%s

From: Jonathan McDowell Date: Thu, 14 Sep 2023 18:17:22 +0000 (+0530) Subject: Move the CGI specific routines into cgi/ and split out UID escaping X-Git-Tag: onak-0.6.3~19 X-Git-Url: http://the.earth.li/gitweb/?p=onak.git;a=commitdiff_plain;h=f6d38365b7e7e1e88ba02136ffe6f0fb08903ef0 Move the CGI specific routines into cgi/ and split out UID escaping The only piece from getcgi.c that anything other than the CGI needs is the code to escape a UID. Move that into keyindex.c and shuffle the CGI routines off to the subdirectory. The escaping routine could do with a lot of improvement, but this is a start in terms of cleaning things up. --- diff --git a/CMakeLists.txt b/CMakeLists.txt index 30e5929..acacb34 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -51,7 +51,7 @@ endif() # Core objects add_library(libonak STATIC armor.c charfuncs.c cleankey.c cleanup.c decodekey.c - getcgi.c hash.c hash-helper.c key-store.c keyarray.c keyid.c keyindex.c + hash.c hash-helper.c key-store.c keyarray.c keyid.c keyindex.c ll.c log.c marshal.c mem.c merge.c onak-conf.c parsekey.c photoid.c rsa.c sigcheck.c sendsync.c sha1x.c wordlist.c) set(LIBONAK_LIBRARIES "") diff --git a/cgi/CMakeLists.txt b/cgi/CMakeLists.txt index 977f2a2..da430d4 100644 --- a/cgi/CMakeLists.txt +++ b/cgi/CMakeLists.txt @@ -1,9 +1,9 @@ # CGI -add_executable(add add.c) +add_executable(add add.c getcgi.c) target_link_libraries(add libonak) -add_executable(gpgwww gpgwww.c ../stats.c) +add_executable(gpgwww gpgwww.c ../stats.c getcgi.c) target_link_libraries(gpgwww libonak) -add_executable(hashquery hashquery.c) +add_executable(hashquery hashquery.c getcgi.c) target_link_libraries(hashquery libonak) -add_executable(lookup lookup.c) +add_executable(lookup lookup.c getcgi.c) target_link_libraries(lookup libonak) diff --git a/cgi/getcgi.c b/cgi/getcgi.c new file mode 100644 index 0000000..ded1c93 --- /dev/null +++ b/cgi/getcgi.c @@ -0,0 +1,228 @@ +/* + * getcgivars.c - routine to read CGI input variables into an array. + * + * Copyright 2002 Jonathan McDowell + * + * The x2c() and unescape_url() routines were lifted directly + * from NCSA's sample program util.c, packaged with their HTTPD. + * + * This program is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for + * more details. + * + * You should have received a copy of the GNU General Public License along with + * this program. If not, see . + */ + +#include +#include +#include +#include + +#include "getcgi.h" + +/* + * start_html - Start HTML output. + * @title: The title for the HTML. + * + * Takes a title string and starts HTML output, including the + * Content-Type header all the way up to . + */ +void start_html(const char *title) +{ + puts("Content-Type: text/html; charset=UTF-8\n"); + puts(""); + puts(""); + puts(""); + printf("%s\n", title); + puts(""); + puts(""); + + return; +} + +/* + * end_html - End HTML output. + * + * Ends HTML output - closes the BODY and HTML tags. + */ +void end_html(void) +{ + puts(""); + puts(""); + + return; +} + + +/* Convert a two-char hex string into the char it represents */ +char x2c(const char *what) +{ + register char digit; + + digit = (what[0] >= 'A' ? ((what[0] & 0xdf) - 'A')+10 : + (what[0] - '0')); + digit *= 16; + digit += (what[1] >= 'A' ? ((what[1] & 0xdf) - 'A')+10 : + (what[1] - '0')); + + return(digit); +} + +/* Reduce any %xx escape sequences to the characters they represent */ +void unescape_url(char *url) +{ + register int i,j; + + for(i=0,j=0; url[j]; ++i,++j) { + if((url[i] = url[j]) == '%') { + url[i]=x2c(&url[j+1]); + j+=2; + } + } + + url[i] = '\0'; +} + + +/* Read the CGI input and place all name/val pairs into list. */ +/* Returns list containing name1, value1, name2, value2, ... , NULL */ +char **getcgivars(int argc, char *argv[]) +{ + int i; + char *request_method, *env; + int content_length, paircount; + char *cgiinput = NULL; + char **cgivars = NULL; + char **pairlist = NULL; + char *nvpair,*eqpos; + + /* Depending on the request method, read