From e21b6c02a3fa84d07b624c09d229fa4bd5932922 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Fr=C3=A9d=C3=A9ric=20Marchal?= Date: Sat, 20 Mar 2010 18:43:55 +0000 Subject: [PATCH] Check the return code of every opendir. Secure the writing of the sarg-period file. --- datafile.c | 5 ++++- html.c | 5 ++++- index.c | 27 +++++++++++++++++++++------ indexonly.c | 18 +++++++++++++----- lastlog.c | 24 ++++++++++++++++-------- report.c | 5 ++++- sort.c | 12 +++++++++--- util.c | 25 ++++++++++++++++--------- 8 files changed, 87 insertions(+), 34 deletions(-) diff --git a/datafile.c b/datafile.c index 5756204..8da50f6 100644 --- a/datafile.c +++ b/datafile.c @@ -74,7 +74,10 @@ void data_file(char *tmp) oldurl=NULL; ourl_size=0; - dirp = opendir(tmp); + if ((dirp = opendir(tmp)) == NULL) { + debuga(_("Failed to open directory %s - %s\n"),tmp,strerror(errno)); + exit(EXIT_FAILURE); + } while ( (direntp = readdir( dirp )) != NULL ) { dlen=strlen(direntp->d_name)-(sizeof(logext)-1); if (dlen<=0) continue; diff --git a/html.c b/html.c index 1edc49a..223b2a0 100644 --- a/html.c +++ b/html.c @@ -119,7 +119,10 @@ void htmlrel(void) ntotuser=my_atoll(totuser); if (ntotuser<=0) ntotuser=1; - dirp = opendir(tmp); + if ((dirp = opendir(tmp)) == NULL) { + debuga(_("Failed to open directory %s - %s\n"),tmp,strerror(errno)); + exit(EXIT_FAILURE); + } while ( (direntp = readdir( dirp )) != NULL ) { dlen=strlen(direntp->d_name)-(sizeof(txtext)-1); if (dlen<0) continue; diff --git a/index.c b/index.c index 092a7c6..a39722c 100644 --- a/index.c +++ b/index.c @@ -49,7 +49,10 @@ void make_index(void) if(debug) debuga(_("Making index.html\n")); // convert any old report hierarchy - dirp = opendir(outdir); + if ((dirp = opendir(outdir)) == NULL) { + debuga(_("Failed to open directory %s - %s\n"),outdir,strerror(errno)); + exit(EXIT_FAILURE); + } while ((direntp = readdir( dirp )) != NULL) { if(isdigit(direntp->d_name[0]) && isdigit(direntp->d_name[1])) { if(IndexTree == INDEX_TREE_DATE) @@ -100,7 +103,10 @@ static void make_date_index(void) sprintf(yearindex,"%sindex.html",outdir); nyears=0; - dirp = opendir(outdir); + if ((dirp = opendir(outdir)) == NULL) { + debuga(_("Failed to open directory %s - %s\n"),outdir,strerror(errno)); + exit(EXIT_FAILURE); + } while ((direntp = readdir( dirp )) != NULL) { if(strlen(direntp->d_name) > 4 || !isdigit(direntp->d_name[0]) || !isdigit(direntp->d_name[1]) || !isdigit(direntp->d_name[2]) || !isdigit(direntp->d_name[3])) continue; @@ -146,7 +152,10 @@ static void make_date_index(void) sprintf(yeardir,"%s%s",outdir,yearnum); // Year dir nmonths=0; - dirp2 = opendir(yeardir); + if ((dirp2 = opendir(yeardir)) == NULL) { + debuga(_("Failed to open directory %s - %s\n"),yeardir,strerror(errno)); + exit(EXIT_FAILURE); + } while ((direntp2 = readdir( dirp2 )) != NULL) { if(!isdigit(direntp2->d_name[0]) || !isdigit(direntp2->d_name[1])) continue; i=-1; @@ -204,7 +213,10 @@ static void make_date_index(void) sprintf(monthdir,"%s/%s",yeardir,monthnum); // month dir ndays=0; - dirp3 = opendir(monthdir); + if ((dirp3 = opendir(monthdir)) == NULL) { + debuga(_("Failed to open directory %s - %s\n"),monthdir,strerror(errno)); + exit(EXIT_FAILURE); + } while ((direntp3 = readdir( dirp3 )) != NULL) { if(!isdigit(direntp3->d_name[0]) && !isdigit(direntp3->d_name[1])) continue; i=-1; @@ -300,7 +312,10 @@ static void make_file_index(void) order=(strcmp(IndexSortOrder,"A") == 0) ? 