Re: Elogd crashes with: *** stack smashing detected ***, posted by Niklas on Thu Nov 27 10:29:19 2008
|
| Stefan Ritt wrote: |
|
| Niklas wrote: |
|
Stefan,
perhaps there should be something like the bold text below in elogd.c:
int process_http_request(const char *request, int i_conn)^M
...
/* extract cookies */^M
if ((p = strstr(request, "Cookie:")) != NULL) {^M
p += 6;^M
do {^M
p++;^M
while (*p && *p == ' ')^M
p++;^M
strlcpy(str, p, sizeof(str));^M
for (i = 0; i < (int) strlen(str); i++)^M
if (str[i] == '=' || str[i] == ';')^M
break;^M
if (str[i] == '=') {^M
str[i] = 0;^M
p += i + 1;^M
for (i = 0; *p && *p != ';' && *p != '\r' && *p != '\n' && i < (int) sizeof(cookie); i++)
cookie[i] = *p++;
...
|
Wow, where did you get that long cookie from? Certainly not from elogd. You must run elogd under Apache, and have some other service next to it on your server which distributes this long cookies, that's why other people did not experience this problem yet. I appreciate your fix. It's alwasy nice to see users not only complain about things, but try to fix them. Your fix is almost correct, you need a
i<(int) sizeof(cookie)-1
since there is the trailing zero for terminating the cookie string. I applied your fix to SVN revision #2146.
|
I the cookie is used for single-sign-on for multiple sites within company.com. So the cookie is issued for "company.com" i.e. all websites gets it even elog.company.com:8080..
I mostly fibble little bit in perl (dont need to bother with trailing zeros there  ).
BR, Niklas
|
|
Re: Elogd crashes with: *** stack smashing detected ***, posted by Niklas on Fri Jan 9 10:41:20 2009
|
| Stefan Ritt wrote: |
|
| Niklas wrote: |
|
Stefan,
perhaps there should be something like the bold text below in elogd.c:
int process_http_request(const char *request, int i_conn)^M
...
/* extract cookies */^M
if ((p = strstr(request, "Cookie:")) != NULL) {^M
p += 6;^M
do {^M
p++;^M
while (*p && *p == ' ')^M
p++;^M
strlcpy(str, p, sizeof(str));^M
for (i = 0; i < (int) strlen(str); i++)^M
if (str[i] == '=' || str[i] == ';')^M
break;^M
if (str[i] == '=') {^M
str[i] = 0;^M
p += i + 1;^M
for (i = 0; *p && *p != ';' && *p != '\r' && *p != '\n' && i < (int) sizeof(cookie); i++)
cookie[i] = *p++;
...
|
Wow, where did you get that long cookie from? Certainly not from elogd. You must run elogd under Apache, and have some other service next to it on your server which distributes this long cookies, that's why other people did not experience this problem yet. I appreciate your fix. It's alwasy nice to see users not only complain about things, but try to fix them. Your fix is almost correct, you need a
i<(int) sizeof(cookie)-1
since there is the trailing zero for terminating the cookie string. I applied your fix to SVN revision #2146.
|
Just noticed that this fix does not work. Elog cookies e.g. "upwd" may be after other long cookies its not seen, as now it stops reading the cookie-string after 256 chars. There needs to be something that goes through the cookies and saves only elog cookies... Would probably be better if you code that, if you have time =D
BR, niklas |
|
Re: Elogd crashes with: *** stack smashing detected ***, posted by Niklas on Tue Jan 13 14:30:37 2009
|
Stefan,
To solve the problem I suggest following change to elogd.c (2.7.5 2159).
