/*
- * "$Id$"
- *
* CGI form variable and array functions for CUPS.
*
- * Copyright 2007-2014 by Apple Inc.
- * Copyright 1997-2005 by Easy Software Products.
+ * Copyright © 2007-2019 by Apple Inc.
+ * Copyright © 1997-2005 by Easy Software Products.
*
- * These coded instructions, statements, and computer programs are the
- * property of Apple Inc. and are protected by Federal copyright
- * law. Distribution and use rights are outlined in the file "LICENSE.txt"
- * which should have been included with this file. If this file is
- * file is missing or damaged, see the license at "http://www.cups.org/".
+ * Licensed under Apache License v2.0. See the file "LICENSE" for more
+ * information.
*/
/*
/*#define DEBUG*/
#include "cgi-private.h"
#include <cups/http.h>
-#include <cups/md5-private.h>
/*
typedef struct /**** Form variable structure ****/
{
- const char *name; /* Name of variable */
+ char *name; /* Name of variable */
int nvalues, /* Number of values */
avalues; /* Number of values allocated */
- const char **values; /* Value(s) of variable */
+ char **values; /* Value(s) of variable */
} _cgi_var_t;
return (0);
if (*val == '\0')
+ {
+ free((void *)val);
return (0); /* Can't be blank, either! */
+ }
+
+ free((void *)val);
}
return (1);
for (v = form_vars, i = form_count; i > 0; v ++, i --)
{
- _cupsStrFree(v->name);
+ free(v->name);
for (j = 0; j < v->nvalues; j ++)
if (v->values[j])
- _cupsStrFree(v->values[j]);
+ free(v->values[j]);
}
form_count = 0;
* 'cgiGetArray()' - Get an element from a form array.
*/
-const char * /* O - Element value or NULL */
+char * /* O - Element value or NULL */
cgiGetArray(const char *name, /* I - Name of array variable */
int element) /* I - Element number (0 to N) */
{
if (element < 0 || element >= var->nvalues)
return (NULL);
- return (_cupsStrRetain(var->values[element]));
+ if (var->values[element] == NULL)
+ return (NULL);
+
+ return (strdup(var->values[element]));
}
* array of values, returns the last element.
*/
-const char * /* O - Value of variable */
+char * /* O - Value of variable */
cgiGetVariable(const char *name) /* I - Name of variable */
{
const _cgi_var_t *var; /* Returned variable */
var = cgi_find_variable(name);
-#ifdef DEBUG
- if (var == NULL)
- DEBUG_printf(("cgiGetVariable(\"%s\") is returning NULL...\n", name));
- else
- DEBUG_printf(("cgiGetVariable(\"%s\") is returning \"%s\"...\n", name,
- var->values[var->nvalues - 1]));
-#endif /* DEBUG */
-
- return ((var == NULL) ? NULL : _cupsStrRetain(var->values[var->nvalues - 1]));
+ return ((var == NULL) ? NULL : strdup(var->values[var->nvalues - 1]));
}
else
fputs("DEBUG: " CUPS_SID " form variable is not present.\n", stderr);
+ free((void *)cups_sid_form);
+
cgiClearVariables();
+
return (0);
}
else
+ {
+ free((void *)cups_sid_form);
+
return (1);
+ }
}
else
return (0);
{
if (element >= var->avalues)
{
- const char **temp; /* Temporary pointer */
+ char **temp; /* Temporary pointer */
- temp = (const char **)realloc((void *)(var->values),
- sizeof(char *) * (size_t)(element + 16));
+ temp = (char **)realloc((void *)(var->values), sizeof(char *) * (size_t)(element + 16));
if (!temp)
return;
var->nvalues = element + 1;
