Report from 2016-07-10 03:04:24

List of files

621
  int days = dt / (60 * 60 * 24);
622
  dt = dt - days * (60 * 60 * 24);
623
  int hours = dt / (60 * 60);
624
  dt = dt - hours * (60 * 60);
625
  int minutes = dt / 60;
626
  dt = dt - minutes * 60;
627
  int seconds = dt;
628
629
  buffer->days = days;
630
  buffer->hours = hours;
631
  buffer->minutes = minutes;
632
  buffer->seconds = seconds;
633
}
634
635
gdImagePtr
636
chart_create_legend(gdImagePtr im, int width, int height,
637
    apr_array_header_t *data, int flags)
638
{
639
  int show_date = flags & CHART_DATE;
640
  int gray5, gray3, gray1, blue, yellow, orang, black;

rats: fixed size local buffer-->Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.

641
  char buffer[256], add_buffer[256];
642
  gray5 = gdImageColorAllocate(im, 150, 150, 150);
643
  gray3 = gdImageColorAllocate(im, 215, 215, 215);
644
  gray1 = gdImageColorAllocate(im, 226, 226, 226);
645
  blue = gdImageColorAllocate(im, 112, 157, 232);
646
  yellow = gdImageColorAllocate(im, 252, 254, 188);
647
  orang = gdImageColorAllocate(im, 212, 195, 100);
648
  black = gdImageColorAllocate(im, 0, 0, 0);
649
  double max_value = chart_get_max_value(data);
650
  //int min = chart_get_min(data), max = chart_get_max(data);
651
  int max_value_i = (int) ceil(max_value);
652
  gdFontPtr fptr = gdFontGetSmall();
653
  int rw = width - 1, rh = height - 1, spx = _SPX, spy = _SPY, epx = _EPX, epy =
654
      _EPY;
655
  epy = height - ((height - spy - epy - 4) / 10 * 10) - spy - 4;
656
  int i, dx = 20, dy = (height - (spy + epy)) / 10;
657
  int j = 0;
658
  for (i = 0; i < (width - ((spx + 2) + (epx + 2))); i += dx)
659
    {
660
      gdPoint pt[5];
661
      pt[0].x = spx + 2 + i - 6;
40
#include <sys/time.h>
41
#include <pthread.h>
42
#if defined(linux)
43
#include <linux/unistd.h>
44
#endif
45
#if defined(__FreeBSD__)
46
#include <unistd.h>
47
#endif
48
#include <errno.h>
49
#include <math.h>
50
#include <stdio.h>
51
#include <stdlib.h>
52
#include <time.h>
53
#include <stdarg.h>
54
55
#include "debug.h"
56
#define MAX_BUF_LEN 4096
57
58
void write_debug_info(const char * format, ...) {
59
#ifdef DEBUG_MODULE_H

rats: fixed size local buffer-->Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.

60
	char buffer[MAX_BUF_LEN];
61
	va_list args;
62
	va_start(args, format);
63
	vsnprintf(buffer, MAX_BUF_LEN, format, args);
64
	perror(buffer);
65
	va_end(args);
66
	FILE * pFile;
67
	char szFileName[] = "/tmp/mod_performance_debug.txt";
68
69
	pFile = fopen(szFileName, "a");
70
	if (pFile != NULL) {
71
		fprintf(pFile, "%s\n", buffer);
72
		fclose(pFile);
73
	}
74
#endif
75
	return;
76
}
108
  memorypagesize = getpagesize ();
109
  frglhz = (long) (1.0 / (gethz () * 1.0) * 1000000.0);
110
  if (frglhz < 0)
111
    return (1);
112
  return (0);
113
}
114
115
void
116
get_freebsd_mem_info (void * p, pid_t pid, freebsd_get_mem * fgm)
117
{
118
	get_freebsd_mem_info_ret(fgm, pid, -1);
119
}
120
121
int
122
get_freebsd_mem_info_ret (freebsd_get_mem * fgm, pid_t pid, pid_t tid)
123
{
124
  const char *nlistf, *memf;
125
  memf = _PATH_DEVNULL;
126
  static kvm_t *kd;
127
  struct kinfo_proc *kp;

rats: fixed size local buffer-->Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.

