Protect the sort commands against buffer overflow

The external sort commands are build by snprintf instead of sprintf
to guard against buffer overflows.

diff --git a/email.c b/email.c
index c600f735dc8becee26210f684e6d5c3ed0a7186e..c103da5d63c4437dbbf3723d073bd7f2f964c3b4 100644 (file)
--- a/email.c
+++ b/email.c
@@ -130,7 +130,10 @@ int geramail(const char *dirname, int debug, const char *outdir, const char *ema
        }
 #endif
 
-       sprintf(csort,"sort -n -T \"%s\" -t \"\t\" -r -k 2,2 -o \"%s\" \"%s\"", TempDir, top1, top2);
+       if (snprintf(csort,sizeof(csort),"sort -n -T \"%s\" -t \"\t\" -r -k 2,2 -o \"%s\" \"%s\"", TempDir, top1, top2)>=sizeof(csort)) {
+               debuga(_("Sort command too long when sorting file \"%s\" to \"%s\"\n"),top2,top1);
+               exit(EXIT_FAILURE);
+       }
        cstatus=system(csort);
        if (!WIFEXITED(cstatus) || WEXITSTATUS(cstatus)) {
                debuga(_("sort command return status %d\n"),WEXITSTATUS(cstatus));

diff --git a/html.c b/html.c
index 2c3a496310dd436c089526ab11b55c16c3651bf5..545733ddb2bcde4f3406f966163ad8c792ea6792 100644 (file)
--- a/html.c
+++ b/html.c
@@ -400,7 +400,10 @@ void htmlrel(void)
                                fclose(fp_ip);
                                fclose(fp_ip2);
 
-                               sprintf(csort,"sort -n -t \"\t\" -T \"%s\" -k 1,1 -k 2,2 -o \"%s\" \"%s\"",tmp,tmp3,tmp2);
+                               if (snprintf(csort,sizeof(csort),"sort -n -t \"\t\" -T \"%s\" -k 1,1 -k 2,2 -o \"%s\" \"%s\"",tmp,tmp3,tmp2)>=sizeof(csort)) {
+                                       debuga(_("Sort command too long when sorting file \"%s\" to \"%s\"\n"),tmp2,tmp3);
+                                       exit(EXIT_FAILURE);
+                               }
                                cstatus=system(csort);
                                if (!WIFEXITED(cstatus) || WEXITSTATUS(cstatus)) {
                                        debuga(_("sort command return status %d\n"),WEXITSTATUS(cstatus));

diff --git a/log.c b/log.c
index 6dfdd0ffc96fc53ff0242b2fd12ee4d9e3955c5e..59aca0dfad8516def2334e062984d6ad3a5f918f 100644 (file)
--- a/log.c
+++ b/log.c
@@ -1661,7 +1661,10 @@ int main(int argc,char *argv[])
        }
 
        if(DataFile[0] == '\0' && (ReportType & REPORT_TYPE_DENIED) != 0) {
-               sprintf(csort,"sort -T \"%s\" -t \"\t\" -k 3,3 -k 5,5 -o \"%s\" \"%s\"",tmp,denied_sort,denied_unsort);
+               if (snprintf(csort,sizeof(csort),"sort -T \"%s\" -t \"\t\" -k 3,3 -k 5,5 -o \"%s\" \"%s\"",tmp,denied_sort,denied_unsort)>=sizeof(csort)) {
+                       debuga(_("Sort command too long when sorting file \"%s\" to \"%s\"\n"),denied_unsort,denied_sort);
+                       exit(EXIT_FAILURE);
+               }
                cstatus=system(csort);
                if (!WIFEXITED(cstatus) || WEXITSTATUS(cstatus)) {
                        debuga(_("sort command return status %d\n"),WEXITSTATUS(cstatus));

diff --git a/realtime.c b/realtime.c
index 907c99bf5738fa551d41dece5f9104075993f3ed..7c77bc74eea1fbd4d4350021b7415b5511161dac 100755 (executable)
--- a/realtime.c
+++ b/realtime.c
@@ -79,7 +79,10 @@ static void getlog(void)
        fclose(tmp);
        longline_destroy(&line);
 
-       sprintf(cmd,"sort -t \"\t\" -r -k 1,1 -k 2,2 -o \"%s\" \"%s\"",template2,template1);
+       if (snprintf(cmd,sizeof(cmd),"sort -t \"\t\" -r -k 1,1 -k 2,2 -o \"%s\" \"%s\"",template2,template1)>=sizeof(cmd)) {
+               debuga(_("Sort command too long when sorting file \"%s\" to \"%s\"\n"),template1,template2);
+               exit(EXIT_FAILURE);
+       }
        cstatus=system(cmd);
        if (!WIFEXITED(cstatus) || WEXITSTATUS(cstatus)) {
                debuga(_("sort command return status %d\n"),WEXITSTATUS(cstatus));

diff --git a/siteuser.c b/siteuser.c
index d5d62164aee51efc9b260b6178a6e24f5d0cc90c..d64af48a5fdf56e57ab023c5d23be9e2dcba0f04 100644 (file)
--- a/siteuser.c
+++ b/siteuser.c
@@ -59,7 +59,10 @@ void siteuser(void)
        sprintf(general2,"%s/sarg-general2",outdirname);
        sprintf(report,"%s/siteuser.html",outdirname);
 
