Changes 2.06:

* In main(), when parsing form input fails, the CGI script exits without
  producing any output whatsoever.  Wouldn't it be better to actually
  emit an error status, instead of expecting the server to do something
  sane with a script that produces no output?

* In mpRead(), a check is done to insure the requested length is not
  greater than the amount of data still available, and to adjust it
  if necessary.  However, this check is currently done _after_ reading
  data from the putback buffer, in which process len is decremented by
  the amount of putback data read, but mpp->offset is not correspondingly
  incremented (this happens later).  As a result, the check uses too
  small a value for len, and so fails to stop reading soon enough if
  the requested length is greater than what is available _and_ there
  was any data in the putback buffer.
  The fix is to move the check to the beginning of mpRead()

* Further, if a read request is satisfied _entirely_ from the putback
  buffer, mpp->offset is not updated at all, resulting in a similar
  problem.  The solution is to update mpp->offset in the "else if (got)"
  case.

* In cgiParsePostMultipartInput(), if the Content-Disposition of a part
  is not "form-data", afterNextBoundary() is not called before beginning
  to process the next part.  As a result, parsing of the next part headers
  begins with the body of the unwanted part.  It is necessary in this case
  to call afterNextBoundary() before continuing with the next cycle.

* In handling out-of-memory conditions in afterNextBoundary(), *outP is
  set to '\0'.  While this is technically legal ('\0' is "an integral
  constant expression with the value 0"), it looks funny.

* In cgiCookieString(), a change was introduced in v2.02 which purports
  to prevent an overrun in cases where cgiCookie is exactly equal to
  the requested cookie name.  In fact, the problem can also occur if
  the requested name occurs with no values at the end of cgiCookie.
  Further, the change from v2.02 does not fix the problem, because it
  compares the _pointers_ p and n to NULL, which they will never equal,
  rather than comparing the pointers they point at to NUL.

* Also in cgiCookieString(), there is a comment suggesting that the main
  loop never terminates except with a return.  This is not the case.
  For example, it will terminate if the requested cookie is not found
  and the cgiCookie string ends in a semicolon.

* Why did days[] (formerly daysOfWeek[]) and months[] become non-static?
  This pollutes the namespace of programs using CGIC.

* In cgiReadEnvironment(), when reading in the contents of an uploaded
  file, it is possible that a temporary file is successfully created
  but then cannot be opened.  In this case, no attempt is made to remove
  the tempoary file.

* Further, when a form entry does _not_ include an uploaded file,
  e->tfileName is set to malloc'd but uninitialized memory.  It should
  be set to an empty string, by setting e->tfileName[0] to zero after
  the 1-byte buffer is allocated.

4 files changed, 13 insertions, 13 deletions

diff --git a/www/cgic/Makefile b/www/cgic/Makefile
index c197f028508..0274e60ba78 100644
--- a/www/cgic/Makefile
+++ b/www/cgic/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.9 2012/10/28 06:30:12 asau Exp $
+# $NetBSD: Makefile,v 1.10 2014/04/07 15:01:44 adam Exp $
 
-DISTNAME=	cgic205
-PKGNAME=	cgic-2.05
+DISTNAME=	cgic206
+PKGNAME=	cgic-2.06
 CATEGORIES=	www
 MASTER_SITES=	http://www.boutell.com/cgic/
 
diff --git a/www/cgic/PLIST b/www/cgic/PLIST
index 7da8509bda4..68a8ee6b1a4 100644
--- a/www/cgic/PLIST
+++ b/www/cgic/PLIST
@@ -1,8 +1,8 @@
-@comment $NetBSD: PLIST,v 1.3 2009/06/14 22:00:19 joerg Exp $
+@comment $NetBSD: PLIST,v 1.4 2014/04/07 15:01:44 adam Exp $
 include/cgic.h
 lib/libcgic.la
 libexec/cgi-bin/capture
 libexec/cgi-bin/cgictest
-share/doc/html/cgiclib/cgic.html
+share/doc/cgiclib/cgic.html
 share/examples/cgiclib/capture.c
 share/examples/cgiclib/cgictest.c
diff --git a/www/cgic/distinfo b/www/cgic/distinfo
index fdbb8bb7d2c..a01bf61307e 100644
--- a/www/cgic/distinfo
+++ b/www/cgic/distinfo
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.4 2008/06/20 01:09:41 joerg Exp $
+$NetBSD: distinfo,v 1.5 2014/04/07 15:01:44 adam Exp $
 
-SHA1 (cgic205.tar.gz) = 04646274466192570190572f0a70094c67fa2703
-RMD160 (cgic205.tar.gz) = 913d50cb04f70c44119eda3fd3f689572efb65e4
-Size (cgic205.tar.gz) = 50263 bytes
-SHA1 (patch-aa) = ab2388d4fbf67a75cc1c970668ae08db571b680e
+SHA1 (cgic206.tar.gz) = fa4213f3479bb38511adb7fbb685ded96c2b1f72
+RMD160 (cgic206.tar.gz) = 440c9ca887e1d24f8953567174f1a0eb08ee2d61
+Size (cgic206.tar.gz) = 50167 bytes
+SHA1 (patch-aa) = e90c34b85194524554ecab21a3edd68f50f41bc3
 SHA1 (patch-ab) = 42e8ee71eeb363e702dfab66344811a8967d382d
 SHA1 (patch-ac) = ee06539e395f5027291253c98ec103808f188a66
 SHA1 (patch-ad) = 6ef230a6cc265121dbcbaef392bc1d9c43d167b0
diff --git a/www/cgic/patches/patch-aa b/www/cgic/patches/patch-aa
index 95e8948dfbe..6cdaf950f21 100644
--- a/www/cgic/patches/patch-aa
+++ b/www/cgic/patches/patch-aa
@@ -1,4 +1,4 @@
-$NetBSD: patch-aa,v 1.3 2008/06/20 01:09:41 joerg Exp $
+$NetBSD: patch-aa,v 1.4 2014/04/07 15:01:44 adam Exp $
 
 --- Makefile.orig	2005-12-16 15:52:31.000000000 +0100
 +++ Makefile
@@ -59,9 +59,9 @@ $NetBSD: patch-aa,v 1.3 2008/06/20 01:09:41 joerg Exp $
 +	${LIBTOOL} --mode=install ${BSD_INSTALL_PROGRAM} capture ${DESTDIR}${PREFIX}/libexec/cgi-bin
 +	${LIBTOOL} --mode=install ${BSD_INSTALL_PROGRAM} cgictest ${DESTDIR}${PREFIX}/libexec/cgi-bin
 +	${INSTALL} -c -m 444 cgic.h ${DESTDIR}${PREFIX}/include
-+	mkdir -p ${DESTDIR}${PREFIX}/share/doc/html/cgiclib
++	mkdir -p ${DESTDIR}${PREFIX}/share/doc/cgiclib
 +	for i in *.html; do \
-+	  ${INSTALL} -c -m 444 $$i ${DESTDIR}${PREFIX}/share/doc/html/cgiclib ; \
++	  ${INSTALL} -c -m 444 $$i ${DESTDIR}${PREFIX}/share/doc/cgiclib ; \
 +	done
 + 
  clean: