rms/httrack
1
0
Fork 0
mirror of https://github.com/xroche/httrack.git synced 2026-06-15 06:43:34 +03:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: rms:cleanup/infostatuscode-const
Branches Tags
rms:master rms:ci/hardening-sanitize-nossl-distcheck rms:ci/bump-checkout-v5 rms:ci/mkdeb-single-test rms:ci/macos-i386 rms:ci/deb-faster rms:feature/appstream-metainfo rms:fix/webhttrack-browser-deps rms:ci/deb-package rms:build/regen-autotools rms:cleanup/htsback-bounds rms:cleanup/ethical-notice-wording rms:build/noexec-out-of-tree rms:cleanup/copyright-spdx rms:tests/cache-selftest rms:cleanup/cache-rstr-s1 rms:test/cache-update rms:cleanup/htscache-bounds rms:cleanup/htsbauth-bounds rms:cleanup/htswizard-bounds rms:docs/governance rms:cleanup/htsalias-bounds rms:cleanup/infostatuscode-const rms:cleanup/url_savename-htsbuff rms:cleanup/git-format-hook rms:cleanup/clang-format-setup rms:cleanup/htsbuff-builder rms:cleanup/htssafe-pointer-diagnostics rms:cli/header-ua-length-152 rms:parser/lock-background-image-237 rms:parser/srcset-candidates rms:docs/rfc2606-example-domains rms:test/filter-escape-characterize rms:fix/doc-lang-nits rms:test/expand-engine-coverage rms:fix/mutex-init-race-297 rms:fix/footer-xss-165 rms:fix/lockpath-overflow-183 rms:fix/lintian-cleanup rms:chore/changelog-news-symlink rms:docs/readme-badges rms:ci/github-actions rms:feat/license-gpl3-simplify rms:chore/debhelper-compat-13 rms:chore/standards-version-4.7.0 rms:feat/in-tree-mkdeb rms:feat/manpage-generator rms:fix/openssl4-tls-init rms:fix/multiarch-config-h-coinstall rms:staging rms:wiki rms:3.48 rms:3.47
rms:3.49.7 rms:3.49.6 rms:3.49.5 rms:3.49.4 rms:3.49.3 rms:3.48.21 rms:3.48.20 rms:3.48.19 rms:3.48.18 rms:3.48.17 rms:3.48.16 rms:3.48.13 rms:3.48.12 rms:3.48.11 rms:3.48.9 rms:3.48.10 rms:3.48.8 rms:3.48.7 rms:3.48.3 rms:3.48.6
..
compare: rms:cleanup/htsalias-bounds
Branches Tags
rms:ci/hardening-sanitize-nossl-distcheck rms:master rms:ci/bump-checkout-v5 rms:ci/mkdeb-single-test rms:ci/macos-i386 rms:ci/deb-faster rms:feature/appstream-metainfo rms:fix/webhttrack-browser-deps rms:ci/deb-package rms:build/regen-autotools rms:cleanup/htsback-bounds rms:cleanup/ethical-notice-wording rms:build/noexec-out-of-tree rms:cleanup/copyright-spdx rms:tests/cache-selftest rms:cleanup/cache-rstr-s1 rms:test/cache-update rms:cleanup/htscache-bounds rms:cleanup/htsbauth-bounds rms:cleanup/htswizard-bounds rms:docs/governance rms:cleanup/htsalias-bounds rms:cleanup/infostatuscode-const rms:cleanup/url_savename-htsbuff rms:cleanup/git-format-hook rms:cleanup/clang-format-setup rms:cleanup/htsbuff-builder rms:cleanup/htssafe-pointer-diagnostics rms:cli/header-ua-length-152 rms:parser/lock-background-image-237 rms:parser/srcset-candidates rms:docs/rfc2606-example-domains rms:test/filter-escape-characterize rms:fix/doc-lang-nits rms:test/expand-engine-coverage rms:fix/mutex-init-race-297 rms:fix/footer-xss-165 rms:fix/lockpath-overflow-183 rms:fix/lintian-cleanup rms:chore/changelog-news-symlink rms:docs/readme-badges rms:ci/github-actions rms:feat/license-gpl3-simplify rms:chore/debhelper-compat-13 rms:chore/standards-version-4.7.0 rms:feat/in-tree-mkdeb rms:feat/manpage-generator rms:fix/openssl4-tls-init rms:fix/multiarch-config-h-coinstall rms:staging rms:wiki rms:3.48 rms:3.47
rms:3.49.7 rms:3.49.6 rms:3.49.5 rms:3.49.4 rms:3.49.3 rms:3.48.21 rms:3.48.20 rms:3.48.19 rms:3.48.18 rms:3.48.17 rms:3.48.16 rms:3.48.13 rms:3.48.12 rms:3.48.11 rms:3.48.9 rms:3.48.10 rms:3.48.8 rms:3.48.7 rms:3.48.3 rms:3.48.6