128
  char errbuf[_POSIX2_LINE_MAX];
129
  int flag = pid, what = KERN_PROC_PID, nentries, i;
130
  nlistf = NULL;
131
  fgm->memory_bytes = 0;
132
  fgm->memory_percents = 0;
133
  fgm->memory_total = 0;
134
  kd = kvm_openfiles (nlistf, memf, NULL, O_RDONLY, errbuf);
135
  if (kd == 0)
136
    {
137
      return -1;
138
    }
139
  else
140
    {
141
      kp = kvm_getprocs (kd, what, flag, &nentries);
142
      if ((kp == NULL && nentries > 0) || (kp != NULL && nentries < 0))
143
	{
144
	  kvm_close (kd);
145
	  return -1;
146
	}
147
      else
148
	{

...

199
      buf->idle = cpts[CP_IDLE] * frglhz;
200
      buf->iowait = cpts[CP_INTR] * frglhz;
201
202
      buf->total = cpts[CP_USER] * frglhz + cpts[CP_NICE] * frglhz
203
	+ cpts[CP_SYS] * frglhz + cpts[CP_IDLE] * frglhz;
204
    }
205
#endif
206
207
}
208
209
void
210
get_freebsd_cpukvm_info (void * p, pid_t pid, freebsd_get_cpu * fgc)
211
{
212
  const char *nlistf, *memf;
213
  memf = _PATH_DEVNULL;
214
  static kvm_t *kd;
215
  struct kinfo_proc *kp;
216
  int dummy;
217
  fgc->process_cpu = 0;
218
  fgc->system_cpu = 0;

rats: fixed size local buffer-->Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.

219
  char errbuf[_POSIX2_LINE_MAX];
220
  int flag = pid, what = KERN_PROC_PID, nentries, i;
221
  nlistf = NULL;
222
  kd = kvm_openfiles (nlistf, memf, NULL, O_RDONLY, errbuf);
223
  if (kd == 0)
224
    {
225
      //fprintf(stderr, "%s\n", errbuf);
226
      dummy = 1;
227
    }
228
  else
229
    {
230
      kp = kvm_getprocs (kd, what, flag, &nentries);
231
      if ((kp == NULL && nentries > 0) || (kp != NULL && nentries < 0))
232
	{
233
	  //fprintf(stderr, "%s\n", kvm_geterr(kd));
234
	  dummy = 1;
235
	}
236
      else
237
	{
238
	  if (nentries > 0)
239
	    {

...

240
	      for (i = nentries; --i >= 0; ++kp)
241
		{
242
		  fgc->process_cpu =
243
		    kp->ki_runtime + tv2sec (kp->ki_childtime);
244
		  fgc->system_cpu = 0;
245
		  break;
246
		}
247
	    }
248
	}
249
      kvm_close (kd);
250
    }
251
}
252
253
void
254
get_freebsd_io_info (void * p, pid_t pid, freebsd_get_io * fgi)
255
{
256
  const char *nlistf, *memf;
257
  memf = _PATH_DEVNULL;
258
  static kvm_t *kd;
259
  struct kinfo_proc *kp;

rats: fixed size local buffer-->Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.

260
  char errbuf[_POSIX2_LINE_MAX];
261
  int flag = pid, what = KERN_PROC_PID, nentries, i;
262
  nlistf = NULL;
263
  int dummy;
264
  fgi->io_write = 0;
265
  fgi->io_read = 0;
266
  kd = kvm_openfiles (nlistf, memf, NULL, O_RDONLY, errbuf);
267
  if (kd == 0)
268
    //fprintf(stderr, "%s\n", errbuf);
269
    dummy = 1;
270
  else
271
    {
272
      kp = kvm_getprocs (kd, what, flag, &nentries);
273
      if ((kp == NULL && nentries > 0) || (kp != NULL && nentries < 0))
274
	{
275
	  //fprintf(stderr, "%s\n", kvm_geterr(kd));
276
	  dummy = 1;
277
	}
278
      else
279
	{
280
	  if (nentries > 0)
86
87
	return sysfs;
88
}
89
90
static int set_linux_version() {
91
	struct utsname uts;
92
	unsigned x = 0, y = 0, z = 0;
93
94
	if (uname(&uts) == -1) /* failure most likely implies impending death */
95
		return -1;
96
	sscanf(uts.release, "%u.%u.%u", &x, &y, &z);
97
	if (LINUX_VERSION_CODE (x, y, z) >= LINUX_VERSION_CODE (2, 6, 0)
98
			&& !has_sysfs())
99
		return -1;
100
101
	os_version_code = LINUX_VERSION_CODE (x, y, z);
102
	return 0;
103
}
104
105
static int try_file_to_buffer_iostat(char *buffer, const char *format, ...) {

rats: fixed size local buffer-->Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.

