b8023f3df3e17b6f60875f88935e60c232d64d16 galt Fri Sep 16 22:40:13 2016 -0700 refs #177282. fixes textarea xss vulnerability in cheapcgi.c visible in hgVai. Added functions to allow outputs of large but indeterminate size such as dyString and file streams like fprintf. diff --git src/inc/htmshell.h src/inc/htmshell.h index 6e1ff29..ba2e100 100644 --- src/inc/htmshell.h +++ src/inc/htmshell.h @@ -2,30 +2,35 @@ * the fly. Typically included with cheapcgi.h in almost any * CGI program. * * To use this generally you should call the function htmShell() * very early inside of main(). You pass htmShell() a routine * which does most of the work of your web server-side applet. * * These routines will throw errors, which are caught by * htmShell, which then returns. For the most part you just * want an error to cause an error message to be printed and * then terminate your CGI program, so this works fine. * * This file is copyright 2002 Jim Kent, but license is hereby * granted for all use - public, private or commercial. */ +#ifndef HTMSHELL_H /* Wrapper to avoid including this twice. */ +#define HTMSHELL_H + +#include "dystring.h" + void htmlSetCookie(char* name, char* value, char* expires, char* path, char* domain, boolean isSecure); /* create a cookie with the given stats */ void htmlParagraph(char *line, ...) /* Print a line in it's own paragraph. */ #if defined(__GNUC__) __attribute__((format(printf, 1, 2))) #endif ; void htmlVaParagraph(char *line, va_list args); /* Print a line in it's own paragraph. */ void htmlCenterParagraph(char *line, ...) /* Center a line in it's own paragraph. */ @@ -187,37 +192,68 @@ void htmlDoEscape(); /* Do not output a http header for error messages. Makes sure that very early * errors are not shown back to the user but trigger a 500 error, */ void htmlSuppressErrors(); /* Include an HTML file in a CGI. * The file path is relative to the web server document root */ void htmlIncludeWebFile(char *file); /* Include an HTML file in a CGI */ void htmlIncludeFile(char *path); /* ===== Html printf-style escaping functions ====== */ -int htmlSafefAbort(boolean noAbort, char *format, ...) +int htmlSafefAbort(boolean noAbort, int errCode, char *format, ...) /* handle noAbort stderror logging and errAbort */ #ifdef __GNUC__ -__attribute__((format(printf, 2, 3))) +__attribute__((format(printf, 3, 4))) #endif ; -int vaHtmlSafefNoAbort(char *buffer, int bufSize, char *format, va_list args, boolean noAbort); +int vaHtmlSafefNoAbort(char *buffer, int bufSize, char *format, va_list args, boolean noAbort, boolean noWarnOverflow); /* VarArgs Format string to buffer, vsprintf style, only with buffer overflow * checking. The resulting string is always terminated with zero byte. * Automatically escapes string values. * This function should be efficient on statements with many strings to be escaped. */ int htmlSafef(char *buffer, int bufSize, char *format, ...) /* Format string to buffer, vsprintf style, only with buffer overflow * checking. The resulting string is always terminated with zero byte. * Escapes string parameters. */ #ifdef __GNUC__ __attribute__((format(printf, 3, 4))) #endif ; +void vaHtmlDyStringPrintf(struct dyString *ds, char *format, va_list args); +/* VarArgs Printf append to dyString + * Strings are escaped according to format type. */ + +void htmlDyStringPrintf(struct dyString *ds, char *format, ...) +/* VarArgs Printf append to dyString + * Strings are escaped according to format type. */ +#ifdef __GNUC__ +__attribute__((format(printf, 2, 3))) +#endif +; + +void vaHtmlFprintf(FILE *f, char *format, va_list args); +/* fprintf using html encoding types */ + +void htmlFprintf(FILE *f, char *format, ...) +/* fprintf using html encoding types */ +#ifdef __GNUC__ +__attribute__((format(printf, 2, 3))) +#endif +; + +void htmlPrintf(char *format, ...) +/* fprintf using html encoding types */ +#ifdef __GNUC__ +__attribute__((format(printf, 1, 2))) +#endif +; + + +#endif /* HTMSHELL_H */