cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update to webalizer 2.01-10

Browse Source 
* bump NEED_VERSION
* security fix: buffer overflow in DNS resolver
* includes other bugfixes
* some strcpy/strncpy/sprintf calls changed to strlcpy/snprintf
This commit is contained in:
danh 2002-04-17 16:17:45 +00:00
parent c37be304b1
commit 926ea2c6c1
11 changed files with 664 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
www/webalizer/Makefile
View File

@ -1,11 +1,11 @@
# $OpenBSD: Makefile,v 1.13 2002/03/30 23:20:24 brad Exp $
# $OpenBSD: Makefile,v 1.14 2002/04/17 16:17:45 danh Exp $
COMMENT= "web server log file analysis program"
DISTNAME= webalizer-2.01-09-src
PKGNAME= webalizer-2.01.09
DISTNAME= webalizer-2.01-10-src
PKGNAME= webalizer-2.01.10
CATEGORIES= www
NEED_VERSION= 1.475
NEED_VERSION= 1.522
MASTER_SITES= ftp://ftp.mrunix.net/pub/webalizer/
EXTRACT_SUFX= .tgz
@ -20,7 +20,7 @@ PERMIT_PACKAGE_FTP= Yes
PERMIT_DISTFILES_CDROM= Yes
PERMIT_DISTFILES_FTP= Yes
WRKDIST= ${WRKDIR}/webalizer-2.01-09
WRKDIST= ${WRKDIR}/webalizer-2.01-10
CONFIGURE_STYLE= gnu dest
CONFIGURE_ARGS= --enable-dns

6
www/webalizer/distinfo
View File

@ -1,3 +1,3 @@
MD5 (webalizer-2.01-09-src.tgz) = 577faa996d399321ea6abb1c700b6628
RMD160 (webalizer-2.01-09-src.tgz) = e2832e87c6474b2765471b4f10192ae4730aed7b
SHA1 (webalizer-2.01-09-src.tgz) = 5e4626a07811517f6bb6e63a114793f7673731b6
MD5 (webalizer-2.01-10-src.tgz) = 9217595005aec46a505e1fb349052a8e
RMD160 (webalizer-2.01-10-src.tgz) = fba235649be96914aae9664ce34d0b9098106100
SHA1 (webalizer-2.01-10-src.tgz) = b13bceac94b221b5435d45b142d30663d7399f40

6
www/webalizer/patches/patch-Makefile_in
View File

@ -1,6 +1,6 @@
$OpenBSD: patch-Makefile_in,v 1.5 2002/03/25 14:56:55 brad Exp $
--- Makefile.in.orig Tue Oct 17 00:15:53 2000
+++ Makefile.in Mon Mar 25 09:28:43 2002
$OpenBSD: patch-Makefile_in,v 1.6 2002/04/17 16:17:45 danh Exp $
--- Makefile.in.orig Wed Apr 17 11:40:20 2002
+++ Makefile.in Wed Apr 17 11:41:02 2002
@@ -86,9 +86,9 @@ distclean: clean
install: all
$(INSTALL_PROGRAM) webalizer ${BINDIR}/webalizer

32
www/webalizer/patches/patch-dns_resolv_c Normal file
View File

@ -0,0 +1,32 @@
$OpenBSD: patch-dns_resolv_c,v 1.3 2002/04/17 16:17:45 danh Exp $
--- dns_resolv.c.orig Wed Apr 17 11:45:23 2002
+++ dns_resolv.c Wed Apr 17 11:46:53 2002
@@ -153,7 +153,7 @@ void resolve_dns(struct log_struct *log_
case 0:
{
memcpy(&alignedRecord, response.data, sizeof(struct dnsRecord));
- strncpy (log_rec->hostname,
+ strlcpy (log_rec->hostname,
((struct dnsRecord *)response.data)->hostName,
MAXHOST);
log_rec->hostname[MAXHOST]=0;
@@ -263,7 +263,7 @@ int dns_resolver(void *log_fp)
continue; /* go get next record if any */
}
- strcpy(tmp_buf, buffer); /* save buffer in case of error */
+ strlcpy(tmp_buf, buffer, sizeof tmp_buf); /* save buffer in case of error */
if(parse_record(buffer)) /* parse the record */
{
if((log_rec.addr.s_addr = inet_addr(log_rec.hostname)) != INADDR_NONE)
@@ -446,8 +446,8 @@ static void process_list(DNODEPTR l_list
/* If long hostname, take max domain name part */
if ((size = strlen(res_ent->h_name)) > MAXHOST-2)
- strcpy(child_buf,(res_ent->h_name+(size-MAXHOST+1)));
- else strcpy(child_buf, res_ent->h_name);
+ strlcpy(child_buf,(res_ent->h_name+(size-MAXHOST+1)),sizeof child_buf);
+ else strlcpy(child_buf, res_ent->h_name, sizeof child_buf);
size = strlen(child_buf);
}
else

84
www/webalizer/patches/patch-graphs_c Normal file
View File

@ -0,0 +1,84 @@
$OpenBSD: patch-graphs_c,v 1.1 2002/04/17 16:17:45 danh Exp $
--- graphs.c.orig Wed Apr 17 11:07:33 2002
+++ graphs.c Wed Apr 17 11:11:43 2002
@@ -137,7 +137,7 @@ int year_graph6x( char *fname,
if (data5[i] > maxval) maxval = data5[i];
}
if (maxval <= 0) maxval = 1;
- sprintf(maxvaltxt, "%lu", maxval);
+ snprintf(maxvaltxt, sizeof maxvaltxt, "%lu", maxval);
gdImageStringUp(im,gdFontSmall,8,26+(strlen(maxvaltxt)*6),maxvaltxt,black);
if (graph_legend) /* print color coded legends? */
@@ -221,7 +221,7 @@ int year_graph6x( char *fname,
if (data6[i] > maxval) maxval = data6[i];
}
if (maxval <= 0) maxval = 1;
- sprintf(maxvaltxt, "%lu", maxval);
+ snprintf(maxvaltxt, sizeof maxvaltxt, "%lu", maxval);
gdImageStringUp(im, gdFontSmall,493,26+(strlen(maxvaltxt)*6),
maxvaltxt, black);
@@ -257,7 +257,7 @@ int year_graph6x( char *fname,
for (i=0; i<12; i++)
if (data4[i] > fmaxval) fmaxval = data4[i]; /* get max val */
if (fmaxval <= 0.0) fmaxval = 1.0;
- sprintf(maxvaltxt, "%.0f", fmaxval);
+ snprintf(maxvaltxt, sizeof maxvaltxt, "%.0f", fmaxval);
gdImageStringUp(im, gdFontSmall,493,130+(strlen(maxvaltxt)*6),
maxvaltxt,black);
@@ -354,7 +354,7 @@ int month_graph6( char *fname,
if (data5[i] > maxval) maxval = data5[i];
}
if (maxval <= 0) maxval = 1;
- sprintf(maxvaltxt, "%lu", maxval);
+ snprintf(maxvaltxt, sizeof maxvaltxt, "%lu", maxval);
gdImageStringUp(im, gdFontSmall,8,26+(strlen(maxvaltxt)*6),
maxvaltxt,black);
@@ -434,7 +434,7 @@ int month_graph6( char *fname,
if (data6[i]>maxval) maxval = data6[i];
}
if (maxval <= 0) maxval = 1;
- sprintf(maxvaltxt, "%lu", maxval);
+ snprintf(maxvaltxt, sizeof maxvaltxt, "%lu", maxval);
gdImageStringUp(im, gdFontSmall,8,180+(strlen(maxvaltxt)*6),
maxvaltxt, black);
@@ -467,7 +467,7 @@ int month_graph6( char *fname,
for (i=0; i<31; i++)
if (data4[i]>fmaxval) fmaxval = data4[i];
if (fmaxval <= 0.0) fmaxval = 1.0;
- sprintf(maxvaltxt, "%.0f", fmaxval/1024);
+ snprintf(maxvaltxt, sizeof maxvaltxt, "%.0f", fmaxval/1024);
gdImageStringUp(im, gdFontSmall,8,280+(strlen(maxvaltxt)*6),
maxvaltxt, black);
@@ -531,7 +531,7 @@ int day_graph3( char *fname,
if (data3[i] > maxval) maxval = data3[i];
}
if (maxval <= 0) maxval = 1;
- sprintf(maxvaltxt, "%lu", maxval);
+ snprintf(maxvaltxt, sizeof maxvaltxt, "%lu", maxval);
gdImageStringUp(im, gdFontSmall, 8, 26+(strlen(maxvaltxt)*6),
maxvaltxt, black);
@@ -654,7 +654,7 @@ int pie_chart(char *fname, char *title,
gdImageLine(im, CX, CY, gdata.x, gdata.y, black);
gdImageFill(im, gdata.mx, gdata.my, i+4);
- sprintf(buffer,"%s (%d%%)",legend[i], percent);
+ snprintf(buffer, sizeof buffer, "%s (%d%%)",legend[i], percent);
x=480-(strlen(buffer)*7);
gdImageString(im,gdFontMediumBold, x+1, y+1, buffer, black);
gdImageString(im,gdFontMediumBold, x, y, buffer, i+4);
@@ -667,7 +667,7 @@ int pie_chart(char *fname, char *title,
gdata=*calc_arc(s_arc,1.0);
gdImageFill(im, gdata.mx, gdata.my, white);
- sprintf(buffer,"%s (%d%%)",msg_h_other,100-(int)(s_arc*100));
+ snprintf(buffer, sizeof buffer, "%s (%d%%)",msg_h_other,100-(int)(s_arc*100));
x=480-(strlen(buffer)*7);
gdImageString(im,gdFontMediumBold, x+1, y+1, buffer, black);
gdImageString(im,gdFontMediumBold, x, y, buffer, white);

