Author: dmorissette
Date: 2009-12-18 09:41:14 -0500 (Fri, 18 Dec 2009)
New Revision: 9623
Modified:
branches/branch-5-6/mapserver/HISTORY.TXT
branches/branch-5-6/mapserver/mapfile.c
Log:
Avoid env. var. leak through msEvalRegex() (#2989)
Modified: branches/branch-5-6/mapserver/HISTORY.TXT
===================================================================
--- branches/branch-5-6/mapserver/HISTORY.TXT 2009-12-18 14:35:51 UTC (rev 9622)
+++ branches/branch-5-6/mapserver/HISTORY.TXT 2009-12-18 14:41:14 UTC (rev 9623)
@@ -12,13 +12,11 @@
For a complete change history, please see the Subversion log comments.
-Current Version (SVN branch-5-6):
---------------------------------
-
-
-Version 5.6.0 (2009-12-04):
+Version 5.6.0 (2009-12-18):
---------------------------
+- Fixed potential leak of env. vars through msEvalRegex() (#2989)
+
- WFS hits count is incorrect if the request contain 2 layers or more (#3244)
- Fixed a problem with layer plugin where copyVirtualTable didn't copy
Modified: branches/branch-5-6/mapserver/mapfile.c
===================================================================
--- branches/branch-5-6/mapserver/mapfile.c 2009-12-18 14:35:51 UTC (rev 9622)
+++ branches/branch-5-6/mapserver/mapfile.c 2009-12-18 14:41:14 UTC (rev 9623)
@@ -105,7 +105,7 @@
if(ms_regexec(&re, s, 0, NULL, 0) != 0) { /* no match */
ms_regfree(&re);
- msSetError(MS_REGEXERR, "String (%s) failed expression test.", "msEvalRegex()", s);
+ msSetError(MS_REGEXERR, "String failed expression test.", "msEvalRegex()");
return(MS_FALSE);
}
ms_regfree(&re);
@@ -5172,9 +5172,15 @@
}
if(getenv("MS_MAPFILE_PATTERN")) { /* user override */
- if(msEvalRegex(getenv("MS_MAPFILE_PATTERN"), filename) != MS_TRUE) return(NULL);
+ if(msEvalRegex(getenv("MS_MAPFILE_PATTERN"), filename) != MS_TRUE) {
+ msSetError(MS_REGEXERR, "MS_MAPFILE_PATTERN validation failed." , "msLoadMap()");
+ return(NULL);
+ }
} else { /* check the default */
- if(msEvalRegex(MS_DEFAULT_MAPFILE_PATTERN, filename) != MS_TRUE) return(NULL);
+ if(msEvalRegex(MS_DEFAULT_MAPFILE_PATTERN, filename) != MS_TRUE) {
+ msSetError(MS_REGEXERR, "MS_DEFAULT_MAPFILE_PATTERN validation failed." , "msLoadMap()");
+ return(NULL);
+ }
}
/*
@@ -5497,11 +5503,17 @@
** Check map filename to make sure it's legal
*/
if(getenv("MS_MAPFILE_PATTERN")) { /* user override */
- if(msEvalRegex(getenv("MS_MAPFILE_PATTERN"), filename) != MS_TRUE) return(NULL);
+ if(msEvalRegex(getenv("MS_MAPFILE_PATTERN"), filename) != MS_TRUE) {
+ msSetError(MS_REGEXERR, "MS_MAPFILE_PATTERN validation failed." , "msLoadMap()");
+ return(NULL);
+ }
} else { /* check the default */
- if(msEvalRegex(MS_DEFAULT_MAPFILE_PATTERN, filename) != MS_TRUE) return(NULL);
+ if(msEvalRegex(MS_DEFAULT_MAPFILE_PATTERN, filename) != MS_TRUE) {
+ msSetError(MS_REGEXERR, "MS_DEFAULT_MAPFILE_PATTERN validation failed." , "msLoadMap()");
+ return(NULL);
+ }
}
-
+
if((msyyin = fopen(filename,"r")) == NULL) {
msSetError(MS_IOERR, "(%s)", "msTokenizeMap()", filename);
return NULL;