diff options
| author |  mrcsys | 2006-01-27 20:23:39 +0000 |
|---|---|---|
| committer | mrcsys | 2006-01-27 20:23:39 +0000 |
| commit | 313e3f2e656110cd4b67d526df04d9cb3afee1e7 (patch) | |
| tree | f8d5308f28ab185406cce0785aeea8c110eb9b6e | |
| parent | d2de034d35e290f68e25f33f19e5e11f5baddeca (diff) | |
| download | csoap-313e3f2e656110cd4b67d526df04d9cb3afee1e7.tar.gz csoap-313e3f2e656110cd4b67d526df04d9cb3afee1e7.tar.bz2 | |
Fixed two buffer overflow problems.
This results in different deffinitions for soap_env_find_urn() and soap_env_find_methodname()
| -rw-r--r-- | libcsoap/soap-env.c | 33 | ||||
| -rw-r--r-- | libcsoap/soap-env.h | 6 | ||||
| -rw-r--r-- | libcsoap/soap-server.c | 10 |
3 files changed, 24 insertions, 25 deletions
diff --git a/libcsoap/soap-env.c b/libcsoap/soap-env.c index 9b83abc..8252961 100644 --- a/libcsoap/soap-env.c +++ b/libcsoap/soap-env.c @@ -1,5 +1,5 @@ /****************************************************************** -* $Id: soap-env.c,v 1.13 2006/01/25 18:12:06 mrcsys Exp $ +* $Id: soap-env.c,v 1.14 2006/01/27 20:23:39 mrcsys Exp $ * * CSOAP Project: A SOAP client/server library in C * Copyright (C) 2003 Ferhat Ayaz @@ -195,9 +195,9 @@ soap_env_new_with_fault(fault_code_t faultcode, herror_t soap_env_new_with_response(SoapEnv * request, SoapEnv ** out) { - char urn[100]; - char methodname[150]; - char methodname2[150]; + char *urn; + char *methodname; + char *methodname2; if (request == NULL) { @@ -212,7 +212,7 @@ soap_env_new_with_response(SoapEnv * request, SoapEnv ** out) "request (first param) has no xml structure"); } - if (!soap_env_find_methodname(request, methodname)) + if (!(methodname = soap_env_find_methodname(request))) { return herror_new("soap_env_new_with_response", GENERAL_INVALID_PARAM, @@ -220,14 +220,15 @@ soap_env_new_with_response(SoapEnv * request, SoapEnv ** out) SAVE_STR(methodname)); } - if (!soap_env_find_urn(request, urn)) + if (!(urn = soap_env_find_urn(request))) { /* here we have no chance to find out the namespace */ /* try to continue without namespace (urn) */ - urn[0] = '\0'; + urn = ""; } + methodname2 = malloc(strlen(methodname)+9); sprintf(methodname2, "%sResponse", methodname); return soap_env_new_with_method(urn, methodname2, out); } @@ -569,8 +570,8 @@ _soap_env_get_body(SoapEnv * env) } -int -soap_env_find_urn(SoapEnv * env, char *urn) +char * +soap_env_find_urn(SoapEnv * env) { xmlNsPtr ns; xmlNodePtr body, node; @@ -597,23 +598,22 @@ soap_env_find_urn(SoapEnv * env, char *urn) ns = xmlSearchNs(body->doc, node, node->ns->prefix); if (ns != NULL) { - strcpy(urn, (char *) ns->href); - return 1; /* namespace found! */ + return((char *) ns->href); /* namespace found! */ } } else { - strcpy(urn, ""); + static char *empty = ""; log_warn1("No namespace found"); - return 1; + return(empty); } return 0; } -int -soap_env_find_methodname(SoapEnv * env, char *method) +char * +soap_env_find_methodname(SoapEnv * env) { xmlNodePtr body, node; @@ -636,9 +636,8 @@ soap_env_find_methodname(SoapEnv * env, char *method) } - strcpy(method, (const char *) node->name); + return((char *) node->name); - return 1; } diff --git a/libcsoap/soap-env.h b/libcsoap/soap-env.h index 72dd999..36305e1 100644 --- a/libcsoap/soap-env.h +++ b/libcsoap/soap-env.h @@ -1,5 +1,5 @@ /****************************************************************** - * $Id: soap-env.h,v 1.11 2006/01/10 11:29:04 snowdrop Exp $ + * $Id: soap-env.h,v 1.12 2006/01/27 20:23:40 mrcsys Exp $ * * CSOAP Project: A SOAP client/server library in C * Copyright (C) 2003 Ferhat Ayaz @@ -326,8 +326,8 @@ xmlNodePtr soap_env_get_fault(SoapEnv * env); xmlNodePtr soap_env_get_header(SoapEnv * env); -int soap_env_find_urn(SoapEnv * env, char *urn); -int soap_env_find_methodname(SoapEnv * env, char *methodname); +char * soap_env_find_urn(SoapEnv * env); +char * soap_env_find_methodname(SoapEnv * env); diff --git a/libcsoap/soap-server.c b/libcsoap/soap-server.c index 74ff251..4f55bf5 100644 --- a/libcsoap/soap-server.c +++ b/libcsoap/soap-server.c @@ -1,5 +1,5 @@ /****************************************************************** -* $Id: soap-server.c,v 1.14 2006/01/10 11:29:04 snowdrop Exp $ +* $Id: soap-server.c,v 1.15 2006/01/27 20:23:40 mrcsys Exp $ * * CSOAP Project: A SOAP client/server library in C * Copyright (C) 2003 Ferhat Ayaz @@ -115,8 +115,8 @@ soap_server_entry(httpd_conn_t * conn, hrequest_t * req) { hpair_t *header = NULL; char buffer[1054]; - char urn[150]; - char method[150]; + char *urn; + char *method; SoapCtx *ctx, *ctxres; SoapRouter *router; SoapService *service; @@ -181,7 +181,7 @@ soap_server_entry(httpd_conn_t * conn, hrequest_t * req) else { - if (!soap_env_find_urn(ctx->env, urn)) + if (!(urn=soap_env_find_urn(ctx->env))) { _soap_server_send_fault(conn, header, "No URN found!"); @@ -193,7 +193,7 @@ soap_server_entry(httpd_conn_t * conn, hrequest_t * req) log_verbose2("urn: '%s'", urn); } - if (!soap_env_find_methodname(ctx->env, method)) + if (!(method=soap_env_find_methodname(ctx->env))) { _soap_server_send_fault(conn, header, "No method found!"); |