33
www/webalizer/patches/patch-linklist_c Normal file
View File

@ -0,0 +1,33 @@
$OpenBSD: patch-linklist_c,v 1.1 2002/04/17 16:17:45 danh Exp $
--- linklist.c.orig Wed Apr 17 11:15:16 2002
+++ linklist.c Wed Apr 17 11:18:20 2002
@@ -118,7 +118,7 @@ NLISTPTR new_nlist(char *str)
fprintf(stderr,"[new_nlist] %s\n",msg_big_one);
}
if (( newptr = malloc(sizeof(struct nlist))) != NULL)
- {strncpy(newptr->string, str, sizeof(newptr->string));newptr->next=NULL;}
+ {strlcpy(newptr->string, str, sizeof(newptr->string));newptr->next=NULL;}
return newptr;
}
@@ -176,8 +176,8 @@ GLISTPTR new_glist(char *str, char *name
}
if (( newptr = malloc(sizeof(struct glist))) != NULL)
{
- strncpy(newptr->string, str, sizeof(newptr->string));
- strncpy(newptr->name, name, sizeof(newptr->name));
+ strlcpy(newptr->string, str, sizeof(newptr->string));
+ strlcpy(newptr->name, name, sizeof(newptr->name));
newptr->next=NULL;
}
return newptr;
@@ -194,8 +194,7 @@ int add_glist(char *str, GLISTPTR *list)
char *name=temp_buf;
/* make local copy of string */
- strncpy(temp_buf,str,79);
- temp_buf[79]=0;
+ strlcpy(temp_buf,str,sizeof temp_buf);
while (!isspace((int)*name)&&*name!=0) name++;
if (*name==0) name=temp_buf;

