=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/mandoc/cgi.c,v retrieving revision 1.47 retrieving revision 1.48 diff -c -r1.47 -r1.48 *** src/usr.bin/mandoc/cgi.c 2015/04/18 16:34:03 1.47 --- src/usr.bin/mandoc/cgi.c 2015/10/06 18:30:43 1.48 *************** *** 1,4 **** ! /* $OpenBSD: cgi.c,v 1.47 2015/04/18 16:34:03 schwarze Exp $ */ /* * Copyright (c) 2011, 2012 Kristaps Dzonsons * Copyright (c) 2014, 2015 Ingo Schwarze --- 1,4 ---- ! /* $OpenBSD: cgi.c,v 1.48 2015/10/06 18:30:43 schwarze Exp $ */ /* * Copyright (c) 2011, 2012 Kristaps Dzonsons * Copyright (c) 2014, 2015 Ingo Schwarze *************** *** 330,342 **** for ( ; '\0' != *p; p++, q++) { if ('%' == *p) { if ('\0' == (hex[0] = *(p + 1))) ! return(0); if ('\0' == (hex[1] = *(p + 2))) ! return(0); if (1 != sscanf(hex, "%x", &c)) ! return(0); if ('\0' == c) ! return(0); *q = (char)c; p += 2; --- 330,342 ---- for ( ; '\0' != *p; p++, q++) { if ('%' == *p) { if ('\0' == (hex[0] = *(p + 1))) ! return 0; if ('\0' == (hex[1] = *(p + 2))) ! return 0; if (1 != sscanf(hex, "%x", &c)) ! return 0; if ('\0' == c) ! return 0; *q = (char)c; p += 2; *************** *** 345,351 **** } *q = '\0'; ! return(1); } static void --- 345,351 ---- } *q = '\0'; ! return 1; } static void *************** *** 497,506 **** if ( ! (isalnum((unsigned char)*frag) || '-' == *frag || '.' == *frag || '/' == *frag || '_' == *frag)) ! return(0); frag++; } ! return(1); } static int --- 497,506 ---- if ( ! (isalnum((unsigned char)*frag) || '-' == *frag || '.' == *frag || '/' == *frag || '_' == *frag)) ! return 0; frag++; } ! return 1; } static int *************** *** 509,521 **** size_t i; if ( ! strcmp(manpath, "mandoc")) ! return(1); for (i = 0; i < req->psz; i++) if ( ! strcmp(manpath, req->p[i])) ! return(1); ! return(0); } static int --- 509,521 ---- size_t i; if ( ! strcmp(manpath, "mandoc")) ! return 1; for (i = 0; i < req->psz; i++) if ( ! strcmp(manpath, req->p[i])) ! return 1; ! return 0; } static int *************** *** 525,532 **** if ('.' == file[0] && '/' == file[1]) file += 2; ! return ( ! (strstr(file, "../") || strstr(file, "/..") || ! (strncmp(file, "man", 3) && strncmp(file, "cat", 3)))); } static void --- 525,532 ---- if ('.' == file[0] && '/' == file[1]) file += 2; ! return ! (strstr(file, "../") || strstr(file, "/..") || ! (strncmp(file, "man", 3) && strncmp(file, "cat", 3))); } static void *************** *** 1029,1035 **** if (setitimer(ITIMER_VIRTUAL, &itimer, NULL) == -1) { fprintf(stderr, "setitimer: %s\n", strerror(errno)); pg_error_internal(); ! return(EXIT_FAILURE); } /* Scan our run-time environment. */ --- 1029,1035 ---- if (setitimer(ITIMER_VIRTUAL, &itimer, NULL) == -1) { fprintf(stderr, "setitimer: %s\n", strerror(errno)); pg_error_internal(); ! return EXIT_FAILURE; } /* Scan our run-time environment. */ *************** *** 1041,1047 **** fprintf(stderr, "unsafe SCRIPT_NAME \"%s\"\n", scriptname); pg_error_internal(); ! return(EXIT_FAILURE); } /* --- 1041,1047 ---- fprintf(stderr, "unsafe SCRIPT_NAME \"%s\"\n", scriptname); pg_error_internal(); ! return EXIT_FAILURE; } /* *************** *** 1054,1060 **** fprintf(stderr, "MAN_DIR: %s: %s\n", MAN_DIR, strerror(errno)); pg_error_internal(); ! return(EXIT_FAILURE); } memset(&req, 0, sizeof(struct req)); --- 1054,1060 ---- fprintf(stderr, "MAN_DIR: %s: %s\n", MAN_DIR, strerror(errno)); pg_error_internal(); ! return EXIT_FAILURE; } memset(&req, 0, sizeof(struct req)); *************** *** 1070,1082 **** else if ( ! validate_manpath(&req, req.q.manpath)) { pg_error_badrequest( "You specified an invalid manpath."); ! return(EXIT_FAILURE); } if ( ! (NULL == req.q.arch || validate_urifrag(req.q.arch))) { pg_error_badrequest( "You specified an invalid architecture."); ! return(EXIT_FAILURE); } /* Dispatch to the three different pages. */ --- 1070,1082 ---- else if ( ! validate_manpath(&req, req.q.manpath)) { pg_error_badrequest( "You specified an invalid manpath."); ! return EXIT_FAILURE; } if ( ! (NULL == req.q.arch || validate_urifrag(req.q.arch))) { pg_error_badrequest( "You specified an invalid architecture."); ! return EXIT_FAILURE; } /* Dispatch to the three different pages. */ *************** *** 1101,1107 **** for (i = 0; i < (int)req.psz; i++) free(req.p[i]); free(req.p); ! return(EXIT_SUCCESS); } /* --- 1101,1107 ---- for (i = 0; i < (int)req.psz; i++) free(req.p[i]); free(req.p); ! return EXIT_SUCCESS; } /*