Blob Blame History Raw
--- test/request.c	(.../tags/0.30.2)	(revision 2045)
+++ test/request.c	(.../branches/0.30.x)	(revision 2045)
@@ -902,8 +902,6 @@
     ONREQ(ne_request_dispatch(req));
 
     while ((cursor = ne_response_header_iterate(req, cursor, &name, &value))) {
-        n = -1;
-
         ONV(strncmp(name, "x-", 2) || strncmp(value, "Y-", 2)
             || strcmp(name + 2, value + 2)
             || (n = atoi(name + 2)) >= MANY_HEADERS
@@ -2358,6 +2356,21 @@
     return await_server();
 }
 
+static int safe_flags(void)
+{
+    ne_session *sess = ne_session_create("http", "localhost", 80);
+    ne_request *req = ne_request_create(sess, "GET", "/");
+
+    ne_set_request_flag(req, NE_REQFLAG_LAST, 0xAAAAAAAA);
+
+    ONN("flags array bound check failed", ne_get_session(req) != sess);
+
+    ne_request_destroy(req);
+    ne_session_destroy(sess);
+
+    return OK;
+}
+
 /* TODO: test that ne_set_notifier(, NULL, NULL) DTRT too. */
 
 ne_test tests[] = {
@@ -2451,5 +2464,6 @@
     T(socks_fail),
     T(fail_lookup),
     T(fail_double_lookup),
+    T(safe_flags),
     T(NULL)
 };
--- test/lock.c	(.../tags/0.30.2)	(revision 2045)
+++ test/lock.c	(.../branches/0.30.x)	(revision 2045)
@@ -73,11 +73,13 @@
 			   const char *token_href)
 {
     static char buf[BUFSIZ];
-    sprintf(buf, 
-	    "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n"
-	    "<D:prop xmlns:D=\"DAV:\">"
-	    "<D:lockdiscovery>%s</D:lockdiscovery></D:prop>\n",
-	    activelock(scope, depth, owner, timeout, token_href));
+
+    ne_snprintf(buf, sizeof buf,
+                "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n"
+                "<D:prop xmlns:D=\"DAV:\">"
+                "<D:lockdiscovery>%s</D:lockdiscovery></D:prop>\n",
+                activelock(scope, depth, owner, timeout, token_href));
+
     return buf;
 }
 
--- test/string-tests.c	(.../tags/0.30.2)	(revision 2045)
+++ test/string-tests.c	(.../branches/0.30.x)	(revision 2045)
@@ -320,7 +320,7 @@
 {
     char expect[200], actual[200];
     
-    strncpy(expect, strerror(ENOENT), sizeof(expect));
+    strncpy(expect, strerror(ENOENT), sizeof(expect)-1);
     ONN("ne_strerror did not return passed-in buffer",
 	ne_strerror(ENOENT, actual, sizeof(actual)) != actual);
     
--- test/util-tests.c	(.../tags/0.30.2)	(revision 2045)
+++ test/util-tests.c	(.../branches/0.30.x)	(revision 2045)
@@ -203,18 +203,24 @@
     return OK;
 }
 
-/* trigger segfaults in ne_rfc1036_parse() in <=0.24.5. */
-static int regress_dates(void)
+#define BAD_DATE(format, result) \
+    ONN(format " date parse must fail", result != -1)
+
+/* Test for bad dates; trigger segfaults in ne_rfc1036_parse() in
+ * <=0.24.5. */
+static int bad_dates(void)
 {
     static const char *dates[] = {
-        "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
+        "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
+        "Friday, 08-Jun-01",
     };
     size_t n;
     
     for (n = 0; n < sizeof(dates)/sizeof(dates[0]); n++) {
-        ne_rfc1036_parse(dates[n]);
-        ne_iso8601_parse(dates[n]);
-        ne_rfc1123_parse(dates[n]);
+        BAD_DATE("rfc1036", ne_rfc1036_parse(dates[n]));
+        BAD_DATE("iso8601", ne_iso8601_parse(dates[n]));
+        BAD_DATE("rfc1123", ne_rfc1123_parse(dates[n]));
+        BAD_DATE("asctime", ne_asctime_parse(dates[n]));
     }
 
