From b376a07e04d90c5797a7020fa71fe906125816e1 Mon Sep 17 00:00:00 2001 From: Tobias Oetiker Date: Thu, 8 Sep 2016 09:59:45 +0200 Subject: [PATCH] detect overlong keys in callbacks ... fix for #738 --- bindings/Makefile.am | 2 +- bindings/perl-shared/RRDs.xs | 6 +++ bindings/perl-shared/t/callback-long.t | 64 ++++++++++++++++++++++++++ 3 files changed, 71 insertions(+), 1 deletion(-) create mode 100755 bindings/perl-shared/t/callback-long.t diff --git a/bindings/Makefile.am b/bindings/Makefile.am index fdaf0125..547f041f 100644 --- a/bindings/Makefile.am +++ b/bindings/Makefile.am @@ -16,7 +16,7 @@ endif # the following files are not mentioned in any other Makefile EXTRA_DIST = perl-piped/MANIFEST perl-piped/README perl-piped/Makefile.PL perl-piped/RRDp.pm perl-piped/t/base.t \ - perl-shared/ntmake-build perl-shared/MANIFEST perl-shared/README perl-shared/Makefile.PL perl-shared/RRDs.pm perl-shared/RRDs.ppd perl-shared/RRDs.xs perl-shared/t/base.t perl-shared/t/callback.t \ + perl-shared/ntmake-build perl-shared/MANIFEST perl-shared/README perl-shared/Makefile.PL perl-shared/RRDs.pm perl-shared/RRDs.ppd perl-shared/RRDs.xs perl-shared/t/base.t perl-shared/t/callback-long.t perl-shared/t/callback.t \ ruby/CHANGES ruby/README ruby/extconf.rb ruby/main.c ruby/test.rb \ dotnet/rrdlib.cs dotnet/rrd_binding_test.cs dotnet/rrdlib.sln dotnet/favicon.ico dotnet/dnrrdlib.csproj dotnet/Properties/AssemblyInfo.cs dotnet/dnrrd_binding_test.csproj dotnet/RrdException.cs \ python/ACKNOWLEDGEMENT python/AUTHORS python/COPYING python/README python/rrdtoolmodule.c python/setup.py diff --git a/bindings/perl-shared/RRDs.xs b/bindings/perl-shared/RRDs.xs index e6f61e9c..9c3531b7 100644 --- a/bindings/perl-shared/RRDs.xs +++ b/bindings/perl-shared/RRDs.xs @@ -237,10 +237,16 @@ static int rrd_fetch_cb_wrapper( HE* hash_entry; hash_entry = hv_iternext(retHV); retKey = hv_iterkey(hash_entry,&retKeyLen); + if (strlen(retKey) >= DS_NAM_SIZE){ + rrd_set_error("Key '%s' longer than the allowed maximum of %d byte",retKey,DS_NAM_SIZE-1); + goto error_out; + } + if ((((*ds_namv)[i]) = (char*)malloc(sizeof(char) * DS_NAM_SIZE)) == NULL) { rrd_set_error("malloc fetch ds_namv entry"); goto error_out_free_ds_namv; } + strncpy((*ds_namv)[i], retKey, DS_NAM_SIZE - 1); (*ds_namv)[i][DS_NAM_SIZE - 1] = '\0'; retSV = hv_iterval(retHV,hash_entry); diff --git a/bindings/perl-shared/t/callback-long.t b/bindings/perl-shared/t/callback-long.t new file mode 100755 index 00000000..723619e8 --- /dev/null +++ b/bindings/perl-shared/t/callback-long.t @@ -0,0 +1,64 @@ +#! /usr/bin/perl +use Data::Dumper; + +use FindBin; + +BEGIN { $| = 1; print "1..2\n"; } +END { + print "not ok 1\n" unless $loaded; + unlink "demo.rrd"; +} + +sub ok +{ + my($what, $result) = @_ ; + $ok_count++; + if (not $result){ + warn "failed $what\n"; + print "not "; + } + print "ok $ok_count $what\n"; +} + +use strict; +use vars qw(@ISA $loaded); + +use RRDs; +$loaded = 1; +my $ok_count = 1; + +ok("loading",1); + + +RRDs::fetch_cb_register(sub{ + my $request = shift; + my $items = ($request->{end}-$request->{start})/$request->{step}; + return { + step=>100, + start=>$request->{start}, + data => { + a12345678901234567890=>[ map{ sin($_/200) } (0..$items) ], + b=>[ map{ cos($_/200) } (10..$items) ], + c=>[ map{ sin($_/100) } (100..$items) ], + } + }; +}); + +my $result = RRDs::graphv "callback.png", + "--title", "Callback Demo", + "--start", "1424540800", + "--end", "start+24h", + "--lower-limit=0", + "--interlaced", + "--imgformat","PNG", + "--width=450", + "DEF:a=cb//extrainfo:a:AVERAGE", + "DEF:b=cb//:b:AVERAGE", + "DEF:c=cb//:c:AVERAGE", + "LINE:a#00b6e4:a", + "LINE:b#10b634:b", + "LINE:c#503d14:c", + "VDEF:av=a,AVERAGE", + "PRINT:av:%8.6lf"; + +ok ("long key detection", RRDs::error eq "Key 'a12345678901234567890' longer than the allowed maximum of 19 byte"); -- 2.47.2