}
else if (var->values[element])
- _cupsStrFree((char *)var->values[element]);
+ free((char *)var->values[element]);
- var->values[element] = _cupsStrAlloc(value);
+ var->values[element] = strdup(value);
}
}
printf(" expires=%s;", httpGetDateString2(expires, date, sizeof(date)));
}
if (secure)
- puts(" secure;");
+ puts(" httponly; secure;");
else
- putchar('\n');
+ puts(" httponly;");
}
if (size >= var->avalues)
{
- const char **temp; /* Temporary pointer */
+ char **temp; /* Temporary pointer */
- temp = (const char **)realloc((void *)(var->values),
- sizeof(char *) * (size_t)(size + 16));
+ temp = (char **)realloc((void *)(var->values), sizeof(char *) * (size_t)(size + 16));
if (!temp)
return;
{
for (i = size; i < var->nvalues; i ++)
if (var->values[i])
- _cupsStrFree((void *)(var->values[i]));
+ free((void *)(var->values[i]));
}
var->nvalues = size;
{
for (i = 0; i < var->nvalues; i ++)
if (var->values[i])
- _cupsStrFree((char *)var->values[i]);
+ free((char *)var->values[i]);
- var->values[0] = _cupsStrAlloc(value);
+ var->values[0] = strdup(value);
var->nvalues = 1;
}
}
if (name == NULL || value == NULL || element < 0 || element > 100000)
return;
- DEBUG_printf(("cgi_add_variable: Adding variable \'%s\' with value "
- "\'%s\'...\n", name, value));
-
if (form_count >= form_alloc)
{
_cgi_var_t *temp_vars; /* Temporary form pointer */
if ((var->values = calloc((size_t)element + 1, sizeof(char *))) == NULL)
return;
- var->name = _cupsStrAlloc(name);
+ var->name = strdup(name);
var->nvalues = element + 1;
var->avalues = element + 1;
- var->values[element] = _cupsStrAlloc(value);
+ var->values[element] = strdup(value);
form_count ++;
}
if (form_count < 1 || name == NULL)
return (NULL);
- key.name = name;
+ key.name = (char *)name;
return ((_cgi_var_t *)bsearch(&key, form_vars, (size_t)form_count, sizeof(_cgi_var_t),
(int (*)(const void *, const void *))cgi_compare_variables));
while (*cookie)
{
+ int skip = 0; /* Skip this cookie? */
+
/*
* Skip leading whitespace...
*/
for (ptr = name; *cookie && *cookie != '=';)
if (ptr < (name + sizeof(name) - 1))
+ {
*ptr++ = *cookie++;
+ }
else
- break;
+ {
+ skip = 1;
+ cookie ++;
+ }
if (*cookie != '=')
break;
{
for (cookie ++, ptr = value; *cookie && *cookie != '\"';)
if (ptr < (value + sizeof(value) - 1))
+ {
*ptr++ = *cookie++;
+ }
else
- break;
+ {
+ skip = 1;
+ cookie ++;
+ }
if (*cookie == '\"')
cookie ++;
+ else
+ skip = 1;
}
else
{
for (ptr = value; *cookie && *cookie != ';';)
if (ptr < (value + sizeof(value) - 1))
+ {
*ptr++ = *cookie++;
+ }
else
- break;
+ {
+ skip = 1;
+ cookie ++;
+ }
}
if (*cookie == ';')
cookie ++;
else if (*cookie)
- break;
+ skip = 1;
*ptr = '\0';
* "$"...
*/
- if (name[0] != '$')
+ if (name[0] != '$' && !skip)
num_cookies = cupsAddOption(name, value, num_cookies, &cookies);
}
}
char *data; /* Pointer to form data string */
- DEBUG_puts("cgi_initialize_get: Initializing variables using GET method...");
-
/*
* Check to see if there is anything for us to read...
*/
size_t blen; /* Length of boundary string */
- DEBUG_printf(("cgi_initialize_multipart(boundary=\"%s\")\n", boundary));
-
/*
* Read multipart form data until we run out...
