[Fedora-directory-commits] dsgw/tests setup.sh, 1.4, 1.5 valgrind.supp, 1.1, 1.2
Richard Allen Megginson (rmeggins)
fedora-directory-commits at redhat.com
Wed Feb 27 03:36:53 UTC 2008
Author: rmeggins
Update of /cvs/dirsec/dsgw/tests
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv30811/dsgw/tests
Modified Files:
setup.sh valgrind.supp
Log Message:
1) There were several places where DSGW would output and eval arbitrary javascript code passed in a CGI parameter. These have been replaced with resource strings. In all cases the values were output escaped, but still, we shouldn't be passing around bits of javascript code to execute.
2) ICU provides a function which can parse the HTTP_ACCEPT_LANGUAGE string and return the most appropriate locale, so we should use that for date calculation.
3) Found a couple of places where uninitialized values could be used, and fixed them.
4) Used PR_smprintf to simplify some strlen+malloc+strcpy+strcat code.
5) dsgw_get_cgi_var will check for NULL input
6) Do not pass in the ldap host and port in form parameters. Always just use the values from the config file.
7) Added many new tests and valgrind suppressions (almost all from ICU)
Index: setup.sh
===================================================================
RCS file: /cvs/dirsec/dsgw/tests/setup.sh,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- setup.sh 19 Feb 2008 15:20:22 -0000 1.4
+++ setup.sh 27 Feb 2008 03:36:51 -0000 1.5
@@ -1,7 +1,7 @@
#!/bin/sh
testdir="$1"
-sroot=/NotBackedUp/$USER/11srv
+sroot=/home/$USER/11srv
port=1100
secport=1101
rootdn="cn=directory manager"
@@ -32,7 +32,7 @@
fi
if [ "$needdata" ] ; then
-$sroot/lib/dirsrv/slapd-localhost/ldif2db.pl -D "$rootdn" -w "$rootpw" -n userRoot -i $sroot/share/dirsrv/data/Example.ldif
+$sroot/lib/dirsrv/slapd-vmhost/ldif2db.pl -D "$rootdn" -w "$rootpw" -n userRoot -i $sroot/share/dirsrv/data/Example.ldif
sleep 10
fi
@@ -81,8 +81,6 @@
#export ADMSERV_CONF_DIR
#ADMSERV_LOG_DIR=$dir/testtmp
#export ADMSERV_LOG_DIR
-HTTP_ACCEPT_LANGUAGE=en
-export HTTP_ACCEPT_LANGUAGE
SERVER_URL=http://localhost
export SERVER_URL
@@ -98,17 +96,19 @@
#VGPREFIX="valgrind --tool=memcheck --leak-check=yes --suppressions=$HOME/valgrind.supp --num-callers=40 --suppressions=$testdir/valgrind.supp "
# These are CGI programs - they assume they will run for a very short period of time - they use exit() instead of free() :P
VGPREFIX="valgrind --tool=memcheck --leak-check=no --suppressions=$HOME/valgrind.supp --num-callers=40 --suppressions=$testdir/valgrind.supp "
-#GDB="gdb -x .gdbinit "
+GDB="gdb -x .gdbinit "
DEBUGCMD=VALGRIND
#DEBUGCMD="$GDB"
-PROGS="dnedit"
+PROGS="lang"
# use scripts for orgchart perl scripts
SCRIPTS=""
#ClientLanguage=en_US ; export ClientLanguage
HTTP_ACCEPT_LANGUAGE=en_US ; export HTTP_ACCEPT_LANGUAGE
+#HTTP_COOKIE='nsdsgwauth=rndstr:cn=directory manager' ; export HTTP_COOKIE
+
runATest() {
prog="$1"
shift
@@ -146,6 +146,7 @@
if [ -f /tmp/$prog.debug.$basetest ] ; then
