From: Frédéric Marchal Date: Sun, 30 Oct 2011 14:42:07 +0000 (+0000) Subject: Protect a few buffers against overflows X-Git-Tag: v2.3.2~20 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8d811f76568c9cad93ff76ebbd1802ea6ab898fb;p=thirdparty%2Fsarg.git Protect a few buffers against overflows Use snprintf instead of strcpy, strcat or sprintf. --- diff --git a/html.c b/html.c index e749385..14a2dbe 100644 --- a/html.c +++ b/html.c @@ -64,11 +64,15 @@ void htmlrel(void) if((ReportType & REPORT_TYPE_USERS_SITES) == 0) return; - strcpy(tmp2,tmp); - strcat(tmp2,"/sargtmp.unsort"); + if (snprintf(tmp2,sizeof(tmp2),"%s/sargtmp.unsort",tmp)>=sizeof(tmp2)) { + debuga(_("File name too long: %s/sargtmp.unsort\n"),tmp); + exit(EXIT_FAILURE); + } - strcpy(tmp3,tmp); - strcat(tmp3,"/sargtmp.log"); + if (snprintf(tmp3,sizeof(tmp3),"%s/sargtmp.log",tmp)>=sizeof(tmp3)) { + debuga(_("File name too long: %s/sargtmp.log\n"),tmp); + exit(EXIT_FAILURE); + } tnacc=globstat.nacc; totbytes=globstat.nbytes; diff --git a/include/conf.h b/include/conf.h index 3425c16..3e8582c 100755 --- a/include/conf.h +++ b/include/conf.h @@ -400,9 +400,7 @@ char AuthUserTemplateFile[1024]; //! \c True to use anonymous file and directory names in the report. bool AnonymousOutputFiles; char val1[MAXLEN]; -char val2[MAXLEN]; char val3[MAXLEN]; -char val4[MAXLEN]; char val5[MAXLEN]; char val6[MAXLEN]; char val7[MAXLEN]; diff --git a/log.c b/log.c index f8b551a..4e1265a 100644 --- a/log.c +++ b/log.c @@ -108,7 +108,6 @@ int main(int argc,char *argv[]) char denied_sort[MAXLEN]; char authfail_unsort[MAXLEN]; char start_hour[128]; - char end_hour[128]; char *linebuf; const char *url; char *full_url; @@ -210,7 +209,7 @@ int main(int argc,char *argv[]) NRedirectorLogs=0; for (ilf=0 ; ilf=sizeof(arq_log)) { + debuga(_("File name too long: %s/sarg_temp.log"),ParsedOutputLog); + exit(EXIT_FAILURE); + } if((fp_log=MY_FOPEN(arq_log,"w"))==NULL) { debuga(_("(log) Cannot open log file: %s - %s\n"),arq_log,strerror(errno)); exit(EXIT_FAILURE); @@ -1283,7 +1284,7 @@ int main(int argc,char *argv[]) // include_users if(IncludeUsers[0] != '\0') { - sprintf(val1,":%s:",user); + snprintf(val1,sizeof(val1),":%s:",user); if((str=(char *) strstr(IncludeUsers,val1)) == (char *) NULL ) continue; } @@ -1400,7 +1401,7 @@ int main(int argc,char *argv[]) } if(puser) { - sprintf(wuser,":%s:",user); + snprintf(wuser,sizeof(wuser),":%s:",user); if(strstr(userfile, wuser) == 0) continue; } @@ -1425,8 +1426,8 @@ int main(int argc,char *argv[]) if((str=(char *) strstr(linebuf, "[SmartFilter:")) != (char *) NULL ) { fixendofline(str); - sprintf(smartfilter,"\"%s\"",str+1); - } else sprintf(smartfilter,"\"\""); + snprintf(smartfilter,sizeof(smartfilter),"\"%s\"",str+1); + } else strcpy(smartfilter,"\"\""); nopen=0; prev_ufile=NULL; @@ -1638,11 +1639,19 @@ int main(int argc,char *argv[]) fclose(fp_authfail); if(fp_log != NULL) { + char end_hour[128]; + char val2[40]; + char val4[255];//val4 must not be bigger than arq_log without fixing the