2 Commits
cleanup/in ... cleanup/ht

Author SHA1 Message Date
Xavier Roche
edd52bf3be Bound optalias_check's output buffers (thread their sizes) 
optalias_check() wrote into caller-provided char* buffers with unchecked ops:
the param0 case did strcpybuff/strcatbuff of command+param into return_argv[0],
which can exceed the buffer, and the syntax-error paths sprintf()'d an option
name into return_error -- which is only 256 bytes in the config-file caller, so
a long option overflows it. Both are the overflow the audit flagged.

Thread return_argv_size and return_error_size through the (internal,
non-exported) signature; copy with strlcpybuff/strlcatbuff and format with
snprintf, so an over-long value aborts/truncates instead of overrunning. Update
both callers to pass their real sizes.

Leaves the shared cmdl_ins macro (the cmdl_* family wants its block size
threaded too -- a separate cleanup).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-14 13:47:12 +02:00
Xavier Roche
9eb2a344a9 Merge pull request #335 from xroche/cleanup/infostatuscode-const 
Return HTTP status reason phrases via a const-returning switch
 2026-06-14 13:18:16 +02:00
3 changed files with 35 additions and 27 deletions
Expand all files Collapse all files

50
src/htsalias.c
View File

@@ -266,7 +266,9 @@ const char *hts_optalias[][4] = {
return value: number of arguments treated (0 if error)
*/
int optalias_check(int argc, const char *const *argv, int n_arg,
int *return_argc, char **return_argv, char *return_error) {
int *return_argc, char **return_argv,
size_t return_argv_size, char *return_error,
size_t return_error_size) {
return_error[0] = '\0';
*return_argc = 1;
if (argv[n_arg][0] == '-')
@@ -323,9 +325,10 @@ int optalias_check(int argc, const char *const *argv, int n_arg,
/* Copy parameters? */
if (need_param == 2) {
if ((n_arg + 1 >= argc) || (argv[n_arg + 1][0] == '-')) { /* no supplemental parameter */
sprintf(return_error,
"Syntax error:\n\tOption %s needs to be followed by a parameter: %s <param>\n\t%s\n",
command, command, _NOT_NULL(optalias_help(command)));
snprintf(return_error, return_error_size,
"Syntax error:\n\tOption %s needs to be followed by a "
"parameter: %s <param>\n\t%s\n",
command, command, _NOT_NULL(optalias_help(command)));
return 0;
}
strcpybuff(param, argv[n_arg + 1]);
@@ -338,35 +341,36 @@ int optalias_check(int argc, const char *const *argv, int n_arg,
/* Must be alone (-P /tmp) */
if (strcmp(hts_optalias[pos][2], "param1") == 0) {
strcpybuff(return_argv[0], command);
strcpybuff(return_argv[1], param);
strlcpybuff(return_argv[0], command, return_argv_size);
strlcpybuff(return_argv[1], param, return_argv_size);
*return_argc = 2; /* 2 parameters returned */
}
/* Alone with parameter (+*.gif) */
else if (strcmp(hts_optalias[pos][2], "param0") == 0) {
/* Command */
strcpybuff(return_argv[0], command);
strcatbuff(return_argv[0], param);
strlcpybuff(return_argv[0], command, return_argv_size);
strlcatbuff(return_argv[0], param, return_argv_size);
}
/* Together (-c8) */
else {
/* Command */
strcpybuff(return_argv[0], command);
strlcpybuff(return_argv[0], command, return_argv_size);
/* Parameters accepted */
if (strncmp(hts_optalias[pos][2], "param", 5) == 0) {
/* --cache=off or --index=on */
if (strcmp(param, "off") == 0)