all CGI input into cgiinput */ + /* (really should produce HTML error messages, instead of exit()ing) */ + + request_method = getenv("REQUEST_METHOD"); + + if (request_method == NULL) { + if (argc > 1) { + cgiinput = strdup(argv[1]); + } else { + return NULL; + } + } else if (strlen(request_method)==0) { + return NULL; + } else if (!strcmp(request_method, "GET") || + !strcmp(request_method, "HEAD")) { + env = getenv("QUERY_STRING"); + if (env != NULL) { + cgiinput = strdup(env); + } + } else if (!strcmp(request_method, "POST")) { + env = getenv("CONTENT_TYPE"); + if ((env != NULL) && strcasecmp(env, + "application/x-www-form-urlencoded")) { + printf("getcgivars(): Unsupported Content-Type.\n"); + exit(1); + } + + env = getenv("CONTENT_LENGTH"); + if ((env == NULL) || !(content_length = atoi(env))) { + printf("getcgivars(): No Content-Length was sent with" + " the POST request.\n"); + exit(1); + } + + if (!(cgiinput = (char *) malloc(content_length+1))) { + printf("getcgivars(): Could not malloc for " + "cgiinput.\n"); + exit(1); + } + + if (!fread(cgiinput, content_length, 1, stdin)) { + printf("Couldn't read CGI input from STDIN.\n"); + exit(1); + } + + cgiinput[content_length]='\0'; + + } else { + printf("getcgivars(): unsupported REQUEST_METHOD\n"); + exit(1); + } + + /* If we didn't get any cgiinput info, nothing to return */ + if (cgiinput == NULL) { + return NULL; + } + + /* Change all plusses back to spaces */ + + for(i=0; cgiinput[i]; i++) if (cgiinput[i]=='+') cgiinput[i] = ' '; + + /* First, split on "&" to extract the name-value pairs into pairlist */ + pairlist= malloc(256*sizeof(char *)); + paircount=0; + nvpair=strtok(cgiinput, "&"); + while (nvpair) { + pairlist[paircount++]= strdup(nvpair) ; + if (!(paircount%256)) { + pairlist= realloc(pairlist, + (paircount+256)*sizeof(char *)); + } + nvpair=strtok(NULL, "&") ; + } + + pairlist[paircount]=0; /* terminate the list with NULL */ + + /* Then, from the list of pairs, extract the names and values */ + + cgivars= malloc((paircount*2+1)*sizeof(char *)); + + for (i=0; i + * + * This program is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for + * more details. + * + * You should have received a copy of the GNU General Public License along with + * this program. If not, see . + */ + +#ifndef __GETCGI_H_ +#define __GETCGI_H_ + +/* + * start_html - Start HTML output. + * @title: The title for the HTML. + * + * Takes a title string and starts HTML output, including the + * Content-Type header all the way up to . + */ +void start_html(const char *title); + +/* + * end_html - End HTML output. + * + * Ends HTML output - closes the BODY and HTML tags. + */ +void end_html(void); + +char x2c(const char *what); +void unescape_url(char *url); +char **getcgivars(int argc, char *argv[]); + +/** + * cleanupcgi - free the memory allocated for our CGI parameters. + * @cgivars: The CGI parameter list to free. + * + * Frees up the elements of the CGI parameter array and then frees the + * array. + */ +void cleanupcgi(char **cgivars); + +#endif /* __GETCGI_H_ */ diff --git a/getcgi.c b/getcgi.c deleted file mode 100644 index 7c06560..0000000 --- a/getcgi.c +++ /dev/null @@ -1,272 +0,0 @@ -/* - * getcgivars.c - routine to read CGI input variables into an array. - * - * Copyright 2002 Jonathan McDowell - * - * The x2c() and unescape_url() routines were lifted directly - * from NCSA's sample program util.c, packaged with their HTTPD. - * - * This program is free software: you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the Free - * Software Foundation; version 2 of the License. - * - * This program is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for - * more details. - * - * You should have received a copy of the GNU General Public License along with - * this program. If not, see . - */ - -#include -#include -#include -#include - -#include "getcgi.h" - -/** - * txt2html - Takes a string and converts it to HTML. - * @string: The string to HTMLize. - * - * Takes