     return OK;
@@ -303,7 +309,7 @@
     T(md5),
     T(md5_alignment),
     T(parse_dates),
-    T(regress_dates),
+    T(bad_dates),
     T(versioning),
     T(version_string),
     T(support),
--- src/ne_dates.c	(.../tags/0.30.2)	(revision 2045)
+++ src/ne_dates.c	(.../branches/0.30.x)	(revision 2045)
@@ -171,11 +171,12 @@
     int n;
     time_t result;
     
-/*  it goes: Sun, 06 Nov 1994 08:49:37 GMT */
-    n = sscanf(date, RFC1123_FORMAT,
-	    wkday, &gmt.tm_mday, mon, &gmt.tm_year, &gmt.tm_hour,
-	    &gmt.tm_min, &gmt.tm_sec);
-    /* Is it portable to check n==7 here? */
+    /* it goes: Sun, 06 Nov 1994 08:49:37 GMT */
+    if (sscanf(date, RFC1123_FORMAT,
+               wkday, &gmt.tm_mday, mon, &gmt.tm_year, &gmt.tm_hour,
+               &gmt.tm_min, &gmt.tm_sec) != 7)
+        return (time_t) -1;
+
     gmt.tm_year -= 1900;
     for (n=0; n<12; n++)
 	if (strcmp(mon, short_months[n]) == 0)
@@ -204,7 +205,6 @@
 	return (time_t)-1;
     }
 
-    /* portable to check n here? */
     for (n=0; n<12; n++)
 	if (strcmp(mon, short_months[n]) == 0)
 	    break;
@@ -232,11 +232,12 @@
     char wkday[4], mon[4];
     time_t result;
 
-    n = sscanf(date, ASCTIME_FORMAT,
-		wkday, mon, &gmt.tm_mday, 
-		&gmt.tm_hour, &gmt.tm_min, &gmt.tm_sec,
-		&gmt.tm_year);
-    /* portable to check n here? */
+    if (sscanf(date, ASCTIME_FORMAT,
+               wkday, mon, &gmt.tm_mday, 
+               &gmt.tm_hour, &gmt.tm_min, &gmt.tm_sec,
+               &gmt.tm_year) != 7)
+        return (time_t)-1;
+
     for (n=0; n<12; n++)
 	if (strcmp(mon, short_months[n]) == 0)
 	    break;
--- src/ne_locks.c	(.../tags/0.30.2)	(revision 2045)
+++ src/ne_locks.c	(.../branches/0.30.x)	(revision 2045)
@@ -32,6 +32,7 @@
 #ifdef HAVE_LIMITS_H
 #include <limits.h>
 #endif
+#include <assert.h>
 
 #include <ctype.h> /* for isdigit() */
 
@@ -332,6 +333,9 @@
     for (item = store->locks; item != NULL; item = item->next)
 	if (item->lock == lock)
 	    break;
+
+    /* API condition that lock is present in the store. */
+    assert(item);
     
     if (item->prev != NULL) {
 	item->prev->next = item->next;
--- src/ne_session.c	(.../tags/0.30.2)	(revision 2045)
+++ src/ne_session.c	(.../branches/0.30.x)	(revision 2045)
@@ -569,7 +569,8 @@
     };
     int n, flag = 0;
 