*/
if (line[0])
cgiSetArray(name, atoi(ptr) - 1, line);
}
- else if (cgiGetVariable(name))
+ else if ((ptr = cgiGetVariable(name)) != NULL)
{
/*
* Add another element in the array...
*/
+ free(ptr);
cgiSetArray(name, cgiGetSize(name), line);
}
else
int status; /* Return status */
- DEBUG_puts("cgi_initialize_post: Initializing variables using POST method...");
-
/*
* Check to see if there is anything for us to read...
*/
char *s, /* Pointer to current form string */
ch, /* Temporary character */
name[255], /* Name of form variable */
- value[65536]; /* Variable value */
+ value[65536], /* Variable value */
+ *temp; /* Temporary pointer */
/*
if (value[0])
cgiSetArray(name, atoi(s) - 1, value);
}
- else if (cgiGetVariable(name) != NULL)
+ else if ((temp = cgiGetVariable(name)) != NULL)
+ {
+ free(temp);
cgiSetArray(name, cgiGetSize(name), value);
+ }
else
cgiSetVariable(name, value);
}
{
char buffer[512], /* SID data */
sid[33]; /* SID string */
- _cups_md5_state_t md5; /* MD5 state */
unsigned char sum[16]; /* MD5 sum */
const char *remote_addr, /* REMOTE_ADDR */
*server_name, /* SERVER_NAME */
*server_port; /* SERVER_PORT */
+ struct timeval curtime; /* Current time */
if ((remote_addr = getenv("REMOTE_ADDR")) == NULL)
if ((server_port = getenv("SERVER_PORT")) == NULL)
server_port = "SERVER_PORT";
- CUPS_SRAND(time(NULL));
+ gettimeofday(&curtime, NULL);
+ CUPS_SRAND(curtime.tv_sec + curtime.tv_usec);
snprintf(buffer, sizeof(buffer), "%s:%s:%s:%02X%02X%02X%02X%02X%02X%02X%02X",
remote_addr, server_name, server_port,
(unsigned)CUPS_RAND() & 255, (unsigned)CUPS_RAND() & 255,
(unsigned)CUPS_RAND() & 255, (unsigned)CUPS_RAND() & 255,
(unsigned)CUPS_RAND() & 255, (unsigned)CUPS_RAND() & 255,
(unsigned)CUPS_RAND() & 255, (unsigned)CUPS_RAND() & 255);
- _cupsMD5Init(&md5);
- _cupsMD5Append(&md5, (unsigned char *)buffer, (int)strlen(buffer));
- _cupsMD5Finish(&md5, sum);
+ cupsHashData("md5", (unsigned char *)buffer, strlen(buffer), sum, sizeof(sum));
- cgiSetCookie(CUPS_SID, httpMD5String(sum, sid), "/", NULL, 0, 0);
+ cgiSetCookie(CUPS_SID, cupsHashString(sum, sizeof(sum), sid, sizeof(sid)), "/", NULL, 0, 0);
return (cupsGetOption(CUPS_SID, num_cookies, cookies));
}
static void
cgi_sort_variables(void)
{
-#ifdef DEBUG
- int i;
-
-
- DEBUG_puts("cgi_sort_variables: Sorting variables...");
-#endif /* DEBUG */
-
if (form_count < 2)
return;
qsort(form_vars, (size_t)form_count, sizeof(_cgi_var_t),
(int (*)(const void *, const void *))cgi_compare_variables);
-
-#ifdef DEBUG
- DEBUG_puts("cgi_sort_variables: Sorted variable list is:");
- for (i = 0; i < form_count; i ++)
- DEBUG_printf(("cgi_sort_variables: %d: %s (%d) = \"%s\" ...\n", i,
- form_vars[i].name, form_vars[i].nvalues,
- form_vars[i].values[0]));
-#endif /* DEBUG */
}
form_file = NULL;
}
}
-
-
-/*
- * End of "$Id$".
- */