106
	char path[_PATH_SIZE];
107
	int fd;
108
	ssize_t len;
109
	va_list pa;
110
111
	va_start(pa, format);
112
113
	vsnprintf(path, sizeof path, format, pa);
114
115
	va_end(pa);
116
117
	buffer[0] = '\0';
118
119
	if ((fd = open(path, O_RDONLY)) < 0)
120
		return TRY_FILE_TO_BUFFER_OPEN_IOSTAT;
121
122
	len = read(fd, buffer, BUFSIZ - 1);
123
	close(fd);
124
125
	if (len < 0)
126
		return TRY_FILE_TO_BUFFER_READ_IOSTAT;

...

155
void get_io_stat(iostat * info, long pid, long tid) {

rats: fixed size local buffer-->Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.

156
	char buffer[BUFSIZ];
157
	io_stat_reset(info);
158
	int res;
159
	if (tid != (long) -1)
160
		res = try_file_to_buffer_iostat(buffer, "/proc/%d/task/%d/io", pid,
161
				tid);
162
	else
163
		res = try_file_to_buffer_iostat(buffer, "/proc/%d/io", pid);
164
	if (res == TRY_FILE_TO_BUFFER_OK_IOSTAT) {
165
		info->rchar = get_scaled_iostat(buffer, "rchar:");
166
		info->wchar = get_scaled_iostat(buffer, "wchar:");
167
		info->read_bytes = get_scaled_iostat(buffer, "read_bytes:");
168
		info->write_bytes = get_scaled_iostat(buffer, "write_bytes:");
169
		info->cancelled_write_bytes = get_scaled_iostat(buffer,
170
				"cancelled_write_bytes:");
171
	}
172
}
173
174
void get_io_stat_current(iostat * info, long pid, long tid) {

rats: fixed size local buffer-->Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.

175
	char buffer[BUFSIZ];
176
	io_stat_reset(info);

...

177
	int res;
178
	if (tid != (long) -1)
179
		res = try_file_to_buffer_iostat(buffer, "/proc/self/task/%d/io", tid);
180
	else
181
		res = try_file_to_buffer_iostat(buffer, "/proc/self/io");
182
	if (res == TRY_FILE_TO_BUFFER_OK_IOSTAT) {
183
		info->rchar = get_scaled_iostat(buffer, "rchar:");
184
		info->wchar = get_scaled_iostat(buffer, "wchar:");
185
		info->read_bytes = get_scaled_iostat(buffer, "read_bytes:");
186
		info->write_bytes = get_scaled_iostat(buffer, "write_bytes:");
187
		info->cancelled_write_bytes = get_scaled_iostat(buffer,
188
				"cancelled_write_bytes:");
189
	}
190
}
191
192
void io_stat_reset(iostat * info) {
193
	memset(info, 0, sizeof(iostat));
194
}
195
196
void glibtop_get_cpu_own(glibtop_cpu_own * buf) {

rats: fixed size local buffer-->Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.

197
	char buffer[BUFSIZ], *p;
198
199
	memset(buf, 0, sizeof(glibtop_cpu_own));
200
201
	int res = try_file_to_buffer_iostat(buffer, FILENAME);
202
	if (res == TRY_FILE_TO_BUFFER_OK_IOSTAT) {
203
		p = skip_token(buffer);
204
		buf->user = strtoull(p, &p, 0);
205
		buf->nice = strtoull(p, &p, 0);
206
		buf->sys = strtoull(p, &p, 0);
207
		buf->idle = strtoull(p, &p, 0);
208
		buf->total = buf->user + buf->nice + buf->sys + buf->idle;
209
210
		/* 2.6 kernel */
211
		if (os_version_code >= LINUX_VERSION_CODE (2, 6, 0)) {
212
			buf->iowait = strtoull(p, &p, 0);
213
			buf->irq = strtoull(p, &p, 0);
214
			buf->softirq = strtoull(p, &p, 0);
215
216
			buf->total += buf->iowait + buf->irq + buf->softirq;
217
		}

...

228
}
229
230
static inline char *
231
proc_stat_after_cmd(char *p) {
232
	p = strrchr(p, ')');
233
	if (p)
234
		*p++ = '\0';
235
	return p;
236
}
237
238
static inline char *
239
skip_multiple_token(const char *p, size_t count) {
240
	while (count--)
241
		p = skip_token(p);
242
243
	return (char *) p;
244
}
245
246
void glibtop_get_proc_time_own(glibtop_proc_time_own * buf, pid_t pid,
247
		pid_t tid) {

rats: fixed size local buffer-->Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.