1 : -1; - dirp = opendir(outdir); + if ((dirp = opendir(outdir)) == NULL) { + debuga(_("Failed to open directory %s - %s\n"),outdir,strerror(errno)); + exit(EXIT_FAILURE); + } nsort=0; nallocated=0; @@ -547,7 +562,7 @@ static void date_index_to_file_index(const char *entry) next=-1; if (sscanf(entry,"%d%n",&y1,&next)!=1 || next<0 || entry[next]) return; - val1len=sprintf(val1,"%s%s",outdir,entry); + val1len=snprintf(val1,sizeof(val1),"%s%s",outdir,entry); dirp2 = opendir(val1); if (!dirp2) return; while ((direntp2 = readdir( dirp2 )) != NULL) { diff --git a/indexonly.c b/indexonly.c index ec93f9c..0c538a1 100644 --- a/indexonly.c +++ b/indexonly.c @@ -33,14 +33,22 @@ void index_only(const char *dirname,int debug) DIR *dirp; struct dirent *direntp; char remove[MAXLEN]; - - dirp = opendir(dirname); + + if ((dirp = opendir(dirname)) == NULL) { + debuga(_("Failed to open directory %s - %s\n"),dirname,strerror(errno)); + exit(EXIT_FAILURE); + } while ( (direntp = readdir( dirp )) != NULL ){ if(strcmp(direntp->d_name,".") == 0 || strcmp(direntp->d_name,"..") == 0 || strcmp(direntp->d_name, "index.html") == 0) continue; - - sprintf(remove,"%s/%s",dirname,direntp->d_name); - unlink(remove); + + if (snprintf(remove,sizeof(remove),"%s/%s",dirname,direntp->d_name)>=sizeof(remove)) { + debuga(_("Name of the file to remove is too long: %s/%s\n"),dirname,direntp->d_name); + continue; + } + if (unlink(remove) == -1) { + debuga(_("Failed to remove the file %s\n"),remove); + } } (void)closedir( dirp ); diff --git a/lastlog.c b/lastlog.c index 87dcedd..0a44699 100644 --- a/lastlog.c +++ b/lastlog.c @@ -47,19 +47,25 @@ void mklastlog(const char *outdir) if(LastLog <= 0) return; - sprintf(temp,"%slastlog1",outdir); + snprintf(temp,sizeof(temp),"%slastlog1",outdir); if((fp_ou=fopen(temp,"w"))==NULL) { debuga(_("(lastlog) Cannot open temporary file %s\n"),temp); exit(EXIT_FAILURE); } - dirp = opendir(outdir); + if ((dirp = opendir(outdir)) == NULL) { + debuga(_("Failed to open directory %s - %s\n"),outdir,strerror(errno)); + exit(EXIT_FAILURE); + } while ((direntp = readdir( dirp )) != NULL ){ if(strchr(direntp->d_name,'-') == 0) continue; - sprintf(warea,"%s%s",outdir,direntp->d_name); - stat(warea,&statb); + snprintf(warea,sizeof(warea),"%s%s",outdir,direntp->d_name); + if (stat(warea,&statb) == -1) { + debuga(_("Failed to get the creation time of %s\n"),warea); + continue; + } t=statb.st_ctime; local = localtime(&t); strftime(ftime, sizeof(ftime), "%Y%m%d%H%M%S", local); @@ -81,7 +87,7 @@ void mklastlog(const char *outdir) unlink(temp); if(ftot<=LastLog) { - sprintf(temp,"%slastlog",outdir); + snprintf(temp,sizeof(temp),"%slastlog",outdir); if(access(temp, R_OK) == 0) unlink(temp); return; @@ -89,7 +95,7 @@ void mklastlog(const char *outdir) ftot-=LastLog; - sprintf(temp,"%slastlog",outdir); + snprintf(temp,sizeof(temp),"%slastlog",outdir); if((fp_in=fopen(temp,"r"))==NULL) { debuga(_("(lastlog) Cannot open temporary file %s\n"),temp); exit(EXIT_FAILURE); @@ -114,8 +120,10 @@ void mklastlog(const char *outdir) } fclose(fp_in); - sprintf(temp,"%slastlog",outdir); - unlink(temp); + snprintf(temp,sizeof(temp),"%slastlog",outdir); + if (unlink(temp) == -1) { + debuga(_("Failed to delete the file %s\n"),temp); + } return; } diff --git a/report.c b/report.c index 903b42f..6d6b16e 100644 --- a/report.c +++ b/report.c @@ -104,7 +104,10 @@ void gerarel(void) strncat(tmp,"/sarg",5); fp_tt=NULL; - dirp = opendir(tmp); + if ((dirp = opendir(tmp)) == NULL) { + debuga(_("Failed to open directory %s - %s\n"),tmp,strerror(errno)); + exit(EXIT_FAILURE); + } while ((direntp = readdir( dirp )) != NULL ) { dlen=strlen(direntp->d_name)-(sizeof(logext)-1); if (dlen<0) continue; diff --git a/sort.c b/sort.c index 04a6dd3..14b5cd9 100644 --- a/sort.c +++ b/sort.c @@ -64,7 +64,10 @@ void tmpsort(void) if(strcmp(UserSortOrder,"normal") == 0) order=""; - dirp = opendir(tmp); + if ((dirp = opendir(tmp)) == NULL) { + debuga(_("Failed to open directory %s - %s\n"),tmp,strerror(errno)); + exit(EXIT_FAILURE); + } while ((direntp = readdir( dirp )) != NULL ){ dlen=strlen(direntp->d_name)-(sizeof(tmpext)-1); if (dlen<0) continue; @@ -122,9 +125,12 @@ void sort_users_log(const char *tmp, int debug) debuga(_("pre-sorting files\n")); } - sprintf(wtmp,"%s/sarg",tmp); + snprintf(wtmp,sizeof(wtmp),"%s/sarg",tmp); - dirp = opendir(wtmp); + if ((dirp = opendir(wtmp)) == NULL) { + debuga(_("Failed to open directory %s - %s\n"),wtmp,strerror(errno)); + exit(EXIT_FAILURE); + } while ( (direntp = readdir( dirp )) != NULL ){ dlen=strlen(direntp->d_name)-(sizeof(unsortext)-1); if (dlen<0) continue; diff --git a/util.c b/util.c index 42c7f96..4c1d163 100644 --- a/util.c +++ b/util.c @@ -829,26 +829,33 @@ void obttotal(const char *dirname, const char *name, char *tbytes, int nuser, ch void gperiod(const char *dirname, const char *period) { - FILE *fp_ou; char wdirname[MAXLEN]; - strcpy(wdirname,dirname); - strcat(wdirname,"/sarg-period"); + if(debug) + debuga(_("Making period file\n")); + + if (snprintf(wdirname,sizeof(wdirname),"%s/sarg-period",dirname)>=sizeof(wdirname)) { + debuga(_("Output file name too long: %s/sarg-period"),dirname); + exit(EXIT_FAILURE); + } if((fp_ou=fopen(wdirname,"w"))==NULL){ - debuga(_("(report) Cannot open file %s\n"),wdirname); + debuga(_("Cannot open file %s for writing\n"),wdirname); exit(EXIT_FAILURE); } - fputs(period,fp_ou); - fclose(fp_ou); + if (fputs(period,fp_ou)==EOF) { + debuga(_("Failed to write the requested period in %s\n"),wdirname); + exit(EXIT_FAILURE); + } - if(debug) - debuga(_("Making period file\n")); + if (fclose(fp_ou)==EOF) { + debuga(_("Failed to close %s - %s\n"),wdirname,strerror(errno)); + exit(EXIT_FAILURE); + } return; - } static void copy_images(void) -- 2.47.2