a string and escapes any HTML entities. - */ -char *txt2html(const char *string) -{ - static char buf[1024]; - char *ptr = NULL; - char *nextptr = NULL; - - memset(buf, 0, 1024); - - ptr = strchr(string, '<'); - if (ptr != NULL) { - nextptr = ptr + 1; - *ptr = 0; - strncpy(buf, string, 1023); - strncat(buf, "<", 1023 - strlen(buf)); - string = nextptr; - } - - ptr = strchr(string, '>'); - if (ptr != NULL) { - nextptr = ptr + 1; - *ptr = 0; - strncat(buf, string, 1023 - strlen(buf)); - strncat(buf, ">", 1023 - strlen(buf)); - string = nextptr; - } - - /* - * TODO: We need to while() this really as each entity may appear more - * than once. We need to start with & and ; as we replace with those - * throughout. Fuck it for the moment though; it's Easter and < & > are - * the most common and tend to only appear once. - */ - - strncat(buf, string, 1023 - strlen(buf)); - - return buf; -} - -/* - * start_html - Start HTML output. - * @title: The title for the HTML. - * - * Takes a title string and starts HTML output, including the - * Content-Type header all the way up to . - */ -void start_html(const char *title) -{ - puts("Content-Type: text/html; charset=UTF-8\n"); - puts(""); - puts(""); - puts(""); - printf("%s\n", title); - puts(""); - puts(""); - - return; -} - -/* - * end_html - End HTML output. - * - * Ends HTML output - closes the BODY and HTML tags. - */ -void end_html(void) -{ - puts(""); - puts(""); - - return; -} - - -/* Convert a two-char hex string into the char it represents */ -char x2c(const char *what) -{ - register char digit; - - digit = (what[0] >= 'A' ? ((what[0] & 0xdf) - 'A')+10 : - (what[0] - '0')); - digit *= 16; - digit += (what[1] >= 'A' ? ((what[1] & 0xdf) - 'A')+10 : - (what[1] - '0')); - - return(digit); -} - -/* Reduce any %xx escape sequences to the characters they represent */ -void unescape_url(char *url) -{ - register int i,j; - - for(i=0,j=0; url[j]; ++i,++j) { - if((url[i] = url[j]) == '%') { - url[i]=x2c(&url[j+1]); - j+=2; - } - } - - url[i] = '\0'; -} - - -/* Read the CGI input and place all name/val pairs into list. */ -/* Returns list containing name1, value1, name2, value2, ... , NULL */ -char **getcgivars(int argc, char *argv[]) -{ - int i; - char *request_method, *env; - int content_length, paircount; - char *cgiinput = NULL; - char **cgivars = NULL; - char **pairlist = NULL; - char *nvpair,*eqpos; - - /* Depending on the request method, read all CGI input into cgiinput */ - /* (really should produce HTML error messages, instead of exit()ing) */ - - request_method = getenv("REQUEST_METHOD"); - - if (request_method == NULL) { - if (argc > 1) { - cgiinput = strdup(argv[1]); - } else { - return NULL; - } - } else if (strlen(request_method)==0) { - return NULL; - } else if (!strcmp(request_method, "GET") || - !strcmp(request_method, "HEAD")) { - env = getenv("QUERY_STRING"); - if (env != NULL) { - cgiinput = strdup(env); - } - } else if (!strcmp(request_method, "POST")) { - env = getenv("CONTENT_TYPE"); - if ((env != NULL) && strcasecmp(env, - "application/x-www-form-urlencoded")) { - printf("getcgivars(): Unsupported Content-Type.\n"); - exit(1); - } - - env = getenv("CONTENT_LENGTH"); - if ((env == NULL) || !(content_length = atoi(env))) { - printf("getcgivars(): No Content-Length was sent with" - " the POST request.\n"); - exit(1); - } - - if (!(cgiinput = (char *) malloc(content_length+1))) { - printf("getcgivars(): Could not malloc for " - "cgiinput.\n"); - exit(1); - } - - if (!fread(cgiinput, content_length, 1, stdin)) { - printf("Couldn't read CGI input from STDIN.\n"); - exit(1); - } - - cgiinput[content_length]='\0'; - - } else { - printf("getcgivars(): unsupported REQUEST_METHOD\n"); - exit(1); - } - - /* If we didn't get any cgiinput info, nothing to return */ - if (cgiinput == NULL) { - return NULL; - } - - /* Change all plusses back to spaces */ - - for(i=0; cgiinput[i]; i++) if (cgiinput[i]=='+') cgiinput[i] = ' '; - - /* First, split on "&" to extract the name-value pairs into pairlist */ - pairlist= malloc(256*sizeof(char *)); - paircount=0; - nvpair=strtok(cgiinput, "&"); - while (nvpair) { - pairlist[paircount++]= strdup(nvpair) ; - if (!