248
	char buffer[BUFSIZ], *p;
249
	memset(buf, 0, sizeof(glibtop_proc_time_own));
250
251
	int res;
252
	if (tid != (long) -1)
253
		res = try_file_to_buffer_iostat(buffer, "/proc/%d/task/%d/stat", pid,
254
				tid);
255
	else
256
		res = try_file_to_buffer_iostat(buffer, "/proc/%d/stat", pid);
257
	if (res == TRY_FILE_TO_BUFFER_OK_IOSTAT) {
258
		p = proc_stat_after_cmd(buffer);
259
		if (!p)
260
			return;
261
262
		p = skip_multiple_token(p, 11);
263
264
		buf->utime = strtoull(p, &p, 0);
265
		buf->stime = strtoull(p, &p, 0);
266
		buf->rtime = buf->utime + buf->stime;
267
		buf->cutime = strtoull(p, &p, 0);
268
		buf->cstime = strtoull(p, &p, 0);

...

264
		buf->utime = strtoull(p, &p, 0);
265
		buf->stime = strtoull(p, &p, 0);
266
		buf->rtime = buf->utime + buf->stime;
267
		buf->cutime = strtoull(p, &p, 0);
268
		buf->cstime = strtoull(p, &p, 0);
269
		p = skip_multiple_token(p, 3);
270
		buf->it_real_value = strtoull(p, &p, 0);
271
		buf->frequency = 100;
272
273
	}
274
}
275
276
#define FILENAMEMEM        "/proc/meminfo"
277
278
void glibtop_get_mem_own(glibtop_mem_own * buf) {
279
	glibtop_get_mem_own_ret(buf);
280
281
}
282
283
int glibtop_get_mem_own_ret(glibtop_mem_own * buf) {

rats: fixed size local buffer-->Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.

284
	char buffer[BUFSIZ];
285
	memset(buf, 0, sizeof *buf);
286
287
	int res = try_file_to_buffer_iostat(buffer, FILENAMEMEM);
288
	if (res == TRY_FILE_TO_BUFFER_OK_IOSTAT) {
289
		buf->total = get_scaled_iostat(buffer, "MemTotal:");
290
		buf->free = get_scaled_iostat(buffer, "MemFree:");
291
		buf->used = buf->total - buf->free;
292
		buf->shared = 0;
293
		buf->buffer = get_scaled_iostat(buffer, "Buffers:");
294
		buf->cached = get_scaled_iostat(buffer, "Cached:");
295
296
		buf->user = buf->total - buf->free - buf->cached - buf->buffer;
297
		return 0;
298
	}
299
	return -1;
300
301
}
302
303
static size_t get_page_size(void) {
304
	static size_t pagesize = 0;

...

299
	return -1;
300
301
}
302
303
static size_t get_page_size(void) {
304
	static size_t pagesize = 0;
305
306
	if (!pagesize) {
307
		pagesize = getpagesize();
308
	}
309
310
	return pagesize;
311
}
312
313
void glibtop_get_proc_mem_own(glibtop_proc_mem_own * buf, pid_t pid, pid_t tid) {
314
	glibtop_get_proc_mem_own_ret(buf, pid, tid);
315
}
316
317
int glibtop_get_proc_mem_own_ret(glibtop_proc_mem_own * buf, pid_t pid,
318
		pid_t tid) {

rats: fixed size local buffer-->Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.

319
	char buffer[BUFSIZ], *p;
320
	const size_t pagesize = get_page_size();
321
	memset(buf, 0, sizeof(glibtop_proc_mem_own));
322
323
	int res;
324
	if (tid != (long) -1)
325
		res = try_file_to_buffer_iostat(buffer, "/proc/%d/task/%d/stat", pid,
326
				tid);
327
	else
328
		res = try_file_to_buffer_iostat(buffer, "/proc/%d/stat", pid);
329
	if (res == TRY_FILE_TO_BUFFER_OK_IOSTAT) {
330
		p = proc_stat_after_cmd(buffer);
331
		if (!p)
332
			return -1;
333
334
		p = skip_multiple_token(p, 20);
335
336
		buf->vsize = strtoull(p, &p, 0);
337
		buf->rss = strtoull(p, &p, 0);
338
		buf->rss_rlim = strtoull(p, &p, 0);
339
1692
	apr_signal(SIGCHLD, SIG_IGN);
1693
	apr_signal(SIGHUP, daemon_signal_handler);
1694
1695
	ap_close_listeners();
1696
1697
	if ((sd = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) {
1698
		ap_log_error(APLOG_MARK, APLOG_ERR, errno, main_server,
1699
				MODULE_PREFFIX "Couldn't create unix domain socket");
1700
		return errno;
1701
	}
1702
1703
	memset(&unix_addr, 0, sizeof(unix_addr));
1704
	unix_addr.sun_family = AF_UNIX;
1705
	if (!performance_use_pid)
1706
		performance_socket = performance_socket_no_pid;
1707
	apr_cpystrn(unix_addr.sun_path, performance_socket,
1708
			sizeof unix_addr.sun_path);
1709

