { + if (getword3(data,sizeof(data),val1,'\t')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",arq); + exit(1); + } + } strcpy(val1,bufz); - for(x=0; x<=i4-1; x++) getword3(hora,val1,'\t'); + for(x=0; x<=i4-1; x++) { + if (getword3(hora,sizeof(hora),val1,'\t')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",arq); + exit(1); + } + } strcpy(val1,bufz); - for(x=0; x<=i5-1; x++) getword3(elap,val1,'\t'); + for(x=0; x<=i5-1; x++) { + if (getword3(elap,sizeof(elap),val1,'\t')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",arq); + exit(1); + } + } strcpy(val1,bufz); - for(x=0; x<=i6-1; x++) getword3(tam,val1,'\t'); + for(x=0; x<=i6-1; x++) { + if (getword3(tam,sizeof(tam),val1,'\t')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",arq); + exit(1); + } + } strcpy(val1,bufz); - for(x=0; x<=i7-1; x++) getword3(url,val1,'\t'); + for(x=0; x<=i7-1; x++) { + if (getword3(url,sizeof(url),val1,'\t')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",arq); + exit(1); + } + } strcpy(val1,bufz); - for(x=0; x<=i8-1; x++) getword3(code,val1,'\t'); + for(x=0; x<=i8-1; x++) { + if (getword3(code,sizeof(code),val1,'\t')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",arq); + exit(1); + } + } if(strcmp(code,"401") == 0 || strcmp(code,"403") == 0 || strcmp(code,"407") == 0) { sprintf(val1,"DENIED/%s",code); strcpy(code,val1); } - getword(ano,data,'-'); - getword(mes,data,'-'); + if (getword(ano,sizeof(ano),data,'-')<0){ + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",arq); + exit(1); + } + if (getword(mes,sizeof(mes),data,'-')<0){ + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",arq); + exit(1); + } strcpy(dia,data); conv_month_name(mes); sprintf(data," %s/%s/%s:%s",dia,mes,ano,hora); @@ -966,12 +1097,18 @@ int main(argc,argv) continue; if(strstr(user,"%20") != 0) { - getword(w,user,'%'); + if (getword(w,sizeof(w),user,'%')<0) { + printf("SARG: Maybe you have a broken user in your %s file.\n",arq); + exit(1); + } strcpy(user,w); } while(strstr(user,"%5c") != 0) { - getword(w,user,'%'); + if (getword_multisep(w,sizeof(w),user,'%')<0){ + printf("SARG: Maybe you have a broken user in your %s file.\n",arq); + exit(1); + } strcpy(wuser,user+2); sprintf(user,"%s.%s",w,wuser); } @@ -988,9 +1125,15 @@ int main(argc,argv) strlow(user); if(strncmp(NtlmUserFormat,"user",4) == 0) { if(strstr(user,"_") != 0) - getword(warea,user,'_'); + if (getword_multisep(warea,sizeof(warea),user,'_')<0){ + printf("SARG: Maybe you have a broken user in your %s file.\n",arq); + exit(1); + } if(strstr(user,"+") != 0) - getword(warea,user,'+'); + if (getword_multisep(warea,sizeof(warea),user,'+')<0){ + printf("SARG: Maybe you have a broken user in your %s file.\n",arq); + exit(1); + } } if(strstr(ReportType,"denied") != 0) @@ -1010,19 +1153,31 @@ int main(argc,argv) } if (strchr(url,'/')) { - getword(w,url,'/'); - getword(w,url,'/'); - if (!strchr(url,'/')) { + if (getword(w,sizeof(w),url,'/')<0){ + printf("SARG: Maybe you have a broken url in your %s file.\n",arq); + exit(1); + } + if (getword(w,sizeof(w),url,'/')<0){ + printf("SARG: Maybe you have a broken url in your %s file.\n",arq); + exit(1); + } + if (!strchr(url,'/')) { totregsx++; continue; } } if(strcmp(LongUrl,"no") == 0) { - getword(w,url,'/'); + if (getword_multisep(w,sizeof(w),url,'/')<0){ + printf("SARG: Maybe you have a broken url in your %s file.\n",arq); + exit(1); + } strcpy(url,w); if(strlen(url) > 512 && strstr(url,"%") != 0) { - getword(w,url,'%'); + if (getword_multisep(w,sizeof(w),url,'%')<0){ + printf("SARG: Maybe you have a broken url in your %s file.\n",arq); + exit(1); + } strcpy(url,w); } } @@ -1050,13 +1205,28 @@ int main(argc,argv) if(strncmp(df,"u",1)==0) strftime(dia, 127, "%m/%d/%Y", t); sprintf(hora,"%02d:%02d:%02d",t->tm_hour,t->tm_min,t->tm_sec); - } else { - strcpy(wtemp,data+1); - getword(data,wtemp,':'); - getword(hora,wtemp,' '); - getword(dia,data,'/'); - getword(mes,data,'/'); - getword(ano,data,'/'); + } else { + strcpy(wtemp,data+1); + if (getword_multisep(data,sizeof(data),wtemp,':')<0){ + printf("SARG: Maybe you have a broken date in your %s file.\n",arq); + exit(1); + } + if (getword_multisep(hora,sizeof(hora),wtemp,' ')<0){ + printf("SARG: Maybe you have a broken date in your %s file.\n",arq); + exit(1); + } + if (getword_multisep(dia,sizeof(dia),data,'/')<0){ + printf("SARG: Maybe you have a broken date in your %s file.\n",arq); + exit(1); + } + if (getword_multisep(mes,sizeof(mes),data,'/')<0){ + printf("SARG: Maybe you have a broken date in your %s file.\n",arq); + exit(1); + } + if (getword_multisep(ano,sizeof(ano),data,'/')<0){ + printf("SARG: Maybe you have a broken date in your %s file.\n",arq); + exit(1); + } if(strcmp(df,"u") == 0) sprintf(tbuf,"%s%s%s",ano,mes,dia); @@ -1066,9 +1236,18 @@ int main(argc,argv) idata=atoi(wdata); } } else { - getword(mes,data,'/'); - getword(dia,data,'/'); - strcpy(ano,data); + if (getword_multisep(mes,sizeof(mes),data,'/')<0){ + printf("SARG: Maybe you have a broken date in your %s file.\n",arq); + exit(1); + } + if (getword_multisep(dia,sizeof(dia),data,'/')<0){ + printf("SARG: Maybe you have a broken date in your %s file.\n",arq); + exit(1); + } + if (getword_multisep(ano,sizeof(ano),data,0)<0){ + printf("SARG: Maybe you have a broken date in your %s file.\n",arq); + exit(1); + } } if(debugm) @@ -1105,7 +1284,10 @@ int main(argc,argv) bzero(hmr,15); chm++; while(chm) { - getword(warea,whm,':'); + if (getword_multisep(warea,sizeof(warea),whm,':')<0){ + printf("SARG: Maybe you have a broken time in your %s file.\n",arq); + exit(1); + } strncat(hmr,warea,2); chm--; } @@ -1370,8 +1552,14 @@ int main(argc,argv) if(strcmp(ParsedOutputLog, "no") != 0 && !sarglog) { fclose(fp_log); strcpy(val1,period); - getword(val2,val1,'-'); - getword(val3,per_hour,'-'); + if (getword_multisep(val2,sizeof(val2),val1,'-')<0){ + printf("SARG: Maybe you have a broken date range definition.\n"); + exit(1); + } + if (getword_multisep(val3,sizeof(val3),per_hour,'-')<0){ + printf("SARG: Maybe you have a broken date range definition.\n"); + exit(1); + } sprintf(val4,"%s/sarg-%s_%s-%s_%s.log",ParsedOutputLog,val2,val3,val1,per_hour); rename(arq_log,val4); strcpy(arq_log,val4); @@ -1463,7 +1651,10 @@ void getusers(char *pwdfile, int debug) sprintf(userfile,":"); while(fgets(buf,255,fp_usr)!=NULL) { - getword(user,buf,':'); + if (getword_multisep(user,sizeof(user),buf,':')<0){ + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",pwdfile); + exit(1); + } strncat(userfile,user,strlen(user)); strncat(userfile,":",1); } diff --git a/realtime.c b/realtime.c index db4e86d..233fca5 100755 --- a/realtime.c +++ b/realtime.c @@ -25,7 +25,7 @@ #include "include/conf.h" -void getdata(char *, FILE *); +int getdata(char *, FILE *); void datashow(char *); void getlog(); void header(); @@ -75,7 +75,10 @@ void getlog() while(fgets(buf,MAXLEN,fp_usr)!=NULL){ buf[strlen(buf)-1]='\0'; if(strstr(buf,"\r") != 0) buf[strlen(buf)-1]='\0'; - getword(bufy,buf,' '); + if (getword(bufy,sizeof(bufy),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",UserTabFile); + exit(1); + } for(z1=0; z1<=strlen(bufy); z1++) { userfile[z2]=bufy[z1]; z2++; @@ -101,7 +104,10 @@ void getlog() sprintf(cmd,"tail -%d %s",realtime_access_log_lines,AccessLog); fp = popen(cmd, "r"); while(fgets(buf,sizeof(buf),fp) != NULL ) - getdata(buf,tmp); + if (getdata(buf,tmp)<0) { + printf("SARG: Maybe a broken record or garbage was returned by %s.