213
www/webalizer/patches/patch-output_c Normal file
View File

@ -0,0 +1,213 @@
$OpenBSD: patch-output_c,v 1.1 2002/04/17 16:17:45 danh Exp $
--- output.c.orig Wed Apr 17 11:19:13 2002
+++ output.c Wed Apr 17 11:24:20 2002
@@ -295,14 +295,14 @@ int write_month_html()
hist_lday[i] = l_day;
/* fill in filenames */
- sprintf(html_fname,"usage_%04d%02d.%s",cur_year,cur_month,html_ext);
- sprintf(png1_fname,"daily_usage_%04d%02d.png",cur_year,cur_month);
- sprintf(png2_fname,"hourly_usage_%04d%02d.png",cur_year,cur_month);
+ snprintf(html_fname,sizeof html_fname,"usage_%04d%02d.%s",cur_year,cur_month,html_ext);
+ snprintf(png1_fname,sizeof png1_fname,"daily_usage_%04d%02d.png",cur_year,cur_month);
+ snprintf(png2_fname,sizeof png2_fname,"hourly_usage_%04d%02d.png",cur_year,cur_month);
/* create PNG images for web page */
if (daily_graph)
{
- sprintf(dtitle,"%s %s %d",msg_hmth_du,l_month[cur_month-1],cur_year);
+ snprintf(dtitle,sizeof dtitle,"%s %s %d",msg_hmth_du,l_month[cur_month-1],cur_year);
month_graph6 ( png1_fname, /* filename */
dtitle, /* graph title */
cur_month, /* graph month */
@@ -317,7 +317,7 @@ int write_month_html()
if (hourly_graph)
{
- sprintf(htitle,"%s %s %d",msg_hmth_hu,l_month[cur_month-1],cur_year);
+ snprintf(htitle,sizeof htitle,"%s %s %d",msg_hmth_hu,l_month[cur_month-1],cur_year);
day_graph3( png2_fname,
htitle,
th_hit,
@@ -329,7 +329,7 @@ int write_month_html()
/* first, open the file */
if ( (out_fp=open_out_file(html_fname))==NULL ) return 1;
- sprintf(buffer,"%s %d",l_month[cur_month-1],cur_year);
+ snprintf(buffer,sizeof buffer,"%s %d",l_month[cur_month-1],cur_year);
write_html_head(buffer, out_fp);
month_links();
month_total_table();
@@ -938,12 +938,12 @@ int all_sites_page(u_long h_reg, u_long
int i=(h_grp)?1:0;
/* generate file name */
- sprintf(site_fname,"site_%04d%02d.%s",cur_year,cur_month,html_ext);
+ snprintf(site_fname,sizeof site_fname,"site_%04d%02d.%s",cur_year,cur_month,html_ext);
/* open file */
if ( (out_fp=open_out_file(site_fname))==NULL ) return 0;
- sprintf(buffer,"%s %d - %s",l_month[cur_month-1],cur_year,msg_h_sites);
+ snprintf(buffer,sizeof buffer,"%s %d - %s",l_month[cur_month-1],cur_year,msg_h_sites);
write_html_head(buffer, out_fp);
fprintf(out_fp,"<FONT SIZE=\"-1\"></CENTER><PRE>\n");
@@ -1143,12 +1143,12 @@ int all_urls_page(u_long u_reg, u_long u
int i=(u_grp)?1:0;
/* generate file name */
- sprintf(url_fname,"url_%04d%02d.%s",cur_year,cur_month,html_ext);
+ snprintf(url_fname,sizeof url_fname,"url_%04d%02d.%s",cur_year,cur_month,html_ext);
/* open file */
if ( (out_fp=open_out_file(url_fname))==NULL ) return 0;
- sprintf(buffer,"%s %d - %s",l_month[cur_month-1],cur_year,msg_h_url);
+ snprintf(buffer,sizeof buffer,"%s %d - %s",l_month[cur_month-1],cur_year,msg_h_url);
write_html_head(buffer, out_fp);
fprintf(out_fp,"<FONT SIZE=\"-1\"></CENTER><PRE>\n");
@@ -1414,12 +1414,12 @@ int all_refs_page(u_long r_reg, u_long r
int i=(r_grp)?1:0;
/* generate file name */
- sprintf(ref_fname,"ref_%04d%02d.%s",cur_year,cur_month,html_ext);
+ snprintf(ref_fname,sizeof ref_fname,"ref_%04d%02d.%s",cur_year,cur_month,html_ext);
/* open file */
if ( (out_fp=open_out_file(ref_fname))==NULL ) return 0;
- sprintf(buffer,"%s %d - %s",l_month[cur_month-1],cur_year,msg_h_ref);
+ snprintf(buffer,sizeof buffer,"%s %d - %s",l_month[cur_month-1],cur_year,msg_h_ref);
write_html_head(buffer, out_fp);
fprintf(out_fp,"<FONT SIZE=\"-1\"></CENTER><PRE>\n");
@@ -1566,12 +1566,12 @@ int all_agents_page(u_long a_reg, u_long
int i=(a_grp)?1:0;
/* generate file name */
- sprintf(agent_fname,"agent_%04d%02d.%s",cur_year,cur_month,html_ext);
+ snprintf(agent_fname,sizeof agent_fname,"agent_%04d%02d.%s",cur_year,cur_month,html_ext);
/* open file */
if ( (out_fp=open_out_file(agent_fname))==NULL ) return 0;
- sprintf(buffer,"%s %d - %s",l_month[cur_month-1],cur_year,msg_h_agent);
+ snprintf(buffer,sizeof buffer,"%s %d - %s",l_month[cur_month-1],cur_year,msg_h_agent);
