summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorin2 <in2@63ad8ddf-47c3-0310-b6dd-a9e9d9715204>2003-05-19 11:52:33 +0800
committerin2 <in2@63ad8ddf-47c3-0310-b6dd-a9e9d9715204>2003-05-19 11:52:33 +0800
commit0672b9f3f07730694e9cce7deff9d96d3836c750 (patch)
treecc1091b4e4866e20ecec06bb9e9b039c68b6062b
parentbf5f7184f419fa3f05d43bdf7192f7dbe343cb0d (diff)
downloadpttbbs-0672b9f3f07730694e9cce7deff9d96d3836c750.tar
pttbbs-0672b9f3f07730694e9cce7deff9d96d3836c750.tar.gz
pttbbs-0672b9f3f07730694e9cce7deff9d96d3836c750.tar.bz2
pttbbs-0672b9f3f07730694e9cce7deff9d96d3836c750.tar.lz
pttbbs-0672b9f3f07730694e9cce7deff9d96d3836c750.tar.xz
pttbbs-0672b9f3f07730694e9cce7deff9d96d3836c750.tar.zst
pttbbs-0672b9f3f07730694e9cce7deff9d96d3836c750.zip
security fix
git-svn-id: http://opensvn.csie.org/pttbbs/pttbbs/trunk/pttbbs@879 63ad8ddf-47c3-0310-b6dd-a9e9d9715204
-rw-r--r--pttpi/cgi/pttpi.c33
1 files changed, 19 insertions, 14 deletions
diff --git a/pttpi/cgi/pttpi.c b/pttpi/cgi/pttpi.c
index 7c9fd766..1265968b 100644
--- a/pttpi/cgi/pttpi.c
+++ b/pttpi/cgi/pttpi.c
@@ -1,4 +1,4 @@
-/* $Id: pttpi.c,v 1.3 2003/05/19 03:21:32 in2 Exp $ */
+/* $Id: pttpi.c,v 1.4 2003/05/19 03:52:33 in2 Exp $ */
#include "bbs.h"
#include "pierr.h"
#include <xmlrpc.h>
@@ -8,12 +8,18 @@ extern SHM_t *SHM;
typedef xmlrpc_int32 int32;
#define errorexit() if( env->fault_occurred ) return NULL
-#define check_board_and_permission(bid) \
- if( bid < 0 || bid > MAX_BOARD || \
- !bcache[bid].brdname[0] || \
- (bcache[bid].brdattr & BRD_HIDE) || \
- (bcache[bid].level && \
- (bcache[bid].brdattr & BRD_POSTMASK)) ) \
+int check_board_and_permission(int bid)
+{
+ return (bid < 0 || bid > MAX_BOARD ||
+ !bcache[bid].brdname[0] ||
+ (bcache[bid].brdattr & BRD_HIDE) ||
+ (bcache[bid].level && !(bcache[bid].brdattr & BRD_POSTMASK) &&
+ (bcache[bid].level &
+ ~(PERM_BASIC|PERM_CHAT|PERM_PAGE|PERM_POST|PERM_LOGINOK))));
+}
+
+#define check_bp_return(bid) \
+ if( check_board_and_permission(bid) ) \
return xmlrpc_build_value(env, "{s:i}", \
"errno", PIERR_NOBRD);
@@ -45,7 +51,7 @@ getBrdInfo(xmlrpc_env *env, xmlrpc_value *param_array, void *user_data)
xmlrpc_parse_value(env, param_array, "(i)", &bid);
errorexit();
- check_board_and_permission(bid);
+ check_bp_return(bid);
return xmlrpc_build_value(env, "{s:i,s:s,s:i,s:6,s:6,s:i}",
"errno", PIERR_OK,
@@ -91,7 +97,7 @@ getNarticle(xmlrpc_env *env, xmlrpc_value *param_array, void *user_data)
xmlrpc_parse_value(env, param_array, "(i)", &bid);
errorexit();
- check_board_and_permission(bid);
+ check_bp_return(bid);
nas = getfilesize(bid, ".DIR", NULL);
return xmlrpc_build_value(env, "{s:i,s:i}",
@@ -110,7 +116,7 @@ class_list(xmlrpc_env *env, xmlrpc_value *param_array, void *user_data)
errorexit();
if( bid != 0 )
- check_board_and_permission(bid);
+ check_bp_return(bid);
if( bid != 0 && !(bcache[bid].brdattr & BRD_GROUPBOARD) )
errorreturn(PIERR_NOTCLASS);
@@ -119,8 +125,7 @@ class_list(xmlrpc_env *env, xmlrpc_value *param_array, void *user_data)
for( bptr = bcache[bid].firstchild[0] ;
bptr != (boardheader_t*)~0 ;
bptr = bptr->next[0] ){
- if( (bptr->brdattr & BRD_HIDE) ||
- (bptr->level && !bptr->brdattr & BRD_POSTMASK) )
+ if( check_board_and_permission(bptr - bcache) )
continue;
t = xmlrpc_build_value(env, "{s:i,s:s,s:6,s:i,s:6,s:i,s:b}",
"bid", (int32)(bptr - bcache),
@@ -147,7 +152,7 @@ article_list(xmlrpc_env *env, xmlrpc_value *param_array, void *user_data)
xmlrpc_parse_value(env, param_array, "(ii)", &bid, &from);
errorexit();
- check_board_and_permission(bid);
+ check_bp_return(bid);
if( (nArticles = getfilesize(bid, ".DIR", &fd)) < 0 )
errorreturn(PIERR_INT);
@@ -213,7 +218,7 @@ article_readfn(xmlrpc_env *env, xmlrpc_value *param_array, void *user_data)
if( fn == NULL || fn[0] != 'M' || fn[1] != '.' )
errorreturn(PIERR_NOBRD);
- check_board_and_permission(bid);
+ check_bp_return(bid);
return _article_readfn(env, bid, fn);
}