\n",cmd); + exit(1); + } pclose(fp); fclose(tmp); @@ -111,32 +117,60 @@ void getlog() datashow(template2); } -void getdata(char *rec, FILE *ftmp) +int getdata(char *rec, FILE *ftmp) { time_t tt; struct tm *t; - getword3(dat,rec,' '); - getword3(warea,rec,' '); + if (getword3(dat,sizeof(dat),rec,' ')<0) { + return(-1); + } + if (getword3(warea,sizeof(warea),rec,' ')<0) { + return(-1); + } while(strcmp(warea,"") == 0 && strlen(rec) > 0) - getword3(warea,rec,' '); - getword3(ip,rec,' '); - getword3(warea,rec,' '); - getword3(warea,rec,' '); - getword3(typ,rec,' '); + if (getword3(warea,sizeof(warea),rec,' ')<0) { + return(-1); + } + if (getword3(ip,sizeof(ip),rec,' ')<0) { + return(-1); + } + if (getword3(warea,sizeof(warea),rec,' ')<0) { + return(-1); + } + if (getword3(warea,sizeof(warea),rec,' ')<0) { + return(-1); + } + if (getword3(typ,sizeof(typ),rec,' ')<0) { + return(-1); + } if(strncmp(typ,"CONNECT",7) == 0) { - getword3(url,rec,' '); - getword3(user,rec,' '); + if (getword3(url,sizeof(url),rec,' ')<0) { + return(-1); + } + if (getword3(user,sizeof(user),rec,' ')<0) { + return(-1); + } }else { - getword3(url,rec,'/'); - getword3(url,rec,'/'); - getword3(url,rec,'/'); - getword3(user,rec,' '); - getword3(user,rec,' '); + if (getword3(url,sizeof(url),rec,'/')<0) { + return(-1); + } + if (getword3(url,sizeof(url),rec,'/')<0) { + return(-1); + } + if (getword3(url,sizeof(url),rec,'/')<0) { + return(-1); + } + if (getword3(user,sizeof(user),rec,' ')<0) { + return(-1); + } + if (getword3(user,sizeof(user),rec,' ')<0) { + return(-1); + } } if(strncmp(user,"-",1) == 0 && strcmp(RealtimeUnauthRec,"ignore") == 0) - return; + return(0); tt=atoi(dat); t=localtime(&tt); @@ -147,6 +181,7 @@ void getdata(char *rec, FILE *ftmp) sprintf(warea,"%s %s %s %s %s\n",tbuf,ip,user,url,typ); fputs(warea,ftmp); + return(0); } void datashow(char *tmp) @@ -163,13 +198,31 @@ void datashow(char *tmp) while(fgets(buf, MAXLEN, fin)) { buf[strlen(buf)-1]='\0'; - getword3(dat,buf,' '); - getword3(tim,buf,' '); - getword3(ip,buf,' '); - getword3(user,buf,' '); + if (getword3(dat,sizeof(dat),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",tmp); + exit(1); + } + if (getword3(tim,sizeof(tim),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",tmp); + exit(1); + } + if (getword3(ip,sizeof(ip),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",tmp); + exit(1); + } + if (getword3(user,sizeof(user),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",tmp); + exit(1); + } if(strlen(dat) < 3 || strlen(user) < 1) continue; - getword3(url,buf,' '); - getword3(typ,buf,' '); + if (getword3(url,sizeof(url),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",tmp); + exit(1); + } + if (getword3(typ,sizeof(typ),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",tmp); + exit(1); + } if(strstr(RealtimeTypes,typ) == 0) continue; diff --git a/repday.c b/repday.c index 9195780..9c13b81 100644 --- a/repday.c +++ b/repday.c @@ -140,14 +140,19 @@ void report_day(char *user, int *iprel, int *ipuser) "%s
%s\n", text[107], html ); while(fgets(buf,sizeof(buf),fp_in)!=NULL) { - getword(data,buf,' '); + if (getword(data,sizeof(data),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",wdirname); + exit(1); + } if(!count) { strcpy(odata,data); count++; } - getword(hour,buf,' '); - getword(elap,buf,' '); + if (getword(hour,sizeof(hour),buf,' ')<0 || getword(elap,sizeof(elap),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",wdirname); + exit(1); + } elap[strlen(elap)-1]='\0'; if(strcmp(data,odata) != 0) { diff --git a/report.c b/report.c index bf04bd4..d069032 100644 --- a/report.c +++ b/report.c @@ -86,7 +86,10 @@ void gerarel() strcpy(wdname,direntp->d_name); strip_prefix: - getword(wname2,wdname,'.'); + if (getword(wname2,sizeof(wname2),wdname,'.')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s directory.\n",tmp); + exit(1); + } strcat(user,wname2); if(strcmp(wdname,"log") !=0) { @@ -102,17 +105,19 @@ void gerarel() bzero(html_old, MAXLEN); while(fgets(buf,sizeof(buf),fp_in)!