From xsov@mail.ru Fri May  6 04:30:56 2005
Received: 194.67.23.149 / smx2.brturbo.com
Received: from [212.48.201.194] (port=40725 helo=[192.168.0.77]) by
	mx3.mail.ru with asmtp  id 1DTqX4-0008GO-00 for orso@brturbo.com.br; Fri,
	06 May 2005 04:17:31 +0400
From: Oleg <xsov@mail.ru>
To: Pedro Lineu Orso <orso@brturbo.com.br>
Subject: Re: sarg-2.0.6 new patches
Date: Fri, 6 May 2005 04:30:56 +0400
User-Agent: KMail/1.7.2
References: <200504241642.06841.xsov@mail.ru>
	 <1115290770.4499.7.camel@lcaklds49>
In-Reply-To: <1115290770.4499.7.camel@lcaklds49>
MIME-Version: 1.0
Content-Type: Multipart/Mixed; boundary="Boundary-00=_BrreCrvUGWRZVaY"
Message-Id: <200505060430.57213.xsov@mail.ru>
X-Evolution-Source: pop://orso@pop.brturbo.com.br


--Boundary-00=_BrreCrvUGWRZVaY
Content-Type: text/plain; charset="koi8-r"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit

Hello Pedro!

PL > I have implemented your patches on sarg-2.0.7 and there are some sarg
PL > users asking me
PL > about this one:
PL >
PL > . Fixes segfault, produced by inproper use of strncpy functions, look -
PL > strncpy
PL >
PL > Can you please explain when segfault happens?
PL >
PL > I've seen that the forth characted of month[] in index.c is set to null
PL > to avoid strcat to segfault, but I cannot understand when this is
PL > needed.

I have big-big squid.log file, and this error is produced only when I use 
"LongUrl=yes" option in configuration file, I deeply debug code and see, that 
error was at that place of code. I also can assume that overrun of '\0' 
symbol was produced by error in other part of code. If you want I can get 
part of my squid.log file, which produce this error and send it to you with 
my squid.conf file (but I can do this not so fast, because file is very 
large, and I can't send sensitive information from it to anybody).

I include here another my patches for new sarg 2.0.7 version:
1) topuser.diff:
URL size is too small for URL with coded symbols, like %2f for slash ('/') 
symbol, I see URLs in my squid.log file with length about 1400 characters. So 
because there was number 1024 (I don't know where you get it, may be from 
some RFC?), and one symbol can be 3-times longer, I enlarge buffer to 3072 
characters (3 x 1024).

2) util.diff
There I replace all '<=12' condition to '<12' because array of months has 12 
elements, which are numbered from 0, so:
0 - 1st (January)
1 - 2nd (February)
...
11 - 12th (December)
and condition <=12 will loop for 13 elements, that is wrong.

I also remove unneeded 'return;' at the ends of some functions (I don't think 
it is required for other operating systems).

Regards, Oleg.

--Boundary-00=_BrreCrvUGWRZVaY
Content-Type: text/x-diff; charset="koi8-r"; name="topuser.diff"
Content-Disposition: attachment; filename="topuser.diff"
Content-Transfer-Encoding: 8bit

--- sarg-2.0.7/topuser.c	2005-05-02 17:55:04.000000000 +0400
+++ sarg-2.0.7rbs/topuser.c	2005-05-04 03:53:48.000000000 +0400
@@ -38,7 +38,7 @@
    int posicao=0;
    char olduser[MAXLEN], csort[MAXLEN], periodo[MAXLEN], arqper[MAXLEN];
    char wger[MAXLEN], top1[MAXLEN], top2[MAXLEN], top3[MAXLEN];
-   char user[MAXLEN], nacc[20], nbytes[20], url[1024], preg[8000], tusr[MAXLEN];
+   char user[MAXLEN], nacc[20], nbytes[20], url[3072], preg[8000], tusr[MAXLEN];
    char ip[MAXLEN], hora[9], data[11], elap[15], incac[15], oucac[15], html[MAXLEN];
    char ipantes[MAXLEN], nameantes[MAXLEN];
    char sfield[10]="2,2";

--Boundary-00=_BrreCrvUGWRZVaY
Content-Type: text/x-diff; charset="koi8-r"; name="util.diff"
Content-Disposition: attachment; filename="util.diff"
Content-Transfer-Encoding: 8bit

--- sarg-2.0.7/util.c	2005-05-02 17:55:04.000000000 +0400
+++ sarg-2.0.7rbs/util.c	2005-05-04 04:04:01.000000000 +0400
@@ -246,7 +246,7 @@
    ndia[0]='\0';
    nmes[0]='\0';
 