echo "break main" > .gdbinit
else
+ echo no match /tmp/$prog.debug.$basetest
rm -f .gdbinit
fi
if [ $type = "POST" ] ; then
@@ -192,9 +193,9 @@
ctxnum=1
for ctx in "" "/" "." "../../../" "somebogusvalue" "pb" "dsgw" ; do
if [ -s "$test" ] ; then
- runATest "$prog" GET "$test" .$ctxnum "&context=$ctx&binddn=$rootdn&passwd=$rootpw"
+ runATest "$prog" GET "$test" .$ctxnum "&context=$ctx&binddn=$rootdn&passwd=$rootpw&password=$rootpw"
else
- runATest "$prog" GET "$test" .$ctxnum "context=$ctx&binddn=$rootdn&passwd=$rootpw"
+ runATest "$prog" GET "$test" .$ctxnum "context=$ctx&binddn=$rootdn&passwd=$rootpw&password=$rootpw"
fi
ctxnum=`expr $ctxnum + 1`
done
@@ -211,7 +212,7 @@
runATest "$prog" POST "$test"
ctxnum=1
for ctx in "" "/" "." "../../../" "somebogusvalue" "pb" "dsgw" ; do
- runATest "$prog" POST "$test" .$ctxnum "&context=$ctx&binddn=$rootdn&passwd=$rootpw"
+ runATest "$prog" POST "$test" .$ctxnum "&context=$ctx&binddn=$rootdn&passwd=$rootpw&password=$rootpw"
ctxnum=`expr $ctxnum + 1`
done
done
Index: valgrind.supp
===================================================================
RCS file: /cvs/dirsec/dsgw/tests/valgrind.supp,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- valgrind.supp 9 Feb 2008 18:24:23 -0000 1.1
+++ valgrind.supp 27 Feb 2008 03:36:51 -0000 1.2
@@ -4,7 +4,13 @@
fun:__strcpy_chk
fun:entryOpen
fun:ures_open_3_6
- fun:res_getstring
+}
+{
+ Problem with ICU
+ Memcheck:Cond
+ fun:__strcpy_chk
+ obj:/usr/lib64/libicuuc.so.36.0
+ fun:ures_open_3_6
}
{
Problem with ICU
@@ -14,7 +20,6 @@
fun:findFirstExisting
fun:entryOpen
fun:ures_open_3_6
- fun:res_getstring
}
{
Problem with ICU
@@ -23,7 +28,6 @@
fun:init_entry
fun:entryOpen
fun:ures_open_3_6
- fun:res_getstring
}
{
Problem with ICU
@@ -31,7 +35,6 @@
fun:dsgw_vxprintf
fun:dsgw_emitfv
fun:dsgw_emitf
- fun:dsgw_html_begin
}
{
Problem with sasl
@@ -40,3 +43,60 @@
fun:_sasl_load_plugins
fun:sasl_client_init
}
+{
+ Problem with ICU
+ Memcheck:Cond
+ fun:__strcpy_chk
+ fun:entryOpen
+ fun:ures_open_3_6
+ fun:ucol_open_internal_3_6
+ fun:ucol_open_3_6
+}
+{
+ Problem with ICU
+ Memcheck:Cond
+ fun:u_strlen_3_6
+ fun:dsgw_strkeygen
+ fun:dsgw_keygen
+}
+{
+ Problem with ICU
+ Memcheck:Cond
+ fun:__strcpy_chk
+ fun:init_entry
+ fun:findFirstExisting
+ fun:entryOpen
+ fun:ures_openDirect_3_6
+}
+{
+ Problem with ICU
+ Memcheck:Cond
+ fun:__strcpy_chk
+ obj:/usr/lib64/libicuuc.so.36.0
+ obj:/usr/lib64/libicuuc.so.36.0
+ obj:/usr/lib64/libicuuc.so.36.0
+ fun:ures_openDirect_3_6
+}
+{
+ Problem with ICU
+ Memcheck:Cond
+ fun:__strcpy_chk
+ fun:ures_getFunctionalEquivalent_3_6
+}
+{
+ Problem with ICU
+ Memcheck:Cond
+ fun:__strcpy_chk
+ obj:/usr/lib64/libicuuc.so.36.0
+ obj:/usr/lib64/libicuuc.so.36.0
+ obj:/usr/lib64/libicuuc.so.36.0
+ fun:ures_open_3_6
+}
+{
+ Problem with ICU
+ Memcheck:Cond
+ fun:__strcpy_chk
+ obj:/usr/lib64/libicuuc.so.36.0
+ obj:/usr/lib64/libicuuc.so.36.0
+ fun:ures_open_3_6
+}
More information about the Fedora-directory-commits
mailing list