=NULL) { - getword(accdia,buf,' '); - getword(acchora,buf,' '); - getword(accuser,buf,' '); - getword(accip,buf,' '); - getword(accurl,buf,' '); - getword(accbytes,buf,' '); - getword(acccode,buf,' '); + if (getword(accdia,sizeof(accdia),buf,' ')<0 || getword(acchora,sizeof(acchora),buf,' ')<0 || + getword(accuser,sizeof(accuser),buf,' ')<0 || getword(accip,sizeof(accip),buf,' ')<0 || + getword(accurl,sizeof(accurl),buf,' ')<0 || getword(accbytes,sizeof(accbytes),buf,' ')<0 || + getword(acccode,sizeof(acccode),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",tmp3); + exit(1); + } if(strncmp(acccode,"TCP_DENIED/407",14) == 0) continue; - getword(accelap,buf,' '); - getword(accsmart,buf,' '); - getword(accsmart,buf,'"'); + if (getword(accelap,sizeof(accelap),buf,' ')<0 || getword(accsmart,sizeof(accsmart),buf,' ')<0 || + getword(accsmart,sizeof(accsmart),buf,'"')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",tmp3); + exit(1); + } if(strlen(accsmart) > 0) { smartfilter++; @@ -276,7 +281,10 @@ void gerarel() } else bzero(ltext110, 50); strcpy(wcrc,acccode); - getword(crc2,wcrc,'/'); + if (getword(crc2,sizeof(crc2),wcrc,'/')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",tmp3); + exit(1); + } if(strstr(crc2,"MISS") != 0) oucache+=my_atoll(accbytes); diff --git a/siteuser.c b/siteuser.c index f656395..9de2955 100644 --- a/siteuser.c +++ b/siteuser.c @@ -121,7 +121,10 @@ void siteuser() strcat(users," "); while(fgets(buf,sizeof(buf),fp_in)!=NULL) { - getword(user,buf,' '); + if (getword(user,sizeof(user),buf,' ')<0) { + printf("SARG: Maybe you have an invalid user in the %s file of the siteuser.\n",general2); + exit(1); + } if(strcmp(user,"TOTAL") == 0) continue; if(userip) @@ -152,10 +155,19 @@ void siteuser() if(strcmp(Ip2Name,"yes") == 0) ip2name(user); - getword(nacc,buf,' '); + if (getword(nacc,sizeof(nacc),buf,' ')<0){ + printf("SARG: Maybe you have an invalid number of access in your %s file of the siteuser.\n",general2); + exit(1); + } if (atoi(nacc) > 0) nsitesusers = 1; - getword(nbytes,buf,' '); - getword(url,buf,' '); + if (getword(nbytes,sizeof(nbytes),buf,' ')<0){ + printf("SARG: Maybe you have an invalid number of bytes in your %s file of the siteuser.\n",general2); + exit(1); + } + if (getword(url,sizeof(url),buf,' ')<0) { + printf("SARG: Maybe you have an invalid url in your %s file of the siteuser.\n",general2); + exit(1); + } if(!regs) { strcpy(ourl,url); diff --git a/smartfilter.c b/smartfilter.c index 50f9e46..3ac38d4 100644 --- a/smartfilter.c +++ b/smartfilter.c @@ -104,12 +104,12 @@ void smartfilter_report() fprintf(fp_ou,"%s%s%s%s%s\n",HeaderBgColor,FontSize,text[98],HeaderBgColor,FontSize,text[111],HeaderBgColor,FontSize,text[110],HeaderBgColor,FontSize,text[91],HeaderBgColor,FontSize,smartheader); while(fgets(buf,sizeof(buf),fp_in)!=NULL) { - getword(user,buf,' '); - getword(data,buf,' '); - getword(hora,buf,' '); - getword(ip,buf,' '); - getword(url,buf,' '); - getword(smartcat,buf,'\n'); + if (getword(user,sizeof(user),buf,' ')<0 || getword(data,sizeof(data),buf,' ')<0 || + getword(hora,sizeof(hora),buf,' ')<0 || getword(ip,sizeof(ip),buf,' ')<0 || + getword(url,sizeof(url),buf,' ')<0 || getword(smartcat,sizeof(smartcat),buf,'\n')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",smart_ou); + exit(1); + } if((str=(char *) strstr(user, "_")) != (char *) NULL ) { if((str=(char *) strstr(str+1, "_")) != (char *) NULL ) diff --git a/sort.c b/sort.c index 4813a66..7cde7d7 100644 --- a/sort.c +++ b/sort.c @@ -53,7 +53,10 @@ void tmpsort() wnome[0]='\0'; striptmp: - getword(wnome2,wentp,'.'); + if (getword(wnome2,sizeof(wnome2),wentp,'.')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s directory.\n",tmp); + exit(1); + } strcat(wnome,wnome2); if(strcmp(wentp,"utmp") !