| ID |
Date |
Icon |
Author |
Author Email |
Category |
OS |
ELOG Version |
Subject |
|
66086
|
Thu Nov 27 10:29:19 2008 |
 | Niklas | niklas@hoglund.pp.se | Bug report | Linux | 2.7.5 2142 | Re: Elogd crashes with: *** stack smashing detected *** |
| Stefan Ritt wrote: |
|
| Niklas wrote: |
|
Stefan,
perhaps there should be something like the bold text below in elogd.c:
int process_http_request(const char *request, int i_conn)^M
...
/* extract cookies */^M
if ((p = strstr(request, "Cookie:")) != NULL) {^M
p += 6;^M
do {^M
p++;^M
while (*p && *p == ' ')^M
p++;^M
strlcpy(str, p, sizeof(str));^M
for (i = 0; i < (int) strlen(str); i++)^M
if (str[i] == '=' || str[i] == ';')^M
break;^M
if (str[i] == '=') {^M
str[i] = 0;^M
p += i + 1;^M
for (i = 0; *p && *p != ';' && *p != '\r' && *p != '\n' && i < (int) sizeof(cookie); i++)
cookie[i] = *p++;
...
|
Wow, where did you get that long cookie from? Certainly not from elogd. You must run elogd under Apache, and have some other service next to it on your server which distributes this long cookies, that's why other people did not experience this problem yet. I appreciate your fix. It's alwasy nice to see users not only complain about things, but try to fix them. Your fix is almost correct, you need a
i<(int) sizeof(cookie)-1
since there is the trailing zero for terminating the cookie string. I applied your fix to SVN revision #2146.
|
I the cookie is used for single-sign-on for multiple sites within company.com. So the cookie is issued for "company.com" i.e. all websites gets it even elog.company.com:8080..
I mostly fibble little bit in perl (dont need to bother with trailing zeros there  ).
BR, Niklas
|
|
66137
|
Fri Jan 9 10:41:20 2009 |
| Niklas | niklas@hoglund.pp.se | Bug report | Linux | 2.7.5 2142 | Re: Elogd crashes with: *** stack smashing detected *** |
| Stefan Ritt wrote: |
|
| Niklas wrote: |
|
Stefan,
perhaps there should be something like the bold text below in elogd.c:
int process_http_request(const char *request, int i_conn)^M
...
/* extract cookies */^M
if ((p = strstr(request, "Cookie:")) != NULL) {^M
p += 6;^M
do {^M
p++;^M
while (*p && *p == ' ')^M
p++;^M
strlcpy(str, p, sizeof(str));^M
for (i = 0; i < (int) strlen(str); i++)^M
if (str[i] == '=' || str[i] == ';')^M
break;^M
if (str[i] == '=') {^M
str[i] = 0;^M
p += i + 1;^M
for (i = 0; *p && *p != ';' && *p != '\r' && *p != '\n' && i < (int) sizeof(cookie); i++)
cookie[i] = *p++;
...
|
Wow, where did you get that long cookie from? Certainly not from elogd. You must run elogd under Apache, and have some other service next to it on your server which distributes this long cookies, that's why other people did not experience this problem yet. I appreciate your fix. It's alwasy nice to see users not only complain about things, but try to fix them. Your fix is almost correct, you need a
i<(int) sizeof(cookie)-1
since there is the trailing zero for terminating the cookie string. I applied your fix to SVN revision #2146.
|
Just noticed that this fix does not work. Elog cookies e.g. "upwd" may be after other long cookies its not seen, as now it stops reading the cookie-string after 256 chars. There needs to be something that goes through the cookies and saves only elog cookies... Would probably be better if you code that, if you have time =D
BR, niklas |
|
66149
|
Tue Jan 13 14:30:37 2009 |
| Niklas | niklas@hoglund.pp.se | Bug report | Linux | 2.7.5 2142 | Re: Elogd crashes with: *** stack smashing detected *** |
Stefan,
To solve the problem I suggest following change to elogd.c (2.7.5 2159).
