}
}
- fgets(data,80,fp_in);
+ if (!fgets(data,80,fp_in)) {
+ fprintf(stderr,"Failed to read the date in %s\n",wdir);
+ exit(1);
+ }
fclose(fp_in);
- data[strlen(data)-1]='\0';
+ fixendofline(data);
return;
}
}
- fgets(tuser,20,fp_in);
- tuser[strlen(tuser)-1]='\0';
+ if (!fgets(tuser,20,fp_in)) {
+ fprintf(stderr,"Failed to read the user in %s\n",wdir);
+ exit(1);
+ }
fclose(fp_in);
+ fixendofline(tuser);
return;
char d1[3], d2[3];
char m1[4], m2[4];
time_t curtime;
+ int cstatus;
if(strcmp(IndexTree,"date") == 0) {
bzero(y1,5);
} else {
if(access(dir,R_OK) == 0) {
sprintf(csort,"rm -r \"%s\"",dir);
- system(csort);
+ cstatus=system(csort);
+ if (!WIFEXITED(cstatus) || WEXITSTATUS(cstatus)) {
+ fprintf(stderr, "SARG: command return status %d\n",WEXITSTATUS(cstatus));
+ fprintf(stderr, "SARG: command: %s\n",csort);
+ exit(1);
+ }
}
}
my_mkdir(dirname);
} else {
if(access(wdir,R_OK) == 0) {
sprintf(csort,"rm -r \"%s\"",wdir);
- system(csort);
+ cstatus=system(csort);
+ if (!WIFEXITED(cstatus) || WEXITSTATUS(cstatus)) {
+ fprintf(stderr, "SARG: command return status %d\n",WEXITSTATUS(cstatus));
+ fprintf(stderr, "SARG: command: %s\n",csort);
+ exit(1);
+ }
}
}
exit(1);
}
fp = popen(cmd, "r");
- fgets(response, sizeof(response), fp);
+ if (!fgets(response, sizeof(response), fp)) {
+ fprintf(stderr,"SARG: Cannot get disk size with command %s",cmd);
+ exit(1);
+ }
if (getword_multisep(val5,sizeof(val5),response,'\t')<0) {
printf("SARG: Maybe the command %s failed.\n",cmd);
exit(1);
void baddata(void)
{
+ char cmd[1024];
+ int cstatus;
+
printf("SARG: ------------------------------------------------------------------------------\n");
printf("SARG: MALICIUS CODE DETECTED.\n");
printf("SARG: I think someone is trying to execute arbitrary code in your system using sarg.\n");
printf("SARG: process stoped. No actions taken.\n");
printf("SARG: ------------------------------------------------------------------------------\n");
- system("rm -rf \"/tmp/sarg\"");
- sprintf(tmp4,"rm -rf \"%s\"",dirname);
- system(tmp4);
- system("rm -rf \"/tmp/sarg\"");
+ if (snprintf(cmd,sizeof(cmd),"rm -rf \"%s/sarg\"",tmp)>=sizeof(cmd)) {
+ fprintf(stderr,"SARG: temporary directory too long: %s/sarg\n",tmp);
+ exit(1);
+ }
+ cstatus=system(cmd);
+ if (!WIFEXITED(cstatus) || WEXITSTATUS(cstatus)) {
+ fprintf(stderr, "SARG: command return status %d\n",WEXITSTATUS(cstatus));
+ fprintf(stderr, "SARG: command: %s\n",cmd);
+ exit(1);
+ }
+ if (snprintf(cmd,sizeof(cmd),"rm -rf \"%s\"",dirname)>=sizeof(cmd)) {
+ fprintf(stderr,"SARG: directory to delete too long: %s\n",dirname);
+ exit(1);
+ }
+ cstatus=system(cmd);
+ if (!WIFEXITED(cstatus) || WEXITSTATUS(cstatus)) {
+ fprintf(stderr, "SARG: command return status %d\n",WEXITSTATUS(cstatus));
+ fprintf(stderr, "SARG: command: %s\n",cmd);
+ exit(1);
+ }
exit(1);
}
projects / thirdparty / sarg.git / blobdiff