=0) { @@ -136,7 +139,10 @@ void sort_users_log(char *tmp, int debug) bzero(user, MAXLEN); strip_unsort: - getword(wname2,wdname,'.'); + if (getword(wname2,sizeof(wname2),wdname,'.')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s directory.\n",wtmp); + exit(1); + } strcat(user,wname2); if(strcmp(wdname,"unsort") !=0) { diff --git a/splitlog.c b/splitlog.c index 6dbb5e3..42a676f 100644 --- a/splitlog.c +++ b/splitlog.c @@ -47,7 +47,10 @@ void splitlog(char *arq, char *df, int dfrom, int duntil, char *convert) } while(fgets(buf,sizeof(buf),fp_in)!=NULL) { - getword(data,buf,' '); + if (getword(data,sizeof(data),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",arq); + exit(1); + } tt=atoi(data); t=localtime(&tt); diff --git a/squidguard_log.c b/squidguard_log.c index 59e378c..a43d158 100644 --- a/squidguard_log.c +++ b/squidguard_log.c @@ -42,8 +42,10 @@ void read_log(char *wentp, FILE *fp_ou) if(debug) { strcpy(buf,text[7]); - getword(urly,buf,' '); - getword(href,buf,' '); + if (getword(urly,sizeof(urly),buf,' ')<0 || getword(href,sizeof(href),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s string.\n",text[7]); + exit(1); + } sprintf(msg,"%s squidGuard %s: %s",urly,buf,wentp); debuga(msg); } @@ -95,12 +97,20 @@ void read_log(char *wentp, FILE *fp_ou) if(strlen(SquidGuardLogFormat) > 0) { strcpy(bufbsf,SquidGuardLogFormat); leks[0]='\0'; - getword(leks,bufbsf,'#'); + if (getword(leks,sizeof(leks),bufbsf,'#')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",wentp); + exit(1); + } while(strcmp(leks,"end") != 0) { - getword(leks,bufbsf,'#'); - getword(sep,bufbsf,'#'); + if (getword(leks,sizeof(leks),bufbsf,'#')<0 || getword(sep,sizeof(sep),bufbsf,'#')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",wentp); + exit(1); + } if(strcmp(leks,"end") != 0) { - getword(res,buf,sep[0]); + if (getword(res,sizeof(res),buf,sep[0])<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",wentp); + exit(1); + } if(strcmp(leks,"year") == 0) strcpy(year,res); else if(strcmp(leks,"year") == 0) @@ -122,19 +132,16 @@ void read_log(char *wentp, FILE *fp_ou) } } } else { - getword(year,buf,'-'); - getword(mon,buf,'-'); - getword(day,buf,' '); - getword(hour,buf,' '); - getword(list,buf,'/'); - getword(list,buf,'/'); - getword(tmp5,buf,'/'); - getword(tmp5,buf,'/'); - getword(url,buf,'/'); - getword(ip,buf,' '); - getword(ip,buf,'/'); - getword(user,buf,' '); - getword(user,buf,' '); + if (getword(year,sizeof(year),buf,'-')<0 || getword(mon,sizeof(mon),buf,'-')<0 || + getword(day,sizeof(day),buf,' ')<0 || getword(hour,sizeof(hour),buf,' ')<0 || + getword(list,sizeof(list),buf,'/')<0 || getword(list,sizeof(list),buf,'/')<0 || + getword(tmp5,sizeof(tmp5),buf,'/')<0 || getword(tmp5,sizeof(tmp5),buf,'/')<0 || + getword(url,sizeof(url),buf,'/')<0 || getword(tmp5,sizeof(tmp5),buf,' ')<0 || + getword(ip,sizeof(ip),buf,'/')<0 || getword(user,sizeof(user),buf,' ')<0 || + getword(user,sizeof(user),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",wentp); + exit(1); + } } sprintf(warea,"%s%s%s",year,mon,day); @@ -236,8 +243,10 @@ int squidguard_log() if(strstr(buf,"\n") != 0) buf[strlen(buf)-1]='\0'; if(strstr(buf,"logdir ") != 0) { - getword(logdir,buf,' '); - getword(logdir,buf,' '); + if (getword(logdir,sizeof(logdir),buf,' ')<0 || getword(logdir,sizeof(logdir),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",SquidGuardConf); + exit(1); + } } if((str=(char *) strstr(buf, "log")) != (char *) NULL ) { str=str+3; @@ -255,11 +264,17 @@ int squidguard_log() } } if(strchr(str2,' ') != 0) { - getword(warea,str2,' '); + if (getword(warea,sizeof(warea),str2,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",SquidGuardConf); + exit(1); + } strcpy(str2,warea); } if(strchr(str2,'#') != 0) { - getword(warea,str2,'#'); + if (getword(warea,sizeof(warea),str2,'#')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",SquidGuardConf); + exit(1); + } strcpy(str2,warea); } sprintf(wentp,"%s/%s",logdir,str2); diff --git a/squidguard_report.c b/squidguard_report.c index 41eb468..8b0cb5e 100644 --- a/squidguard_report.c +++ b/squidguard_report.c @@ -107,12 +107,12 @@ void squidguard_report() fputs(url,fp_ou); while(fgets(buf,sizeof(buf),fp_in)!