- Safely escape user input with mysql_real_escape_string
- fixed some memory leaks
This commit is contained in:
Geir Hauge
28
common.c
28
common.c
@@ -124,7 +124,7 @@ int
|
||||
member(char *gr) {
|
||||
char *username;
|
||||
|
||||
char *group;
|
||||
char group[65];
|
||||
struct group *g;
|
||||
|
||||
struct passwd *p;
|
||||
@@ -141,11 +141,8 @@ member(char *gr) {
|
||||
username = p->pw_name;
|
||||
|
||||
/* Copy string, but cut at '_' */
|
||||
group = strdup(gr);
|
||||
if (group == NULL) {
|
||||
fprintf(stderr, "Couldn't allocate memory. Terminating.");
|
||||
exit(1);
|
||||
}
|
||||
strncpy(group, gr, 64);
|
||||
group[64] = '\0';
|
||||
|
||||
// ettersom man kan f<> inn gruppenavn med underscore i, m<> man rett og
|
||||
// slett pr<70>ve seg fram for <20> sjekke om det er en gruppe personen er med
|
||||
@@ -170,9 +167,9 @@ member(char *gr) {
|
||||
if (g) {
|
||||
/* Check if user is member of group */
|
||||
while(*g->gr_mem != NULL) {
|
||||
char * member = *g->gr_mem;
|
||||
char * member = *g->gr_mem++;
|
||||
#if DEBUG
|
||||
printf("Medlem: %s\n", *g->gr_mem);
|
||||
printf("Medlem: %s\n", member);
|
||||
#endif
|
||||
|
||||
if (strcmp(member,username) == 0) {
|
||||
@@ -180,8 +177,6 @@ member(char *gr) {
|
||||
printf("You have access to '%s'\n", gr);
|
||||
#endif
|
||||
return 1; /* OK */
|
||||
} else {
|
||||
*g->gr_mem++;
|
||||
}
|
||||
}
|
||||
#if DEBUG
|
||||
@@ -222,7 +217,7 @@ char **get_group_names(int *numgroups)
|
||||
return NULL;
|
||||
}
|
||||
|
||||
grouplist = malloc(sizeof(char *));
|
||||
grouplist = malloc(33 * sizeof(char *));
|
||||
real_nr_groups = 0;
|
||||
|
||||
for (i = 0; i < nr_groups; i++) {
|
||||
@@ -230,9 +225,7 @@ char **get_group_names(int *numgroups)
|
||||
|
||||
/* Go to next grp if it doesn't have a name */
|
||||
if (g != NULL) {
|
||||
grouplist = (char **) realloc(grouplist, (real_nr_groups+2) * sizeof(char *));
|
||||
grouplist[real_nr_groups] = strdup(g->gr_name);
|
||||
real_nr_groups++;
|
||||
grouplist[real_nr_groups++] = strdup(g->gr_name);
|
||||
} else {
|
||||
fprintf(stderr, "Omitting gid %d, no entry in group-file.\n", gids[i]);
|
||||
}
|
||||
@@ -250,3 +243,10 @@ reload(MYSQL *pmysql)
|
||||
{
|
||||
return mysql_reload(pmysql);
|
||||
}
|
||||
|
||||
/* same as strcpy, but returns a pointer to the end of dest instead of start */
|
||||
char *strmov(char *dest, const char *src) {
|
||||
while ((*dest++ = *src++))
|
||||
;
|
||||
return dest-1;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user