small bugfixes

[Michael Santos]

cfexecd:

* another fd leak
* buffer overflow if the output of cfagent is = 4096 bytes and
  sysadm has not been set

cfagent, cfenvd, cfrun, cfservd:

* minor nit: -f flag uses strcpy and is subject to buffer overflows.
  The same thing can be done by setting CFINPUTSVAR to a value > 4096
  bytes with cfservd.

* correct sprintf() in cfrun

Patches apply against cfengine 2.1.0p1.

-- 
Michael Santos <address@hidden>
Unix Administrator/MIST Inc.

--- src/cfagent.c-orig  2003-11-03 12:48:28.000000000 -0500
+++ src/cfagent.c       2003-11-04 11:57:59.000000000 -0500
@@ -1575,5 +1575,6 @@
                break;
 
-      case 'f': strcpy(VINPUTFILE,optarg);
+      case 'f': strncpy(VINPUTFILE,optarg, bufsize-1);
+               VINPUTFILE[bufsize-1] = '\0';
                 MINUSF = true;
                 break;

--- src/cfenvd.c-orig   2003-11-03 15:03:59.000000000 -0500
+++ src/cfenvd.c        2003-11-04 11:58:50.000000000 -0500
@@ -244,5 +244,6 @@
       case 'f': /* This is for us Oslo folks to test against old data in batch 
*/
 
-               strcpy(BATCHFILE,optarg);
+               strncpy(BATCHFILE,optarg,bufsize-1);
+               BATCHFILE[bufsize-1] = '\0';
                NO_FORK = true;
                BATCH_MODE = true;

--- src/cfexecd.c-orig  2003-11-01 19:44:54.000000000 -0500
+++ src/cfexecd.c       2003-11-09 10:09:06.000000000 -0500
@@ -585,4 +585,5 @@
    snprintf(OUTPUT,bufsize,"Couldn't open pipe to command %s\n",cmd);
    CfLog(cferror,OUTPUT,"cfpopen");
+   fclose(fp);
    return NULL;
    }
@@ -615,5 +616,9 @@
       if (strlen(MAILTO) == 0)
         {
-        strcat(line,"\n");
+        strncat(line,"\n",bufsize-1-strlen(line));
+        if ((strchr(line,'\n')) == NULL)
+           {
+           line[bufsize-2] = '\n';
+           }
         CfLog(cfinform,line,"");
         }

--- src/cfrun.c-orig    2003-11-03 12:03:29.000000000 -0500
+++ src/cfrun.c 2003-11-03 14:08:08.000000000 -0500
@@ -175,5 +175,5 @@
            }
         bzero(VCFRUNHOSTS,bufsize);
-        strcat(VCFRUNHOSTS,argv[i]);
+        strncat(VCFRUNHOSTS,argv[i],bufsize-1-strlen(VCFRUNHOSTS));
         Debug("cfrun: cfrun file = %s\n",VCFRUNHOSTS);
         }
@@ -218,6 +218,6 @@
       else
         {
-        strcat(CFRUNOPTIONS,argv[i]);
-        strcat(CFRUNOPTIONS," ");
+        strncat(CFRUNOPTIONS,argv[i],bufsize-1-strlen(CFRUNOPTIONS));
+        strncat(CFRUNOPTIONS," ",bufsize-1-strlen(CFRUNOPTIONS));
         }
       }
@@ -783,5 +783,5 @@
    }
    
-sprintf(sp,CFD_TERMINATOR);
+sprintf(sp, "%s", CFD_TERMINATOR);
 
 if (SendTransaction(sd,sendbuffer,0,CF_DONE) == -1)

--- src/cfservd.c-orig  2003-11-03 13:58:59.000000000 -0500
+++ src/cfservd.c       2003-11-03 13:53:11.000000000 -0500
@@ -1000,11 +1000,11 @@
    if (!IsAbsoluteFileName(VINPUTFILE))        /* Don't prepend to absolute 
names */
       {
-      strcpy(filename,WORKDIR);
+      strncpy(filename,WORKDIR,bufsize-1);
       AddSlash(filename);
-      strcat(filename,"inputs/");
+      strncat(filename,"inputs/",bufsize-1-strlen(filename));
       }
    }
 
-strcat(filename,VINPUTFILE);
+strncat(filename,VINPUTFILE,bufsize-1-strlen(filename));
 
 if (stat(filename,&newstat) == -1)