=NULL) { - getword(user,buf,' '); - getword(data2,buf,' '); - getword(hora,buf,' '); - getword(ip,buf,' '); - getword(url,buf,' '); - getword(rule,buf,'\n'); + if (getword(user,sizeof(user),buf,' ')<0 || getword(data2,sizeof(data2),buf,' ')<0 || + getword(hora,sizeof(hora),buf,' ')<0 || getword(ip,sizeof(ip),buf,' ')<0 || + getword(url,sizeof(url),buf,' ')<0 || getword(rule,sizeof(rule),buf,'\n')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",squidguard_in); + exit(1); + } if(strcmp(UserIp,"yes") == 0) strcpy(user,ip); diff --git a/topsites.c b/topsites.c index 3f2eed0..c0077e6 100644 --- a/topsites.c +++ b/topsites.c @@ -35,7 +35,7 @@ void topsites() char nacc[20]; char nbytes[20]; char ntime[20]; - char ntemp[20]; + char ntemp[40]; char ttnacc[20]; char ttnbytes[20]; char ttntime[20]; @@ -91,20 +91,53 @@ void topsites() } while(fgets(buf,sizeof(buf),fp_in)!=NULL) { - getword(url,buf,' '); + if (getword(url,sizeof(url),buf,' ')<0) { + printf("SARG: Maybe you have an invalid user in your %s file of the topsites.\n",general2); + exit(1); + } if(strcmp(url,"TOTAL") == 0) { - getword(ttnacc,buf,' '); - getword(ttnbytes,buf,' '); - getword(ttntime,buf,' '); + if (getword(ttnacc,sizeof(ttnacc),buf,' ')<0) { + printf("SARG: Maybe you have an invalid total number of access in your %s file of the topsites.\n",general2); + exit(1); + } + if (getword(ttnbytes,sizeof(ttnbytes),buf,' ')<0) { + printf("SARG: Maybe you have an invalid total number of bytes in your %s file of the topsites.\n",general2); + exit(1); + } + if (getword(ttntime,sizeof(ttntime),buf,' ')<0) { + printf("SARG: Maybe you have an invalid total time in your %s file of the topsites.\n",general2); + exit(1); + } continue; } - getword(nacc,buf,' '); - getword(nbytes,buf,' '); - getword(url,buf,' '); - getword(ntemp,buf,' '); - getword(ntemp,buf,' '); - getword(ntemp,buf,' '); - getword(ntime,buf,' '); + if (getword(nacc,sizeof(nacc),buf,' ')<0) { + printf("SARG: Maybe you have an invalid number of access in your %s file of the topsites.\n",general2); + exit(1); + } + if (getword(nbytes,sizeof(nbytes),buf,' ')<0) { + printf("SARG: Maybe you have an invalid number of bytes in your %s file of the topsites.\n",general2); + exit(1); + } + if (getword(url,sizeof(url),buf,' ')<0) { + printf("SARG: Maybe you have an invalid url in your %s file of the topsites.\n",general2); + exit(1); + } + if (getword(ntemp,sizeof(ntemp),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in column 5 in your %s file of the topsites.\n",general2); + exit(1); + } + if (getword(ntemp,sizeof(ntemp),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in column 6 in your %s file of the topsites.\n",general2); + exit(1); + } + if (getword(ntemp,sizeof(ntemp),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in column 7 in your %s file of the topsites.\n",general2); + exit(1); + } + if (getword(ntime,sizeof(ntime),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in column 8 in your %s file of the topsites.\n",general2); + exit(1); + } if(!regs) { strcpy(ourl,url); @@ -203,12 +236,16 @@ void topsites() while(fgets(buf,sizeof(buf),fp_in)!