write_html_head(buffer, out_fp);
fprintf(out_fp,"<FONT SIZE=\"-1\"></CENTER><PRE>\n");
@@ -1700,12 +1700,12 @@ int all_search_page(u_long tot_num, u_lo
if (!tot_num) return 0;
/* generate file name */
- sprintf(search_fname,"search_%04d%02d.%s",cur_year,cur_month,html_ext);
+ snprintf(search_fname,sizeof search_fname,"search_%04d%02d.%s",cur_year,cur_month,html_ext);
/* open file */
if ( (out_fp=open_out_file(search_fname))==NULL ) return 0;
- sprintf(buffer,"%s %d - %s",l_month[cur_month-1],cur_year,msg_h_search);
+ snprintf(buffer,sizeof buffer,"%s %d - %s",l_month[cur_month-1],cur_year,msg_h_search);
write_html_head(buffer, out_fp);
fprintf(out_fp,"<FONT SIZE=\"-1\"></CENTER><PRE>\n");
@@ -1843,12 +1843,12 @@ int all_users_page(u_long i_reg, u_long
int i=(i_grp)?1:0;
/* generate file name */
- sprintf(user_fname,"user_%04d%02d.%s",cur_year,cur_month,html_ext);
+ snprintf(user_fname,sizeof user_fname,"user_%04d%02d.%s",cur_year,cur_month,html_ext);
/* open file */
if ( (out_fp=open_out_file(user_fname))==NULL ) return 0;
- sprintf(buffer,"%s %d - %s",l_month[cur_month-1],cur_year,msg_h_uname);
+ snprintf(buffer,sizeof buffer,"%s %d - %s",l_month[cur_month-1],cur_year,msg_h_uname);
write_html_head(buffer, out_fp);
fprintf(out_fp,"<FONT SIZE=\"-1\"></CENTER><PRE>\n");
@@ -1998,8 +1998,8 @@ void top_ctry_table()
pie_data[i]=top_ctrys[i]->count; /* load the array */
pie_legend[i]=top_ctrys[i]->desc;
}
- sprintf(pie_title,"%s %s %d",msg_ctry_use,l_month[cur_month-1],cur_year);
- sprintf(pie_fname,"ctry_usage_%04d%02d.png",cur_year,cur_month);
+ snprintf(pie_title,sizeof pie_title,"%s %s %d",msg_ctry_use,l_month[cur_month-1],cur_year);
+ snprintf(pie_fname,sizeof pie_fname,"ctry_usage_%04d%02d.png",cur_year,cur_month);
pie_chart(pie_fname,pie_title,t_hit,pie_data,pie_legend); /* do it */
@@ -2063,7 +2063,7 @@ void dump_all_sites()
u_long cnt=a_ctr;
/* generate file name */
- sprintf(filename,"%s/site_%04d%02d.%s",
+ snprintf(filename,sizeof filename,"%s/site_%04d%02d.%s",
(dump_path)?dump_path:".",cur_year,cur_month,dump_ext);
/* open file */
@@ -2106,7 +2106,7 @@ void dump_all_urls()
u_long cnt=a_ctr;
/* generate file name */
- sprintf(filename,"%s/url_%04d%02d.%s",
+ snprintf(filename,sizeof filename,"%s/url_%04d%02d.%s",
(dump_path)?dump_path:".",cur_year,cur_month,dump_ext);
/* open file */
@@ -2146,7 +2146,7 @@ void dump_all_refs()
u_long cnt=a_ctr;
/* generate file name */
- sprintf(filename,"%s/ref_%04d%02d.%s",
+ snprintf(filename,sizeof filename,"%s/ref_%04d%02d.%s",
(dump_path)?dump_path:".",cur_year,cur_month,dump_ext);
/* open file */
@@ -2185,7 +2185,7 @@ void dump_all_agents()
u_char cnt=a_ctr;
/* generate file name */
- sprintf(filename,"%s/agent_%04d%02d.%s",
+ snprintf(filename,sizeof filename,"%s/agent_%04d%02d.%s",
(dump_path)?dump_path:".",cur_year,cur_month,dump_ext);
/* open file */
@@ -2224,7 +2224,7 @@ void dump_all_users()
u_long cnt=a_ctr;
/* generate file name */
- sprintf(filename,"%s/user_%04d%02d.%s",
+ snprintf(filename,sizeof filename,"%s/user_%04d%02d.%s",
(dump_path)?dump_path:".",cur_year,cur_month,dump_ext);
/* open file */
@@ -2267,7 +2267,7 @@ void dump_all_search()
u_char cnt=a_ctr;
/* generate file name */
- sprintf(filename,"%s/search_%04d%02d.%s",
+ snprintf(filename,sizeof filename,"%s/search_%04d%02d.%s",
(dump_path)?dump_path:".",cur_year,cur_month,dump_ext);
/* open file */
@@ -2312,7 +2312,7 @@ int write_main_index()
if (verbose>1) printf("%s\n",msg_gen_sum);
- sprintf(buffer,"%s %s",msg_main_us,hname);
+ snprintf(buffer,sizeof buffer,"%s %s",msg_main_us,hname);
for (i=0;i<12;i++) /* get last month in history */
{
@@ -2338,7 +2338,7 @@ int write_main_index()
hist_visit); /* data set 6 */
/* now do html stuff... */
- sprintf(index_fname,"index.%s",html_ext);
+ snprintf(index_fname,sizeof index_fname,"index.%s",html_ext);
if ( (out_fp=fopen(index_fname,"w")) == NULL)
{

