[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
small bugfixes
From: |
Michael Santos |
Subject: |
small bugfixes |
Date: |
Mon, 10 Nov 2003 12:37:40 -0500 |
User-agent: |
Mutt/1.4.1i |
cfexecd:
* another fd leak
* buffer overflow if the output of cfagent is = 4096 bytes and
sysadm has not been set
cfagent, cfenvd, cfrun, cfservd:
* minor nit: -f flag uses strcpy and is subject to buffer overflows.
The same thing can be done by setting CFINPUTSVAR to a value > 4096
bytes with cfservd.
* correct sprintf() in cfrun
Patches apply against cfengine 2.1.0p1.
--
Michael Santos <address@hidden>
Unix Administrator/MIST Inc.
--- src/cfagent.c-orig 2003-11-03 12:48:28.000000000 -0500
+++ src/cfagent.c 2003-11-04 11:57:59.000000000 -0500
@@ -1575,5 +1575,6 @@
break;
- case 'f': strcpy(VINPUTFILE,optarg);
+ case 'f': strncpy(VINPUTFILE,optarg, bufsize-1);
+ VINPUTFILE[bufsize-1] = '\0';
MINUSF = true;
break;
--- src/cfenvd.c-orig 2003-11-03 15:03:59.000000000 -0500
+++ src/cfenvd.c 2003-11-04 11:58:50.000000000 -0500
@@ -244,5 +244,6 @@
case 'f': /* This is for us Oslo folks to test against old data in batch
*/
- strcpy(BATCHFILE,optarg);
+ strncpy(BATCHFILE,optarg,bufsize-1);
+ BATCHFILE[bufsize-1] = '\0';
NO_FORK = true;
BATCH_MODE = true;
--- src/cfexecd.c-orig 2003-11-01 19:44:54.000000000 -0500
+++ src/cfexecd.c 2003-11-09 10:09:06.000000000 -0500
@@ -585,4 +585,5 @@
snprintf(OUTPUT,bufsize,"Couldn't open pipe to command %s\n",cmd);
CfLog(cferror,OUTPUT,"cfpopen");
+ fclose(fp);
return NULL;
}
@@ -615,5 +616,9 @@
if (strlen(MAILTO) == 0)
{
- strcat(line,"\n");
+ strncat(line,"\n",bufsize-1-strlen(line));
+ if ((strchr(line,'\n')) == NULL)
+ {
+ line[bufsize-2] = '\n';
+ }
CfLog(cfinform,line,"");
}
--- src/cfrun.c-orig 2003-11-03 12:03:29.000000000 -0500
+++ src/cfrun.c 2003-11-03 14:08:08.000000000 -0500
@@ -175,5 +175,5 @@
}
bzero(VCFRUNHOSTS,bufsize);
- strcat(VCFRUNHOSTS,argv[i]);
+ strncat(VCFRUNHOSTS,argv[i],bufsize-1-strlen(VCFRUNHOSTS));
Debug("cfrun: cfrun file = %s\n",VCFRUNHOSTS);
}
@@ -218,6 +218,6 @@
else
{
- strcat(CFRUNOPTIONS,argv[i]);
- strcat(CFRUNOPTIONS," ");
+ strncat(CFRUNOPTIONS,argv[i],bufsize-1-strlen(CFRUNOPTIONS));
+ strncat(CFRUNOPTIONS," ",bufsize-1-strlen(CFRUNOPTIONS));
}
}
@@ -783,5 +783,5 @@
}
-sprintf(sp,CFD_TERMINATOR);
+sprintf(sp, "%s", CFD_TERMINATOR);
if (SendTransaction(sd,sendbuffer,0,CF_DONE) == -1)
--- src/cfservd.c-orig 2003-11-03 13:58:59.000000000 -0500
+++ src/cfservd.c 2003-11-03 13:53:11.000000000 -0500
@@ -1000,11 +1000,11 @@
if (!IsAbsoluteFileName(VINPUTFILE)) /* Don't prepend to absolute
names */
{
- strcpy(filename,WORKDIR);
+ strncpy(filename,WORKDIR,bufsize-1);
AddSlash(filename);
- strcat(filename,"inputs/");
+ strncat(filename,"inputs/",bufsize-1-strlen(filename));
}
}
-strcat(filename,VINPUTFILE);
+strncat(filename,VINPUTFILE,bufsize-1-strlen(filename));
if (stat(filename,&newstat) == -1)
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- small bugfixes,
Michael Santos <=