strcatbuff(return_argv[0], "0");
strlcatbuff(return_argv[0], "0", return_argv_size);
else if (strcmp(param, "on") == 0) {
// on is the default
// strcatbuff(return_argv[0],"1");
} else
strcatbuff(return_argv[0], param);
strlcatbuff(return_argv[0], param, return_argv_size);
}
*return_argc = 1; /* 1 parameter returned */
}
} else {
sprintf(return_error, "Unknown option: %s\n", command);
snprintf(return_error, return_error_size, "Unknown option: %s\n",
command);
return 0;
}
return need_param;
@@ -380,15 +384,16 @@ int optalias_check(int argc, const char *const *argv, int n_arg,
if ((strcmp(hts_optalias[pos][2], "param1") == 0)
|| (strcmp(hts_optalias[pos][2], "param0") == 0)) {
if ((n_arg + 1 >= argc) || (argv[n_arg + 1][0] == '-')) { /* no supplemental parameter */
sprintf(return_error,
"Syntax error:\n\tOption %s needs to be followed by a parameter: %s <param>\n\t%s\n",
argv[n_arg], argv[n_arg],
_NOT_NULL(optalias_help(argv[n_arg])));
snprintf(return_error, return_error_size,
"Syntax error:\n\tOption %s needs to be followed by a "
"parameter: %s <param>\n\t%s\n",
argv[n_arg], argv[n_arg],
_NOT_NULL(optalias_help(argv[n_arg])));
return 0;
}
/* Copy parameters */
strcpybuff(return_argv[0], argv[n_arg]);
strcpybuff(return_argv[1], argv[n_arg + 1]);
strlcpybuff(return_argv[0], argv[n_arg], return_argv_size);
strlcpybuff(return_argv[1], argv[n_arg + 1], return_argv_size);
/* And return */
*return_argc = 2; /* 2 parameters returned */
return 2; /* 2 parameters used */
@@ -397,7 +402,7 @@ int optalias_check(int argc, const char *const *argv, int n_arg,
}
/* Copy and return other unknown option */
strcpybuff(return_argv[0], argv[n_arg]);
strlcpybuff(return_argv[0], argv[n_arg], return_argv_size);
return 1;
}
@@ -524,9 +529,10 @@ int optinclude_file(const char *name, int *argc, char **argv, char *x_argvblk,
strcatbuff(_tmp_argv[0], a);
strcpybuff(_tmp_argv[1], b);
result =
optalias_check(2, (const char *const *) tmp_argv, 0, &return_argc,
(tmp_argv + 2), return_error);
result = optalias_check(2, (const char *const *) tmp_argv, 0,
&return_argc, (tmp_argv + 2),
sizeof(_tmp_argv[0]), return_error,
sizeof(return_error));
if (!result) {
printf("%s\n", return_error);
} else {

4
src/htsalias.h
View File

@@ -38,7 +38,9 @@ Please visit our Website: http://www.httrack.com
#ifdef HTS_INTERNAL_BYTECODE
extern const char *hts_optalias[][4];
int optalias_check(int argc, const char *const *argv, int n_arg,
int *return_argc, char **return_argv, char *return_error);
int *return_argc, char **return_argv,
size_t return_argv_size, char *return_error,
size_t return_error_size);
int optalias_find(const char *token);
const char *optalias_help(const char *token);
int optreal_find(const char *token);

8
src/htscoremain.c
View File

@@ -385,10 +385,10 @@ static int hts_main_internal(int argc, char **argv, httrackp * opt) {
/* Vérifier argv[] non vide */
if (strnotempty(argv[na])) {
/* Vérifier Commande (alias) */
result =
optalias_check(argc, (const char *const *) argv, na, &tmp_argc,
(char **) tmp_argv, tmp_error);
/* Resolve an option alias, if any */
result = optalias_check(argc, (const char *const *) argv, na, &tmp_argc,
(char **) tmp_argv, sizeof(_tmp_argv[0]),
tmp_error, sizeof(tmp_error));
if (!result) {
HTS_PANIC_PRINTF(tmp_error);
htsmain_free();