Create a list of elog cookies, and store only these as parameters. Example diff:
---
$ diff elog/src/elogd.c elogd_niho.c
26557a26558
> const char *cookie_list[] = { "upwd", "unm", "elmode", "urem", "wpwd", "apwd", "uname", NULL };
26603c26604,26610
< setparam(str, cookie);
---
> for(i=0; cookie_list[i]; i++) {
> if(strcmp(cookie_list[i], str) == 0) {
> setparam(str, cookie);
> break;
> }
> }
>
---
In a more readable fashion:
int process_http_request(const char *request, int i_conn)
{
...
const char *cookie_list[] = { "upwd", "unm", "elmode", "urem", "wpwd", "apwd", "uname", NULL };
...
...
...
/* store cookie as parameter */
for(i=0; cookie_list[i]; i++) {
if(strcmp(cookie_list[i], str) == 0) {
setparam(str, cookie);
break;
}
}
...
Not sure if I got all the cookies used by elog.
BR, niklas |
|
66234
|
Wed Mar 4 16:32:56 2009 |
| Niklas | niklas@hoglund.pp.se | Bug report | Linux | 2.7.5 2142 | Re: Elogd crashes with: *** stack smashing detected *** |
| Stefan Ritt wrote: |
|
| Niklas wrote: |
|
Create a list of elog cookies, and store only these as parameters. Examplef:
int process_http_request(const char *request, int i_conn)
{
...
const char *cookie_list[] = { "upwd", "unm", "elmode", "urem", "wpwd", "apwd", "uname", NULL };
...
...
...
/* store cookie as parameter */
for(i=0; cookie_list[i]; i++) {
if(strcmp(cookie_list[i], str) == 0) {
setparam(str, cookie);
break;
}
}
...
|
I'm not sure if this works, since your test
i < (int) sizeof(cookie)
still will stop parsing cookies if there is one which is too long. So I added your test plus changed the parsing to:
for (i = 0; *p && *p != ';' && *p != '\r' && *p != '\n' ; )
if (i < (int) sizeof(cookie)-1)
cookie[i++] = *p++;
cookie[i] = 0;
The modification is in the curren SVN revision (# 2162). So have a look and check that it works.
|
Tried 2178 and I seem to hit some endless loop when I have big cookies. The loop seems to be in this for-loop (from gdb).
I perhaps you should have:
for (i = 0; *p && *p != ';' && *p != '\r' && *p != '\n' ; )
if (i < (int) sizeof(cookie)-1)
cookie[i++] = *p++;
else
break;
cookie[i] = 0;
... Seems to be working for me =)
|
|
66569
|
Mon Nov 2 11:17:20 2009 |
 | Niklas | niklas@hoglund.pp.se | Question | Linux | 2.77 | Access control, group level | Hi elog experts =)
Anyone know if it's possible to have access control per group-level?
For instance:
Group A = B,C
Group B = LogA
Group C = LogB, LogC
Group C: Read password = abc
?
//NH |
|
66797
|
Wed Apr 28 10:38:51 2010 |
| Niklas | niklas@hoglund.pp.se | Question | Linux | 2.77 | Logout, authentication failure causes "redir" | When someone logout from my Elog, or the person does not have access to a logbook (due to "Login user =") the person gets a blank webpage with "redir" typed in the upper left corner.
I guess it should redir to some webpage? How can I get it to actually do that? Am I missing something in elogd.cfg?
|
|
66799
|
Wed Apr 28 16:34:17 2010 |
| Niklas | niklas@hoglund.pp.se | Question | Linux | 2.77 | Re: Logout, authentication failure causes "redir" |
| Stefan Ritt wrote: |
|
| Niklas wrote: |
|
When someone logout from my Elog, or the person does not have access to a logbook (due to "Login user =") the person gets a blank webpage with "redir" typed in the upper left corner.
I guess it should redir to some webpage? How can I get it to actually do that? Am I missing something in elogd.cfg?
|
Have you tried the URL = ... statement?
|
If a user that is not in "Login User =" tries to enter it would be nicer to have a "Access denied", instead of getting the first page again (user just keeps on trying and gets upset)... =) |
|
68630
|
Mon Jun 19 07:48:49 2017 |
| Niklas Hoglund | niklas@hoglund.pp.se | Question | Windows | 3.1.3 | Is it possible to generate a table of contents based on h1/h2/h3 HTML tags? | Is it possible to generate a table of contents based on h1/h2/h3 HTML tags?
Example:
toc()
< h1>test
< h2>test1
< h1>test2
< h2>test3
< h1>test4
< h2>test5
Results in:
1. test
1.1 test1
2. test2
2.1 test3
3. test4
3.1 test5
...the text...
|
|