23
www/webalizer/patches/patch-parser_c Normal file
View File

@ -0,0 +1,23 @@
$OpenBSD: patch-parser_c,v 1.1 2002/04/17 16:17:45 danh Exp $
--- parser.c.orig Wed Apr 17 11:26:51 2002
+++ parser.c Wed Apr 17 11:33:35 2002
@@ -162,7 +162,7 @@ int parse_record_ftp(char *buffer)
if (i<1 || i>31) return 0;
/* format date/time field */
- sprintf(log_rec.datetime,"[%02d/%s/%4d:%s -0000]",i,cpx,j,cpy);
+ snprintf(log_rec.datetime,sizeof log_rec.datetime,"[%02d/%s/%4d:%s -0000]",i,cpx,j,cpy);
/* skip seconds... */
while (*cp1!=0 && cp1<eob) cp1++;
@@ -196,8 +196,8 @@ int parse_record_ftp(char *buffer)
while (*cp1==0) cp1++;
/* fabricate an appropriate request string based on direction */
- if (*cp1=='i') sprintf(log_rec.url,"\"POST %s HTTP/1.0\"",cpx);
- else sprintf(log_rec.url,"\"GET %s HTTP/1.0\"",cpx);
+ if (*cp1=='i') snprintf(log_rec.url,sizeof log_rec.url,"\"POST %s HTTP/1.0\"",cpx);
+ else snprintf(log_rec.url,sizeof log_rec.url,"\"GET %s HTTP/1.0\"",cpx);
if (cp1<eob) cp1++;
if (cp1<eob) cp1++;