rats: umask-->umask() can easily be used to create files with unsafe priviledges. It should be set to restrictive values.

1710
	omask = umask(0077);
1711
	rc = bind(sd, (struct sockaddr *) &unix_addr, sizeof(unix_addr));

rats: umask-->umask() can easily be used to create files with unsafe priviledges. It should be set to restrictive values.

1712
	umask(omask);
1713
1714
	if (performance_get_all_access())
1715
		rv = apr_file_perms_set(performance_socket,
1716
				APR_FPROT_UREAD | APR_FPROT_UWRITE | APR_FPROT_UEXECUTE
1717
						| APR_FPROT_GREAD | APR_FPROT_GWRITE | APR_FPROT_WREAD
1718
						| APR_FPROT_WWRITE);
1719
	else
1720
		rv = apr_file_perms_set(performance_socket,
1721
		APR_FPROT_UREAD | APR_FPROT_UWRITE | APR_FPROT_UEXECUTE);
1722
	if (performance_socket_perm) {
1723
		rv = apr_file_perms_set(performance_socket, performance_socket_perm);
1724
	}
1725
	if (rv != APR_SUCCESS) {
1726
		ap_log_error(APLOG_MARK, APLOG_CRIT, rv, main_server,
1727
				MODULE_PREFFIX "Couldn't set permissions on unix domain socket %s",
1728
				performance_socket);
1729
		close(sd);
1730
		return rv;
88
    }
89
  return (getpid ());
90
#endif
91
92
#if defined(__FreeBSD__)
93
  long lwpid;
94
#if __FreeBSD_version < 900031
95
  thr_self (&lwpid);
96
#else
97
  lwpid = pthread_getthreadid_np ();
98
#endif
99
  return lwpid;
100
#endif
101
}
102
103
void modperformance_sendbegin_info_send_info(performance_module_send_req *req,
104
		char *uri, char *filename, char *hostname, char *method, char *args,
105
		char *canonical_filename, int use_tid, server_rec *server,
106
		apr_pool_t *pool, int performance_use_cononical_name) {
107

rats: fixed size local buffer-->Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.

108
	char str_b[512] = "";
109
	double time_start;
110
	struct timeval tm;
111
	gettimeofday(&tm, NULL);
112
	time_start = (double) tm.tv_sec + (double) tm.tv_usec / SEC2NANO;
113
114
	req->current_pid = getpid();
115
	req->time_start = time_start;
116
	req->current_tid = use_tid ? gettid() : getpid();
117
	req->srv = server;
118
	if (hostname)
119
		apr_cpystrn(req->hostname, hostname, sizeof(req->hostname));
120
	else
121
		apr_cpystrn(req->hostname, "", sizeof(req->hostname));
122
	if (uri)
123
		apr_cpystrn(req->uri, uri, sizeof(req->uri));
124
	else
125
		apr_cpystrn(req->uri, "", sizeof(req->uri));
126
127
	char *str = NULL;
128
#ifndef _LIBBUILD

...

159
	//glibtop_get_mem_own(&req->mem1);
160
	glibtop_get_proc_mem_own(&req->mem2, req->current_pid,
161
			use_tid ? req->current_tid : (long) -1);
162
163
	get_io_stat_current(&req->io, req->current_pid,
164
			use_tid ? req->current_tid : (long) -1);
165
#endif
166
#if defined(__FreeBSD__)
167
	get_freebsd_cpu_info (NULL, &req->cpu1);
168
	get_freebsd_cpukvm_info (NULL, req->current_pid, &req->cpu2);
169
	get_freebsd_mem_info (NULL, req->current_pid, &req->mem2);
170
	get_freebsd_io_info (NULL, req->current_pid, &req->io);
171
#endif
172
173
	req->command = 0;
174
}
175
176
void modperformance_sendend_info_send_info(performance_module_send_req *req,
177
		char *uri, char *hostname, char *method, char *args, int use_tid,
178
		server_rec *server, apr_pool_t *pool) {

rats: fixed size local buffer-->Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.