Create a list of elog cookies, and store only these as parameters. Example diff:
---
$ diff elog/src/elogd.c elogd_niho.c
26557a26558
> const char *cookie_list[] = { "upwd", "unm", "elmode", "urem", "wpwd", "apwd", "uname", NULL };
26603c26604,26610
< setparam(str, cookie);
---
> for(i=0; cookie_list[i]; i++) {
> if(strcmp(cookie_list[i], str) == 0) {
> setparam(str, cookie);
> break;
> }
> }
>
---
In a more readable fashion:
int process_http_request(const char *request, int i_conn)
{
...
const char *cookie_list[] = { "upwd", "unm", "elmode", "urem", "wpwd", "apwd", "uname", NULL };
...
...
...
/* store cookie as parameter */
for(i=0; cookie_list[i]; i++) {
if(strcmp(cookie_list[i], str) == 0) {
setparam(str, cookie);
break;
}
}
...
Not sure if I got all the cookies used by elog.
BR, niklas |
|
Re: Elogd crashes with: *** stack smashing detected ***, posted by Niklas on Wed Mar 4 16:32:56 2009
|
| Stefan Ritt wrote: |
|
| Niklas wrote: |
|
Create a list of elog cookies, and store only these as parameters. Examplef:
int process_http_request(const char *request, int i_conn)
{
...
const char *cookie_list[] = { "upwd", "unm", "elmode", "urem", "wpwd", "apwd", "uname", NULL };
...
...
...
/* store cookie as parameter */
for(i=0; cookie_list[i]; i++) {
if(strcmp(cookie_list[i], str) == 0) {
setparam(str, cookie);
break;
}
}
...
|
I'm not sure if this works, since your test
i < (int) sizeof(cookie)
still will stop parsing cookies if there is one which is too long. So I added your test plus changed the parsing to:
for (i = 0; *p && *p != ';' && *p != '\r' && *p != '\n' ; )
if (i < (int) sizeof(cookie)-1)
cookie[i++] = *p++;
cookie[i] = 0;
The modification is in the curren SVN revision (# 2162). So have a look and check that it works.
|
Tried 2178 and I seem to hit some endless loop when I have big cookies. The loop seems to be in this for-loop (from gdb).
I perhaps you should have:
for (i = 0; *p && *p != ';' && *p != '\r' && *p != '\n' ; )
if (i < (int) sizeof(cookie)-1)
cookie[i++] = *p++;
else
break;
cookie[i] = 0;
... Seems to be working for me =)
|
Access control, group level, posted by Niklas on Mon Nov 2 11:17:20 2009
|
Hi elog experts =)
Anyone know if it's possible to have access control per group-level?
For instance:
Group A = B,C
Group B = LogA
Group C = LogB, LogC
Group C: Read password = abc
?
//NH |
|
Logout, authentication failure causes "redir", posted by Niklas on Wed Apr 28 10:38:51 2010
|
When someone logout from my Elog, or the person does not have access to a logbook (due to "Login user =") the person gets a blank webpage with "redir" typed in the upper left corner.
I guess it should redir to some webpage? How can I get it to actually do that? Am I missing something in elogd.cfg?
|
|
Re: Logout, authentication failure causes "redir", posted by Niklas on Wed Apr 28 16:34:17 2010
|
| Stefan Ritt wrote: |
|
| Niklas wrote: |
|
When someone logout from my Elog, or the person does not have access to a logbook (due to "Login user =") the person gets a blank webpage with "redir" typed in the upper left corner.
I guess it should redir to some webpage? How can I get it to actually do that? Am I missing something in elogd.cfg?
|
Have you tried the URL = ... statement?
|
If a user that is not in "Login User =" tries to enter it would be nicer to have a "Access denied", instead of getting the first page again (user just keeps on trying and gets upset)... =) |
|
Is it possible to generate a table of contents based on h1/h2/h3 HTML tags?, posted by Niklas Hoglund on Mon Jun 19 07:48:49 2017
|
Is it possible to generate a table of contents based on h1/h2/h3 HTML tags?
Example:
toc()
< h1>test
< h2>test1
< h1>test2
< h2>test3
< h1>test4
< h2>test5
Results in:
1. test
1.1 test1
2. test2
2.1 test3
3. test4
3.1 test5
...the text...
|
|