208
www/webalizer/patches/patch-preserve_c Normal file
View File

@ -0,0 +1,208 @@
$OpenBSD: patch-preserve_c,v 1.1 2002/04/17 16:17:45 danh Exp $
--- preserve.c.orig Wed Apr 17 11:52:17 2002
+++ preserve.c Wed Apr 17 11:58:14 2002
@@ -196,38 +196,38 @@ int save_state()
/* Saving current run data... */
if (verbose>1)
{
- sprintf(buffer,"%02d/%02d/%04d %02d:%02d:%02d",
+ snprintf(buffer,sizeof buffer,"%02d/%02d/%04d %02d:%02d:%02d",
cur_month,cur_day,cur_year,cur_hour,cur_min,cur_sec);
printf("%s [%s]\n",msg_put_data,buffer);
}
/* first, save the easy stuff */
/* Header record */
- sprintf(buffer,
+ snprintf(buffer,sizeof buffer,
"# Webalizer V%s-%s Incremental Data - %02d/%02d/%04d %02d:%02d:%02d\n",
version,editlvl,cur_month,cur_day,cur_year,cur_hour,cur_min,cur_sec);
if (fputs(buffer,fp)==EOF) return 1; /* error exit */
/* Current date/time */
- sprintf(buffer,"%d %d %d %d %d %d\n",
+ snprintf(buffer,sizeof buffer,"%d %d %d %d %d %d\n",
cur_year, cur_month, cur_day, cur_hour, cur_min, cur_sec);
if (fputs(buffer,fp)==EOF) return 1; /* error exit */
/* Monthly totals for sites, urls, etc... */
- sprintf(buffer,"%lu %lu %lu %lu %lu %lu %.0f %lu %lu %lu\n",
+ snprintf(buffer,sizeof buffer,"%lu %lu %lu %lu %lu %lu %.0f %lu %lu %lu\n",
t_hit, t_file, t_site, t_url,
t_ref, t_agent, t_xfer, t_page, t_visit, t_user);
if (fputs(buffer,fp)==EOF) return 1; /* error exit */
/* Daily totals for sites, urls, etc... */
- sprintf(buffer,"%lu %lu %lu %d %d\n",
+ snprintf(buffer,sizeof buffer,"%lu %lu %lu %d %d\n",
dt_site, ht_hit, mh_hit, f_day, l_day);
if (fputs(buffer,fp)==EOF) return 1; /* error exit */
/* Monthly (by day) total array */
for (i=0;i<31;i++)
{
- sprintf(buffer,"%lu %lu %.0f %lu %lu %lu\n",
+ snprintf(buffer,sizeof buffer,"%lu %lu %.0f %lu %lu %lu\n",
tm_hit[i],tm_file[i],tm_xfer[i],tm_site[i],tm_page[i],tm_visit[i]);
if (fputs(buffer,fp)==EOF) return 1; /* error exit */
}
@@ -235,7 +235,7 @@ int save_state()
/* Daily (by hour) total array */
for (i=0;i<24;i++)
{
- sprintf(buffer,"%lu %lu %.0f %lu\n",
+ snprintf(buffer,sizeof buffer,"%lu %lu %.0f %lu\n",
th_hit[i],th_file[i],th_xfer[i],th_page[i]);
if (fputs(buffer,fp)==EOF) return 1; /* error exit */
}
@@ -243,7 +243,7 @@ int save_state()
/* Response codes */
for (i=0;i<TOTAL_RC;i++)
{
- sprintf(buffer,"%lu\n",response[i].count);
+ snprintf(buffer,sizeof buffer,"%lu\n",response[i].count);
if (fputs(buffer,fp)==EOF) return 1; /* error exit */
}
@@ -255,7 +255,7 @@ int save_state()
uptr=um_htab[i];
while (uptr!=NULL)
{
- sprintf(buffer,"%s\n%d %lu %lu %.0f %lu %lu\n", uptr->string,
+ snprintf(buffer,sizeof buffer,"%s\n%d %lu %lu %.0f %lu %lu\n", uptr->string,
uptr->flag, uptr->count, uptr->files, uptr->xfer,
uptr->entry, uptr->exit);
if (fputs(buffer,fp)==EOF) return 1;
@@ -272,7 +272,7 @@ int save_state()
hptr=sm_htab[i];
while (hptr!=NULL)
{
- sprintf(buffer,"%s\n%d %lu %lu %.0f %lu %lu\n%s\n",
+ snprintf(buffer,sizeof buffer,"%s\n%d %lu %lu %.0f %lu %lu\n%s\n",
hptr->string,
hptr->flag,
hptr->count,
@@ -294,7 +294,7 @@ int save_state()
hptr=sd_htab[i];
while (hptr!=NULL)
{
- sprintf(buffer,"%s\n%d %lu %lu %.0f %lu %lu\n%s\n",
+ snprintf(buffer,sizeof buffer,"%s\n%d %lu %lu %.0f %lu %lu\n%s\n",
hptr->string,
hptr->flag,
hptr->count,
@@ -318,7 +318,7 @@ int save_state()
rptr=rm_htab[i];
while (rptr!=NULL)
{
- sprintf(buffer,"%s\n%d %lu\n", rptr->string,
+ snprintf(buffer,sizeof buffer,"%s\n%d %lu\n", rptr->string,
rptr->flag, rptr->count);
if (fputs(buffer,fp)==EOF) return 1; /* error exit */
rptr=rptr->next;
@@ -336,7 +336,7 @@ int save_state()
aptr=am_htab[i];
while (aptr!=NULL)
{
- sprintf(buffer,"%s\n%d %lu\n", aptr->string,
+ snprintf(buffer,sizeof buffer,"%s\n%d %lu\n", aptr->string,
aptr->flag, aptr->count);
if (fputs(buffer,fp)==EOF) return 1; /* error exit */
aptr=aptr->next;
@@ -352,7 +352,7 @@ int save_state()
sptr=sr_htab[i];
while (sptr!=NULL)
{
- sprintf(buffer,"%s\n%lu\n", sptr->string,sptr->count);
+ snprintf(buffer,sizeof buffer,"%s\n%lu\n", sptr->string,sptr->count);
if (fputs(buffer,fp)==EOF) return 1; /* error exit */
sptr=sptr->next;
}
@@ -367,7 +367,7 @@ int save_state()
iptr=im_htab[i];
while (iptr!=NULL)
{
- sprintf(buffer,"%s\n%d %lu %lu %.0f %lu %lu\n",
+ snprintf(buffer,sizeof buffer,"%s\n%d %lu %lu %.0f %lu %lu\n",
iptr->string,
iptr->flag,
iptr->count,
@@ -417,7 +417,7 @@ int restore_state()
if (verbose>1) printf("%s %s\n",msg_get_data,state_fname);
/* get easy stuff */
- sprintf(tmp_buf,"# Webalizer V%s ",version);
+ snprintf(tmp_buf,sizeof tmp_buf,"# Webalizer V%s ",version);
if ((fgets(buffer,BUFSIZE,fp)) != NULL) /* Header record */
{if (strncmp(buffer,tmp_buf,17)) return 99;} /* bad magic? */
else return 1; /* error exit */
@@ -493,8 +493,7 @@ int restore_state()
while ((fgets(buffer,BUFSIZE,fp)) != NULL)
{
if (!strncmp(buffer,"# End Of Table ",15)) break;
- strncpy(tmp_buf,buffer,MAXURLH);
- tmp_buf[strlen(tmp_buf)-1]=0;
+ strlcpy(tmp_buf,buffer,sizeof tmp_buf);
if ((fgets(buffer,BUFSIZE,fp)) == NULL) return 10; /* error exit */
if (!isdigit((int)buffer[0])) return 10; /* error exit */
@@ -524,8 +523,7 @@ int restore_state()
{
/* Check for end of table */
if (!strncmp(buffer,"# End Of Table ",15)) break;
- strncpy(tmp_buf,buffer,MAXHOST);
- tmp_buf[strlen(buffer)-1]=0;
+ strlcpy(tmp_buf,buffer,sizeof tmp_buf);
if ((fgets(buffer,BUFSIZE,fp)) == NULL) return 8; /* error exit */
if (!isdigit((int)buffer[0])) return 8; /* error exit */
@@ -564,8 +562,7 @@ int restore_state()
{
/* Check for end of table */
if (!strncmp(buffer,"# End Of Table ",15)) break;
- strncpy(tmp_buf,buffer,MAXHOST);
- tmp_buf[strlen(buffer)-1]=0;
+ strlcpy(tmp_buf,buffer,sizeof tmp_buf);
if ((fgets(buffer,BUFSIZE,fp)) == NULL) return 9; /* error exit */
if (!isdigit((int)buffer[0])) return 9; /* error exit */
@@ -603,8 +600,7 @@ int restore_state()
while ((fgets(buffer,BUFSIZE,fp)) != NULL)
{
if (!strncmp(buffer,"# End Of Table ",15)) break;
- strncpy(tmp_buf,buffer,MAXREFH);
- tmp_buf[strlen(buffer)-1]=0;
+ strlcpy(tmp_buf,buffer,sizeof tmp_buf);
if ((fgets(buffer,BUFSIZE,fp)) == NULL) return 11; /* error exit */
if (!isdigit((int)buffer[0])) return 11; /* error exit */
@@ -628,8 +624,7 @@ int restore_state()
while ((fgets(buffer,BUFSIZE,fp)) != NULL)
{
if (!strncmp(buffer,"# End Of Table ",15)) break;
- strncpy(tmp_buf,buffer,MAXAGENT);
- tmp_buf[strlen(buffer)-1]=0;
+ strlcpy(tmp_buf,buffer,sizeof tmp_buf);
if ((fgets(buffer,BUFSIZE,fp)) == NULL) return 12; /* error exit */
if (!isdigit((int)buffer[0])) return 12; /* error exit */
@@ -653,8 +648,7 @@ int restore_state()
while ((fgets(buffer,BUFSIZE,fp)) != NULL)
{
if (!strncmp(buffer,"# End Of Table ",15)) break;
- strncpy(tmp_buf,buffer,MAXSRCH);
- tmp_buf[strlen(buffer)-1]=0;
+ strlcpy(tmp_buf,buffer,sizeof tmp_buf);
if ((fgets(buffer,BUFSIZE,fp)) == NULL) return 13; /* error exit */
if (!isdigit((int)buffer[0])) return 13; /* error exit */
@@ -678,8 +672,7 @@ int restore_state()
{
/* Check for end of table */
if (!strncmp(buffer,"# End Of Table ",15)) break;
- strncpy(tmp_buf,buffer,MAXIDENT);
- tmp_buf[strlen(buffer)-1]=0;
+ strncpy(tmp_buf,buffer,sizeof tmp_buf);
if ((fgets(buffer,BUFSIZE,fp)) == NULL) return 14; /* error exit */
if (!isdigit((int)buffer[0])) return 14; /* error exit */