(paircount%256)) { - pairlist= realloc(pairlist, - (paircount+256)*sizeof(char *)); - } - nvpair=strtok(NULL, "&") ; - } - - pairlist[paircount]=0; /* terminate the list with NULL */ - - /* Then, from the list of pairs, extract the names and values */ - - cgivars= malloc((paircount*2+1)*sizeof(char *)); - - for (i=0; i - * - * This program is free software: you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the Free - * Software Foundation; version 2 of the License. - * - * This program is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for - * more details. - * - * You should have received a copy of the GNU General Public License along with - * this program. If not, see . - */ - -#ifndef __GETCGI_H_ -#define __GETCGI_H_ - -/** - * txt2html - Takes a string and converts it to HTML. - * @string: The string to HTMLize. - * - * Takes a string and escapes any HTML entities. - */ -char *txt2html(const char *string); - -/* - * start_html - Start HTML output. - * @title: The title for the HTML. - * - * Takes a title string and starts HTML output, including the - * Content-Type header all the way up to . - */ -void start_html(const char *title); - -/* - * end_html - End HTML output. - * - * Ends HTML output - closes the BODY and HTML tags. - */ -void end_html(void); - -char x2c(const char *what); -void unescape_url(char *url); -char **getcgivars(int argc, char *argv[]); - -/** - * cleanupcgi - free the memory allocated for our CGI parameters. - * @cgivars: The CGI parameter list to free. - * - * Frees up the elements of the CGI parameter array and then frees the - * array. - */ -void cleanupcgi(char **cgivars); - -#endif /* __GETCGI_H_ */ diff --git a/keyindex.c b/keyindex.c index e8d569a..fbd32c7 100644 --- a/keyindex.c +++ b/keyindex.c @@ -24,7 +24,6 @@ #include #include "decodekey.h" -#include "getcgi.h" #include "keydb.h" #include "keyid.h" #include "keyindex.h" @@ -74,6 +73,54 @@ char pkalgo2char(uint8_t algo) return typech; } +/** + * txt2html - Takes a string and converts it to HTML. + * @string: The string to HTMLize. + * + * Takes a string and escapes any HTML entities. + */ +const char *txt2html(const char *string) +{ + static char buf[1024]; + char *ptr = NULL; + char *nextptr = NULL; + + if (strlen(string) > 1000) { + return string; + } + + memset(buf, 0, 1024); + + ptr = strchr(string, '<'); + if (ptr != NULL) { + nextptr = ptr + 1; + *ptr = 0; + strncpy(buf, string, 1023); + strncat(buf, "<", 1023 - strlen(buf)); + string = nextptr; + } + + ptr = strchr(string, '>'); + if (ptr != NULL) { + nextptr = ptr + 1; + *ptr = 0; + strncat(buf, string, 1023 - strlen(buf)); + strncat(buf, ">", 1023 - strlen(buf)); + string = nextptr; + } + + /* + * TODO: We need to while() this really as each entity may appear more + * than once. We need to start with & and ; as we replace with those + * throughout. Fuck it for the moment though; it's Easter and < & > are + * the most common and tend to only appear once. + */ + + strncat(buf, string, 1023 - strlen(buf)); + + return buf; +} + /* * Given a public key/subkey packet return the key length. */ diff --git a/keyindex.h b/keyindex.h index 4b10e45..c3e78ef 100644 --- a/keyindex.h +++ b/keyindex.h @@ -47,4 +47,12 @@ int key_index(struct onak_dbctx *dbctx, * machine readable list of them. */ int mrkey_index(struct openpgp_publickey *keys); + +/** + * txt2html - Takes a string and converts it to HTML. + * @string: The string to HTMLize. + * + * Takes a string and escapes any HTML entities. + */ +const char *txt2html(const char *string); #endif diff --git a/stats.c b/stats.c index 91c9166..7fa6894 100644 --- a/stats.c +++ b/stats.c @@ -21,9 +21,9 @@ #include #include "cleanup.h" -#include "getcgi.h" #include "hash.h" #include "keydb.h" +#include "keyindex.h" #include "ll.h" #include "stats.h"