summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--ChangeLog19
-rw-r--r--configure.ac2
-rw-r--r--src/h_bash.c2
-rw-r--r--src/h_lua.c2
-rw-r--r--src/h_script.c2
-rw-r--r--src/lua2c.c5
-rw-r--r--src/rfc2388.c14
7 files changed, 38 insertions, 8 deletions
diff --git a/ChangeLog b/ChangeLog
index a5a4bf3..b98b758 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,16 @@
+2015-02-15
+ 0.9.34
+ * Fixes for Lua 5.3 compatibility
+ * Move sys/fnctl.h to fnctl.h
+ * Victor Cook sent in a patch to rfc2388.c -
+ "In rfc2388.c rfc2388_handler() during processing of the header information,
+ if a buffer read falls on the point where the next character is crlf it
+ results in the header reading to be terminated early. When the error occurs
+ the results are unpredictable and depend on what is then incorrectly interpreted.
+
+ The chance of a failure depends on the length and complexity of the header data,
+ but can become very significant."
+
2014-06-07
0.9.33
* Fix various security vulnerabilities - most serious is a
@@ -13,14 +26,14 @@
* Regression causing Lua always to be linked, never used
2013-15-09
- 0.9.31
+ 0.9.31
* Modernize configure.ac
* more Lua 5.2 fixes
2013-27-06
0.9.30
- * The Mayhem Team of CMU found an undisclosed segfault when the first
+ * The Mayhem Team of CMU found an undisclosed segfault when the first
command-line argument is '' or "" (null-quoted string). Chow Loong Jin
supplied a patch.
* Natanael Copa supplied a patch to rename the deprecated string.gfind
@@ -53,7 +66,7 @@
0.9.27
* Daniel Griscom reported clarification on RFC 2616 compliance
Ralph Siemsen provided the actual man-page update
- * Natanael Copa fixed the Makefile.am for gnu make 3.82+
+ * Natanael Copa fixed the Makefile.am for gnu make 3.82+
* Cleanup temp files on error (Anonymous) SF bug tracker id 2991410
* Pavel Chromy reported a vulnerability where the name of a the tempfile
on a file upload could be modified by the client
diff --git a/configure.ac b/configure.ac
index ed3c990..030a5f3 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,5 +1,5 @@
# Process this file with autoconf to produce a configure script.
-AC_INIT([haserl],[0.9.33],[Nathan Angelacos - nangel@users.sourceforge.net],[haserl])
+AC_INIT([haserl],[0.9.34],[Nathan Angelacos - nangel@users.sourceforge.net],[haserl])
AM_INIT_AUTOMAKE
# Checks for programs.
diff --git a/src/h_bash.c b/src/h_bash.c
index e955acd..1ceee9a 100644
--- a/src/h_bash.c
+++ b/src/h_bash.c
@@ -30,7 +30,7 @@
#include <sys/types.h>
#include <sys/wait.h>
#include <sys/stat.h>
-#include <sys/fcntl.h>
+#include <fcntl.h>
#include <stdlib.h>
#include <string.h>
diff --git a/src/h_lua.c b/src/h_lua.c
index e7fb2b4..19d7eb9 100644
--- a/src/h_lua.c
+++ b/src/h_lua.c
@@ -30,7 +30,7 @@
#include <sys/types.h>
#include <sys/wait.h>
#include <sys/stat.h>
-#include <sys/fcntl.h>
+#include <fcntl.h>
#include <stdlib.h>
#include <string.h>
diff --git a/src/h_script.c b/src/h_script.c
index 534c672..5d5cf4e 100644
--- a/src/h_script.c
+++ b/src/h_script.c
@@ -26,7 +26,7 @@
#include <unistd.h>
#include <sys/types.h>
#include <sys/stat.h>
-#include <sys/fcntl.h>
+#include <fcntl.h>
#include <string.h>
#include <stdlib.h>
#include <ctype.h>
diff --git a/src/lua2c.c b/src/lua2c.c
index 063ac20..261239a 100644
--- a/src/lua2c.c
+++ b/src/lua2c.c
@@ -78,7 +78,12 @@ writer (lua_State * L, const void *p, size_t size, void *u)
static void
dumpit ()
{
+#if LUA_VERSION_NUM >= 503
+ lua_dump (lua_vm, writer, NULL, 0);
+#else
lua_dump (lua_vm, writer, NULL);
+#endif
+
}
diff --git a/src/rfc2388.c b/src/rfc2388.c
index 971a2e1..621672c 100644
--- a/src/rfc2388.c
+++ b/src/rfc2388.c
@@ -399,6 +399,8 @@ rfc2388_handler (list_t * env)
buffer_t buf;
mime_var_t var;
+ int header_continuation;
+
/* prevent a potential unitialized free() - ISE-TPS-2014-008 */
var.name = NULL;
@@ -449,6 +451,9 @@ rfc2388_handler (list_t * env)
state = DISCARD;
str = boundary + 2; /* skip the leading crlf */
+
+ header_continuation = 0;
+
do
{
/* x is true if this token ends with a matchstr or is at the end of stream */
@@ -501,6 +506,7 @@ rfc2388_handler (list_t * env)
buffer_reset (&buf);
mime_var_init (&var);
state = HEADER;
+ header_continuation = 0;
str = crlf;
}
}
@@ -510,7 +516,7 @@ rfc2388_handler (list_t * env)
buffer_add (&buf, sbuf.segment, sbuf.len);
if (x)
{
- if (sbuf.len == 0)
+ if (sbuf.len == 0 && header_continuation == 0)
{ /* blank line */
buffer_reset (&buf);
state = CONTENT;
@@ -522,7 +528,13 @@ rfc2388_handler (list_t * env)
mime_tag_add (&var, (char *) buf.data);
buffer_reset (&buf);
}
+ header_continuation = 0;
}
+ else
+ {
+ // expect more data
+ header_continuation = 1;
+ }
break;
case CONTENT: