From: Frédéric Marchal Date: Fri, 26 Jun 2009 13:36:39 +0000 (+0000) Subject: Protect ip2name against buffer overflows and replace characters that are valid in... X-Git-Tag: v2_2_6~75 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a1c55d8c2af859964577b31f7e2c91b143c49756;p=thirdparty%2Fsarg.git Protect ip2name against buffer overflows and replace characters that are valid in URL but not in file names when building a file name from a URL. --- diff --git a/authfail.c b/authfail.c index d4a5a88..843d602 100644 --- a/authfail.c +++ b/authfail.c @@ -139,7 +139,7 @@ void authfail_report() } if(strcmp(Ip2Name,"yes") == 0) - ip2name(ip); + ip2name(ip,sizeof(ip)); if(!z) { strcpy(ouser,user); diff --git a/dansguardian_report.c b/dansguardian_report.c index 3b80de4..b87c662 100644 --- a/dansguardian_report.c +++ b/dansguardian_report.c @@ -146,7 +146,7 @@ void dansguardian_report() } if(strcmp(Ip2Name,"yes") == 0) - ip2name(ip); + ip2name(ip,sizeof(ip)); if(!z) { strcpy(ouser,user); diff --git a/datafile.c b/datafile.c index 3df03fe..c94ec40 100644 --- a/datafile.c +++ b/datafile.c @@ -95,7 +95,7 @@ void data_file(char *tmp) if(strcmp(Ip2Name,"yes") == 0) { if(strcmp(accip,ipantes) != 0) { strcpy(ipantes,accip); - ip2name(accip); + ip2name(accip,sizeof(accip)); strcpy(nameantes,accip); } else strcpy(accip,nameantes); diff --git a/denied.c b/denied.c index e793146..21f20dd 100644 --- a/denied.c +++ b/denied.c @@ -124,7 +124,7 @@ void gen_denied_report() } if(strcmp(Ip2Name,"yes") == 0) - ip2name(ip); + ip2name(ip,sizeof(ip)); if(!z) { strcpy(ouser,user); diff --git a/download.c b/download.c index a9a0df6..bb3c56a 100644 --- a/download.c +++ b/download.c @@ -131,7 +131,7 @@ void download_report() } if(strcmp(Ip2Name,"yes") == 0) - ip2name(ip); + ip2name(ip,sizeof(ip)); if(!z) { strcpy(ouser,user); diff --git a/grepday.c b/grepday.c index af67fe3..2b2153b 100644 --- a/grepday.c +++ b/grepday.c @@ -407,7 +407,7 @@ void greport_day(char *user, int *iprel, int *ipuser) if(strcmp(Ip2Name,"yes") == 0) if((str=(char *) strstr(name, ".")) != (char *) NULL) { if((str=(char *) strstr(str+1, ".")) != (char *) NULL) - ip2name(wuser); + ip2name(wuser,sizeof(wuser)); } if(UserTabFile[0] != '\0') { diff --git a/html.c b/html.c index ac4fdf1..70b8c2d 100644 --- a/html.c +++ b/html.c @@ -233,7 +233,7 @@ void htmlrel() fixip(u2); } if(strcmp(Ip2Name,"yes") == 0) - ip2name(u2); + ip2name(u2,sizeof(u2)); if(UserTabFile[0] != '\0') { sprintf(warea,":%s:",u2); @@ -397,8 +397,9 @@ void htmlrel() } strcpy(siteind,urly); str=siteind; - for(z1=0; z1",usuario,siteind,tmp6,ltext110,text[55]); diff --git a/include/conf.h b/include/conf.h index 2aaf653..faae954 100755 --- a/include/conf.h +++ b/include/conf.h @@ -351,6 +351,6 @@ int getword(char *word, int limit, char *line, int stop); int getword_multisep(char *word, int limit, char *line, int stop); int getword3(char *word, int limit, char *line, int stop); void name_month(char *month,int month_len); - +void ip2name(char *ip,int ip_len); \ No newline at end of file diff --git a/ip2name.c b/ip2name.c index 3f7c409..1907130 100644 --- a/ip2name.c +++ b/ip2name.c @@ -25,7 +25,7 @@ #include "include/conf.h" -void ip2name(char *ip) +void ip2name(char *ip,int ip_len) { u_long addr; struct hostent *hp; @@ -42,7 +42,8 @@ void ip2name(char *ip) struct in_addr in; (void) memcpy(&in.s_addr, *p, sizeof (in.s_addr)); - (void) sprintf(ip,"%s", hp->h_name); + strncpy(ip,hp->h_name,ip_len-1); + ip[ip_len-1]=0; } return; diff --git a/log.c b/log.c index 258ecc9..e837f68 100644 --- a/log.c +++ b/log.c @@ -1127,7 +1127,7 @@ int main(argc,argv) } str=user; - for(z1=0; z1