-    strcpy(sess->error, _("Server certificate verification failed: "));
+    ne_strnzcpy(sess->error, _("Server certificate verification failed: "),
+                sizeof sess->error);
 
     for (n = 0; reasons[n].bit; n++) {
 	if (failures & reasons[n].bit) {
--- src/ne_xml.c	(.../tags/0.30.2)	(revision 2045)
+++ src/ne_xml.c	(.../branches/0.30.x)	(revision 2045)
@@ -576,7 +576,7 @@
         if (p->bom_pos == 0) {
             p->bom_pos = 3; /* no BOM */
         } else if (p->bom_pos > 0 && p->bom_pos < 3) {
-            strcpy(p->error, _("Invalid Byte Order Mark"));
+            ne_strnzcpy(p->error, _("Invalid Byte Order Mark"), sizeof p->error);
             return p->failure = 1;
         }
     }
--- src/ne_request.c	(.../tags/0.30.2)	(revision 2045)
+++ src/ne_request.c	(.../branches/0.30.x)	(revision 2045)
@@ -329,7 +329,7 @@
                 /* errno was set */
                 ne_strerror(errno, err, sizeof err);
             } else {
-                strcpy(err, _("offset invalid"));
+                ne_strnzcpy(err, _("offset invalid"), sizeof err);
             }
             ne_snprintf(offstr, sizeof offstr, "%" FMT_NE_OFF_T,
                         req->body.file.offset);
@@ -585,7 +585,7 @@
 
 void ne_set_request_flag(ne_request *req, ne_request_flag flag, int value)
 {
-    if (flag < (ne_request_flag)NE_SESSFLAG_LAST) {
+    if (flag < (ne_request_flag)NE_REQFLAG_LAST) {
         req->flags[flag] = value;
     }
 }
--- src/ne_socket.c	(.../tags/0.30.2)	(revision 2045)
+++ src/ne_socket.c	(.../branches/0.30.x)	(revision 2045)
@@ -27,7 +27,7 @@
 #include "config.h"
 
 #include <sys/types.h>
-#ifdef HAVE_SYS_UIO_h
+#ifdef HAVE_SYS_UIO_H
 #include <sys/uio.h> /* writev(2) */
 #endif
 #ifdef HAVE_SYS_TIME_H
--- src/ne_openssl.c	(.../tags/0.30.2)	(revision 2045)
+++ src/ne_openssl.c	(.../branches/0.30.x)	(revision 2045)
@@ -1130,7 +1130,10 @@
     return 0;
 }
 
-#ifdef NE_HAVE_TS_SSL
+#if defined(NE_HAVE_TS_SSL) && OPENSSL_VERSION_NUMBER < 0x10101000L
+/* For OpenSSL 1.1.1 locking callbacks are no longer need at all. */
+#define WITH_OPENSSL_LOCKING (1)
+
 /* Implementation of locking callbacks to make OpenSSL thread-safe.
  * If the OpenSSL API was better designed, this wouldn't be necessary.
  * In OpenSSL releases without CRYPTO_set_idptr_callback, it's not
@@ -1184,8 +1187,6 @@
     }
 }
 
-#endif
-
 /* ID_CALLBACK_IS_{NEON,OTHER} evaluate as true if the currently
  * registered OpenSSL ID callback is the neon function (_NEON), or has
  * been overwritten by some other app (_OTHER). */
@@ -1196,6 +1197,8 @@
 #define ID_CALLBACK_IS_OTHER (CRYPTO_get_id_callback() != NULL)
 #define ID_CALLBACK_IS_NEON (CRYPTO_get_id_callback() == thread_id_neon)
 #endif
+        
+#endif /* NE_HAVE_TS_SSL && OPENSSL_VERSION_NUMBER < 1.1.1 */
 
 int ne__ssl_init(void)
 {
@@ -1205,7 +1208,7 @@
     SSL_library_init();
     OpenSSL_add_all_algorithms();
 
-#ifdef NE_HAVE_TS_SSL
+#ifdef WITH_OPENSSL_LOCKING
     /* If some other library has already come along and set up the
      * thread-safety callbacks, then it must be presumed that the
      * other library will have a longer lifetime in the process than
@@ -1252,7 +1255,7 @@
     /* Cannot call ERR_free_strings() etc here in case any other code
      * in the process using OpenSSL. */
 
-#ifdef NE_HAVE_TS_SSL
+#ifdef WITH_OPENSSL_LOCKING
     /* Only unregister the callbacks if some *other* library has not
      * come along in the mean-time and trampled over the callbacks
      * installed by neon. */