15
www/webalizer/patches/patch-sample_conf
View File

@ -1,6 +1,6 @@
$OpenBSD: patch-sample_conf,v 1.1 2000/11/20 00:46:32 danh Exp $
--- sample.conf.orig Sun Nov 19 19:32:10 2000
+++ sample.conf Sun Nov 19 19:33:39 2000
$OpenBSD: patch-sample_conf,v 1.2 2002/04/17 16:17:45 danh Exp $
--- sample.conf.orig Wed Apr 17 11:41:44 2002
+++ sample.conf Wed Apr 17 11:42:47 2002
@@ -25,7 +25,7 @@
# the log filename ends in '.gz' (ie: a gzip compressed file), it will
# be decompressed on the fly as it is being read.
@ -19,3 +19,12 @@ $OpenBSD: patch-sample_conf,v 1.1 2000/11/20 00:46:32 danh Exp $
# HistoryName allows you to specify the name of the history file produced
# by the Webalizer. The history file keeps the data for up to 12 months
@@ -540,7 +540,7 @@ SearchEngine northernlight.com qr=
# it will default to the current output directory. Do not use a
# trailing slash ('/').
-#DumpPath /var/lib/httpd/logs
+#DumpPath /var/www/logs
# The DumpHeader keyword specifies if a header record should be
# written to the file. A header record is the first record of the

48
www/webalizer/patches/patch-webalizer_c Normal file
View File

@ -0,0 +1,48 @@
$OpenBSD: patch-webalizer_c,v 1.3 2002/04/17 16:17:45 danh Exp $
--- webalizer.c.orig Wed Apr 17 11:59:59 2002
+++ webalizer.c Wed Apr 17 12:05:26 2002
@@ -263,7 +263,7 @@ int main(int argc, char *argv[])
/* add default index. alias */
add_nlist("index.",&index_alias);
- sprintf(tmp_buf,"%s/webalizer.conf",ETCDIR);
+ snprintf(tmp_buf,sizeof tmp_buf,"%s/webalizer.conf",ETCDIR);
/* check for default config file */
if (!access("webalizer.conf",F_OK))
get_config("webalizer.conf");
@@ -560,7 +560,7 @@ int main(int argc, char *argv[])
}
/* got a record... */
- strcpy(tmp_buf, buffer); /* save buffer in case of error */
+ strlcpy(tmp_buf, buffer, sizeof tmp_buf); /* save buffer in case of error */
if (parse_record(buffer)) /* parse the record */
{
/*********************************************/
@@ -750,7 +750,7 @@ int main(int argc, char *argv[])
if (!isurlchar(*cp1))
{
/* Save query portion in log.rec.srchstr */
- strncpy(log_rec.srchstr,cp1,MAXSRCH);
+ strlcpy(log_rec.srchstr,cp1,sizeof log_rec.srchstr);
*cp1++='\0';
break;
}
@@ -1007,7 +1007,7 @@ int main(int argc, char *argv[])
/* Catch blank hostnames here */
if (log_rec.hostname[0]=='\0')
- strncpy(log_rec.hostname,"Unknown",8);
+ strlcpy(log_rec.hostname,"Unknown",sizeof log_rec.hostname);
/* Ignore/Include check */
if ( (isinlist(include_sites,log_rec.hostname)==NULL) &&
@@ -1809,7 +1809,7 @@ void srch_string(char *ptr)
if ( (cps=isinglist(search_list,log_rec.refer))==NULL) return;
/* Try to find query variable */
- srch[0]='?'; strcpy(&srch[1],cps); /* First, try "?..." */
+ srch[0]='?'; strlcpy(&srch[1],cps,(sizeof srch) - 1); /* First, try "?..." */
if ((cp1=strstr(ptr,srch))==NULL)
{
srch[0]='&'; /* Next, try "&..." */