strcpy below + fclose(fp_log); - strcpy(end_hour,tbuf2); + strncpy(end_hour,tbuf2,sizeof(end_hour)-1); + end_hour[sizeof(end_hour)-1]='\0'; strftime(val2,sizeof(val2),"%d%m%Y",&period.start); strftime(val1,sizeof(val1),"%d%m%Y",&period.end); - sprintf(val4,"%s/sarg-%s_%s-%s_%s.log",ParsedOutputLog,val2,start_hour,val1,end_hour); + if (snprintf(val4,sizeof(val4),"%s/sarg-%s_%s-%s_%s.log",ParsedOutputLog,val2,start_hour,val1,end_hour)>=sizeof(val4)) { + debuga(_("File name too long: %s/sarg-%s_%s-%s_%s.log"),ParsedOutputLog,val2,start_hour,val1,end_hour); + exit(EXIT_FAILURE); + } if (rename(arq_log,val4)) { debuga(_("failed to rename %s to %s - %s\n"),arq_log,val4,strerror(errno)); } else { @@ -1653,7 +1662,10 @@ int main(int argc,char *argv[]) No double quotes around ParsedOutputLogCompress because it may contain command line options. If double quotes are necessary around the command name, put them in the configuration file. */ - sprintf(val1,"%s \"%s\"",ParsedOutputLogCompress,arq_log); + if (snprintf(val1,sizeof(val1),"%s \"%s\"",ParsedOutputLogCompress,arq_log)>=sizeof(val1)) { + debuga(_("Command too long: %s \"%s\""),ParsedOutputLogCompress,arq_log); + exit(EXIT_FAILURE); + } cstatus=system(val1); if (!WIFEXITED(cstatus) || WEXITSTATUS(cstatus)) { debuga(_("command return status %d\n"),WEXITSTATUS(cstatus)); diff --git a/smartfilter.c b/smartfilter.c index 32661da..a4372d5 100644 --- a/smartfilter.c +++ b/smartfilter.c @@ -44,7 +44,7 @@ void smartfilter_report(void) char data[15]; char hora[15]; char smartcat[256]; - char smartheader[15]; + char smartheader[50]; char ftime[128]; char smartuser[MAXLEN]; int fuser=0; @@ -54,13 +54,26 @@ void smartfilter_report(void) ouser[0]='\0'; - strcpy(smartheader,_("SmartFilter")); + strncpy(smartheader,_("SmartFilter"),sizeof(smartheader)-1); + smartheader[sizeof(smartheader)-1]='\0'; strup(smartheader); - sprintf(smart_in,"%s/smartfilter.unsort",outdirname); - sprintf(sites,"%s/sarg-sites",outdirname); - sprintf(smart_ou,"%s/smartfilter.log",outdirname); - sprintf(report,"%s/smartfilter.html",outdirname); + if (snprintf(smart_in,sizeof(smart_in),"%s/smartfilter.unsort",outdirname)>=sizeof(smart_in)) { + debuga(_("File name too long: %s/smartfilter.unsort"),outdirname); + exit(EXIT_FAILURE); + } + if (snprintf(sites,sizeof(sites),"%s/sarg-sites",outdirname)>=sizeof(sites)) { + debuga(_("File name too long: %s/sarg-sites"),outdirname); + exit(EXIT_FAILURE); + } + if (snprintf(smart_ou,sizeof(smart_ou),"%s/smartfilter.log",outdirname)>=sizeof(smart_ou)) { + debuga(_("File name too long: %s/smartfilter.log"),outdirname); + exit(EXIT_FAILURE); + } + if (snprintf(report,sizeof(report),"%s/smartfilter.html",outdirname)>=sizeof(report)) { + debuga(_("File name too long: %s/smartfilter.html"),outdirname); + exit(EXIT_FAILURE); + } if (snprintf(csort,sizeof(csort),"sort -n -t \"\t\" -k 1,1 -k 2,2 -k 3,3 -o \"%s\" \"%s\"",smart_ou,smart_in)>=sizeof(csort)) { debuga(_("cannot build the sort command to sort file %s\n"),smart_in);