179
	char str_b[512] = "";
180
	double time_start2;
181
	struct timeval tm;
182
	gettimeofday(&tm, NULL);
183
	time_start2 = (double) tm.tv_sec + (double) tm.tv_usec / SEC2NANO;
184
185
	req->current_pid = getpid();
186
	req->time_start = time_start2;
187
	req->current_tid = use_tid ? gettid() : getpid();
188
	req->srv = server;
189
190
	if (hostname)
191
		apr_cpystrn(req->hostname, hostname, sizeof(req->hostname));
192
	else
193
		apr_cpystrn(req->hostname, "", sizeof(req->hostname));
194
195
	if (uri)
196
		apr_cpystrn(req->uri, uri, sizeof(req->uri));
197
	else
198
		apr_cpystrn(req->uri, "", sizeof(req->uri));
199
566
		m_db_r = (*_mysql_init)(NULL);
567
		if (!m_db_r) {
568
			(*_mysql_close)(m_db);
569
			pthread_rwlock_unlock(&db_lock_rw);
570
			return -1;
571
		}
572
		(*_mysql_options)(m_db_r, MYSQL_OPT_RECONNECT, &reconnect);
573
		if (!(*_mysql_real_connect)(m_db_r, host, username, password, dbname, 0,
574
				NULL, 0)) {
575
			(*_mysql_close)(m_db);
576
			pthread_rwlock_unlock(&db_lock_rw);
577
			return -1;
578
		}
579
580
		apr_pool_cleanup_register(p, NULL, sql_adapter_cleanup_close_mysql,
581
				apr_pool_cleanup_null);
582
	}
583
		break;
584
	case 3: {
585
		//extract port number form host

rats: fixed size local buffer-->Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.

586
		char host_only[512], port_only[512];
587
588
		if (strstr((host?host:"localhost"), ":") && host) {
589
			char *pos = strstr(host, ":");
590
			strncpy(host_only, host, pos - host);
591
			host_only[pos - host] = '\0';
592
			strncpy(port_only, pos + 1, strlen(host) - (pos - host));
593
			port_only[strlen(host) - (pos - host)] = '\0';
594
		} else {
595
			strncpy(host_only, host?host:"localhost", 512);
596
			strncpy(port_only, "", 512);
597
			host_only[511] = '\0';
598
			port_only[511] = '\0';
599
		}
600
601
602
		//PgSql
603
		char *connect_string;
604
		if (!port_only[0])
605
			connect_string = apr_psprintf(p,
606
					"host=%s dbname=%s user=%s password=%s", host?host:"localhost", dbname,
51
static struct sigevent sev[MAX_REGISTERED_SIGNALS];
52
static struct itimerspec its[MAX_REGISTERED_SIGNALS];
53
54
55
static apr_status_t
56
deletetimer (void *number)
57
{
58
  intptr_t nm = (intptr_t) number;
59
  int nm_t = (int) nm;
60
  timer_delete (timerid[nm_t]);
61
  return APR_SUCCESS;
62
}
63
64
long
65
gettimeinterval (char *timestring)
66
{
67
  regex_t compiled_regex;
68
  regex_t compiled_regex_all;
69
  regmatch_t regexp_result;
70
  //size_t matches = 1;

rats: fixed size local buffer-->Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.

71
  char buffer[512];
72
  time_t rawtime;
73
  struct tm *timeinfo;
74
  int error;
75
  int hours = 0, minutes = 0, seconds = 0;
76
  if (regcomp
77
      (&compiled_regex_all,
78
       "^[0-9]\\{1,2\\}[:-][0-9]\\{1,2\\}[:-]\\{0,1\\}[0-9]\\{0,2\\}$", 0))
79
    {
80
      return 0;
81
    }
82
  error = regexec (&compiled_regex_all, timestring, 1, &regexp_result, 0);
83
  if (error)
84
    {
85
      regfree (&compiled_regex_all);
86
      return 0;
87
    }
88
  regfree (&compiled_regex_all);
89
  if (regcomp (&compiled_regex, "[0-9]\\{1,2\\}", 0))
90
    {
91
      return 0;