=NULL) { if(regs>atoi(TopSitesNum)) break; - getword(nacc,buf,' '); + if (getword(nacc,sizeof(nacc),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",sites); + exit(1); + } if (atoi(nacc) == 0) continue; - - getword(nbytes,buf,' '); - getword(ntime,buf,' '); - getword(url,buf,' '); + if (getword(nbytes,sizeof(nbytes),buf,' ')<0 || + getword(ntime,sizeof(ntime),buf,' ')<0 || getword(url,sizeof(url),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",sites); + exit(1); + } twork1=my_atoll(nacc); twork2=my_atoll(nbytes); diff --git a/totday.c b/totday.c index 6895b61..bb03947 100644 --- a/totday.c +++ b/totday.c @@ -73,11 +73,12 @@ void day_totalize(const char *tmp, char *user, int indexonly) if(strstr(buf,"\n") != 0) buf[strlen(buf)-1]='\0'; - getword(data,buf,' '); - getword(hora,buf,':'); - getword(min,buf,':'); - getword(elap,buf,' '); - strcpy(elap,buf); + if (getword(data,sizeof(data),buf,' ')<0 || getword(hora,sizeof(hora),buf,':')<0 || + getword(min,sizeof(min),buf,':')<0 || getword(elap,sizeof(elap),buf,' ')<0 || + getword(elap,sizeof(elap),buf,0)<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",sortout); + exit(1); + } sprintf(hm,"%s%s",hora,min); if(!regs) { diff --git a/useragent.c b/useragent.c index fe6dfbd..a91f3ad 100644 --- a/useragent.c +++ b/useragent.c @@ -70,22 +70,27 @@ void useragent() while(fgets(buf,sizeof(buf),fp_in)!=NULL) { totregsl++; - getword(ip,buf,' '); - getword(data,buf,'['); - getword(data,buf,' '); + if (getword(ip,sizeof(ip),buf,' ')<0 || getword(data,sizeof(data),buf,'[')<0 || + getword(data,sizeof(data),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",UserAgentLog); + exit(1); + } if(totregsl == 1) strcpy(idate,data); - getword(agent,buf,'"'); - getword(agent,buf,'"'); - + if (getword(agent,sizeof(agent),buf,'"')<0 || getword(agent,sizeof(agent),buf,'"')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",UserAgentLog); + exit(1); + } strcpy(warea,agent); strup(warea); if(strstr(warea,"SCRIPT") != 0 || strstr(warea,"ONLOAD") != 0) baddata(); if(strlen(buf)) { - getword(user,buf,' '); - getword(user,buf,'\n'); + if (getword(user,sizeof(user),buf,' ')<0 || getword(user,sizeof(user),buf,'\n')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",UserAgentLog); + exit(1); + } } if(user[0] == '-') @@ -165,7 +170,10 @@ void useragent() fputs(html,fp_ou); while(fgets(buf,sizeof(buf),fp_in)!=NULL) { - getword(ip,buf,'\\'); + if (getword(ip,sizeof(ip),buf,'\\')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",tmp2); + exit(1); + } if(strcmp(Ip2Name,"yes") == 0) { if(strcmp(ip,ipbefore) != 0) { @@ -175,9 +183,11 @@ void useragent() } else strcpy(ip,namebefore); } - getword(data,buf,'\\'); - getword(agent,buf,'\\'); - getword(user,buf,'\\'); + if (getword(data,sizeof(data),buf,'\\')<0 || getword(agent,sizeof(agent),buf,'\\')<0 || + getword(user,sizeof(user),buf,'\\')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",tmp2); + exit(1); + } if(strcmp(user,user_old) != 0) { sprintf(html,"%s%s\n",TxBgColor,FontSize,user,TxBgColor,FontSize,agent); @@ -215,9 +225,11 @@ void useragent() agent_old[0]='\0'; while(fgets(buf,sizeof(buf),fp_in)!=NULL) { - getword(ip,buf,'\\'); - getword(data,buf,'\\'); - getword(agent,buf,'\\'); + if (getword(ip,sizeof(ip),buf,'\\')<0 || getword(data,sizeof(data),buf,'\\')<0 || + getword(agent,sizeof(agent),buf,'\\')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",tmp); + exit(1); + } if(!cont) { cont++; @@ -268,7 +280,10 @@ void useragent() while(fgets(buf,sizeof(buf),fp_in)!=NULL) { buf[strlen(buf)-1]='\0'; - getword(tagent,buf,' '); + if (getword(tagent,sizeof(tagent),buf,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",tmp); + exit(1); + } perc=atoi(tagent) * 100; perc=perc / agentot2; diff --git a/util.c b/util.c index f4c1941..15c3608 100644 --- a/util.c +++ b/util.c @@ -53,40 +53,71 @@ static char mtab2[12][3]={"01","02","03","04","05","06","07","08","09","10","11" } }*/ -void getword(char *word, char *line, int stop) +int getword(char *word, int limit, char *line, int stop) { - int x = 0, y = 0; - int limit=10000; - char wline[MAXLEN]; - - //strcpy(wline,line); + int x = 0,y; - if(strlen(line) < 3) { + /*if(strlen(line) < 3) { word[0]='\0'; - return; - } + return(0); + }*/ - for(x=0; line[x] && (line[x] != stop ) && x=limit) { + printf("SARG: getword loop detected after %d bytes.