-   for(x=0; x<=12; x++) {
+   for(x=0; x<12; x++) {
       if(strcmp(mtab1[x],mes) == 0) {
          strncpy(nmes,mtab2[x],sizeof(nmes)-1);
          nmes[sizeof(nmes)-1]=0;
@@ -262,9 +262,6 @@
 
    strncpy(dia,ndia,sizeof(dia)-1);
    dia[sizeof(dia)-1]=0;
-
-   return;
-
 }
 
 
@@ -275,15 +272,12 @@
 
    nmes[0]='\0';
 
-   for(x=0; x<=12; x++) {
+   for(x=0; x<12; x++) {
       if(strcmp(mtab1[x],mes) == 0)
          strcpy(nmes,mtab2[x]);
    }
 
    sprintf(wdata,"%s%s%s",ano,nmes,dia);
-
-   return;
-
 }
 
 
@@ -291,13 +285,10 @@
 {
    int  x;
 
-   for(x=0; x<=12; x++) {
+   for(x=0; x<12; x++) {
       if(strcmp(mtab1[x],month) == 0)
          strcpy(month,mtab2[x]);
    }
-
-   return;
-
 }
 
 
@@ -305,7 +296,7 @@
 {
    int x;
 
-   for(x=0; x<=12; x++) {
+   for(x=0; x<12; x++) {
       if(strcmp(mtab2[x],month) == 0)
          strcpy(month,mtab1[x]);
    }
@@ -328,7 +319,7 @@
    strncpy(ano,duntil,4);
    ano[4]='\0';
 
-   for(x=0; x<=12; x++) {
+   for(x=0; x<12; x++) {
       if(strcmp(mtab2[x],mes) == 0)
          strcpy(mes,mtab1[x]);
    }
@@ -339,23 +330,18 @@
       sprintf(warea,"%s%s%s",ano,mes,dia);
 
    strcat(periodo,warea);
-   return;
 }
 
 
 void debuga(char *msg)
 {
   fprintf(stderr, "SARG: %s\n",msg);
-
-  return;
 }
 
 
 void debugaz(char *head, char *msg)
 {
   fprintf(stderr, "SARG: (util) %s=%s\n",head, msg);
-
-  return;
 }
 
 
@@ -384,8 +370,6 @@
    }
    ip[0]='\0';
    sprintf(ip,"%s%s%s%s%s%s%s",n1,sep,n2,sep,n3,sep,wip);
-
-   return;
 }
 
 
@@ -499,9 +483,6 @@
    strcpy(href,"<a href='");
    strcat(href,whref);
    strcat(href,"/");
-
-   return;
-
 }
 
 
@@ -541,9 +522,6 @@
    fgets(data,80,fp_in);
    fclose(fp_in);
    data[strlen(data)-1]='\0';
-
-   return;
-
 }
 
 
@@ -562,9 +540,6 @@
    fgets(tuser,20,fp_in);
    tuser[strlen(tuser)-1]='\0';
    fclose(fp_in);
-
-   return;
-
 }
 
 
@@ -603,9 +578,6 @@
    wtuser=my_atoll(tuser);
    med=my_atoll(warea) / wtuser;
    sprintf(media,"%s",fixnum(med,1));
-
-   return;
-
 }
 
 
@@ -631,9 +603,6 @@
 
    if(debug)
       debuga((char *)text[50]);
- 
-   return;
- 
 }
 
 void vrfydir(char *dir, char *per1, char *addr, char *site, char *us, char *form)
@@ -733,10 +702,6 @@
    }
    (void) rewinddir(dirp);
    (void) closedir(dirp);
-
-   return;
-
-
 }
 
 
@@ -752,9 +717,6 @@
       strcat(warea,line);
       strcpy(line,warea);
    }
-
-   return;
-
 }
 
 void zdate(char *ftime, char *DateFormat)
@@ -771,8 +733,6 @@
       strftime(ftime, 127, "%d/%b/%Y-%H:%M", local);
    if(strcmp(DateFormat,"w") == 0)
       strftime(ftime, 127, "%V-%H-%M", local);
-
-   return;
 }
 
 
@@ -839,7 +799,6 @@
 
    sprintf(dfrom,"%s%s%s",anof,mesf,diaf);
    sprintf(duntil,"%s%s%s",anou,mesu,diau);
-   return;
 }
 
 
@@ -928,8 +887,6 @@
       sprintf(warea,"%s/periodo",outdir);
       unlink(warea);
    }
-  
-   return;
 }
 
 void load_excludecodes()
@@ -951,8 +908,6 @@
    }
 
    fclose(fp_in);
-   return;
-
 }
 
 int vercode(char *code)
@@ -976,8 +931,6 @@
       str[strlen(str)-1]='\0';
    if(strcmp(str,"none") == 0)
       str[0]='\0';
-
-   return;
 }
 
 #ifdef LEGACY_TESTVALIDUSERCHAR
@@ -1111,8 +1064,6 @@
       w2[y]=w[x];
       y++;
    }
-
-   return;
 }
 
 void version()

--Boundary-00=_BrreCrvUGWRZVaY--