\n",x); + printf("SARG: Record=\"%s\"\n",line); + printf("SARG: searching for \'x%x\'\n",stop); + //printf("SARG: Maybe you have a broken record or garbage in your access.log file.\n"); + if (limit>0) word[limit-1]='\0'; + //exit(1); + return(-1); + } + word[x] = line[x]; } word[x] = '\0'; - if (line[x]) ++x; + y=0; while((line[y++] = line[x++])); + return(0); } -char * getword2(char *word, char *line, int stop) +int getword_multisep(char *word, int limit, char *line, int stop) +{ + int x = 0,y; + + /*if(strlen(line) < 3) { + word[0]='\0'; + return(0); + }*/ + + for(x=0;((line[x]) && (line[x] != stop ));x++) { + if(x>=limit) { + printf("SARG: getword_multisep loop detected.\n"); + printf("SARG: Record=\"%s\"\n",line); + printf("SARG: searching for \'x%x\'\n",stop); + printf("SARG: searching for \'x%x\'\n",stop); + //printf("SARG: Maybe you have a broken record or garbage in your access.log file.\n"); + if (limit>0) word[limit-1]='\0'; + //exit(1); + return(-1); + } + word[x] = line[x]; + } + + word[x] = '\0'; + while (line[x] && line[x]==stop) ++x; + y=0; + + while((line[y++] = line[x++])); + return(0); +} + +#if 0 //this function seems unused +char * getword2(char *word, int limit, char *line, int stop) { int x = 0; - int limit=MAXLEN; if(strlen(line) < 3) { word[0]='\0'; @@ -108,15 +139,25 @@ char * getword2(char *word, char *line, int stop) // printf( "OUT Buffer <%s>\n" , line+x+1 ) ; return( line + x +1) ; } +#endif -void getword3(char *word, char *line, int stop) +int getword3(char *word, int limit, char *line, int stop) { int x = 0, y = 0; - for(x=0;(line[x] && (line[x] != stop ));x++) word[x] = line[x]; + for(x=0; x=limit) { + printf("SARG: getword3 loop detected after %d bytes.\n",x); + printf("SARG: Buffer=\"%s\"\n",line); + printf("SARG: searching for \'x%x\'\n",stop); + //printf("SARG: Maybe you have a broken record or garbage in your access.log file.\n"); + //exit(1); + return(-1); + } word[x] = '\0'; if(line[x]) ++x; while((line[y++] = line[x++])); + return(0); } @@ -187,16 +228,22 @@ void my_mkdir(char *name) char w2[255]; if(strncmp(name,".",1) == 0 || strncmp(name,"/",1) != 0) { - fprintf(stderr,"SARG: Ivalid path (%s). Please, use absolute paths only.\n",name); + fprintf(stderr,"SARG: Invalid path (%s). Please, use absolute paths only.\n",name); fprintf(stderr,"SARG: process aborted.\n"); exit(1); } strcpy(w0,name); strcpy(w2,"/"); - getword(w1,w0,'/'); - while(strstr(w0,"/") != 0) { - getword(w1,w0,'/'); + if (getword_multisep(w1,sizeof(w1),w0,'/')<0) { + printf("SARG: Maybe you have a broken record or garbage in the directory name %s.\n",name); + exit(1); + } + while(strchr(w0,'/')) { + if (getword_multisep(w1,sizeof(w1),w0,'/')<0) { + printf("SARG: Maybe you have a broken record or garbage in the directory name %s.\n",name); + exit(1); + } strcat(w2,w1); if(access(w2, R_OK) != 0) { if(mkdir(w2,0755)) { @@ -321,7 +368,7 @@ void conv_month_name(char *month) } -void name_month(char *month) +void name_month(char *month,int month_len) { int x, z=atoi(month)-1; char m[255]; @@ -330,8 +377,14 @@ void name_month(char *month) strcpy(m,text[133]); for(x=0; x\n\n\n
 Squid Analysis Report Generator
 
\n",ind); } -get_size(char *path, char *file) +int get_size(char *path, char *file) { FILE *fp; char response[255]; @@ -1242,7 +1314,10 @@ get_size(char *path, char *file) sprintf(cmd,"du -skh %s%s",path,file); fp = popen(cmd, "r"); fgets(response, 255, fp); - getword(val5,response,'\t'); + if (getword_multisep(val5,sizeof(val5),response,'\t')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s command.\n",cmd); + exit(1); + } pclose(fp); return (val5); -- 2.39.5