-       sprintf(csort,"sort -t \"\t\" -k 4,4 -k 1,1 -o \"%s\" \"%s\"",general2,general);
+       if (snprintf(csort,sizeof(csort),"sort -t \"\t\" -k 4,4 -k 1,1 -o \"%s\" \"%s\"",general2,general)>=sizeof(csort)) {
+               debuga(_("Sort command too long when sorting file \"%s\" to \"%s\"\n"),general,general2);
+               exit(EXIT_FAILURE);
+       }
        cstatus=system(csort);
        if (!WIFEXITED(cstatus) || WEXITSTATUS(cstatus)) {
                debuga(_("sort command return status %d\n"),WEXITSTATUS(cstatus));

diff --git a/sort.c b/sort.c
index b3989af426302d41ee04a23587c6b75f4b0c2d29..fb67e76bc4a314d4f855079b274617ee8d38df9a 100644 (file)
--- a/sort.c
+++ b/sort.c
@@ -79,7 +79,10 @@ void tmpsort(void)
                        debuga(_("Sorting file: %s\n"),arqou);
                }
 
-               sprintf(csort,"sort -n -T \"%s\" -t \"\t\" %s -k %s -k %s -k %s -o \"%s\" \"%s\"",tmp,order,field1,field2,field3,arqou,arqin);
+               if (snprintf(csort,sizeof(csort),"sort -n -T \"%s\" -t \"\t\" %s -k %s -k %s -k %s -o \"%s\" \"%s\"",tmp,order,field1,field2,field3,arqou,arqin)>=sizeof(csort)) {
+                       debuga(_("Sort command too long when sorting file \"%s\" to \"%s\"\n"),arqin,arqou);
+                       exit(EXIT_FAILURE);
+               }
                cstatus=system(csort);
                if (!WIFEXITED(cstatus) || WEXITSTATUS(cstatus)) {
                        debuga(_("sort command return status %d\n"),WEXITSTATUS(cstatus));

diff --git a/squidguard_log.c b/squidguard_log.c
index 2d01a66739fdb22ca9dfa0f814cf6f4138359226..cc602b7b43848695e50bec2d53f991174128661f 100644 (file)
--- a/squidguard_log.c
+++ b/squidguard_log.c
@@ -379,7 +379,10 @@ void squidguard_log(void)
                debuga(_("Sorting file: %s\n"),guard_ou);
        }
 
-       sprintf(tmp6,"sort -t \"\t\" -k 1,1 -k 2,2 -k 4,4 \"%s\" -o \"%s\"",guard_in, guard_ou);
+       if (snprintf(tmp6,sizeof(tmp6),"sort -t \"\t\" -k 1,1 -k 2,2 -k 4,4 \"%s\" -o \"%s\"",guard_in, guard_ou)>=sizeof(tmp6)) {
+               debuga(_("Sort command too long when sorting file \"%s\" to \"%s\"\n"),guard_in,guard_ou);
+               exit(EXIT_FAILURE);
+       }
        cstatus=system(tmp6);
        if (!WIFEXITED(cstatus) || WEXITSTATUS(cstatus)) {
                debuga(_("sort command return status %d\n"),WEXITSTATUS(cstatus));

diff --git a/topsites.c b/topsites.c
index dd14f6a0661b9d684263f85ef06512178fb76a0a..60d2c092e0d906ad1432952a635259023b9895ce 100644 (file)
--- a/topsites.c
+++ b/topsites.c
@@ -79,7 +79,10 @@ void topsites(void)
        else
                sprintf(report,"%s/topsites.html",outdirname);
 
-       sprintf(csort,"sort -t \"\t\" -k 4,4 -o \"%s\" \"%s\"",general2,general);
+       if (snprintf(csort,sizeof(csort),"sort -t \"\t\" -k 4,4 -o \"%s\" \"%s\"",general2,general)>=sizeof(csort)) {
+               debuga(_("Sort command too long when sorting file \"%s\" to \"%s\"\n"),general,general2);
+               exit(EXIT_FAILURE);
+       }
        cstatus=system(csort);
        if (!WIFEXITED(cstatus) || WEXITSTATUS(cstatus)) {
                debuga(_("sort command return status %d\n"),WEXITSTATUS(cstatus));
@@ -192,7 +195,10 @@ void topsites(void)
                sortt="";
        }
 
-       sprintf(csort,"sort -t \"\t\" %s -n %s -o \"%s\" \"%s\"",sortt,sortf,sites,general3);
+       if (snprintf(csort,sizeof(csort),"sort -t \"\t\" %s -n %s -o \"%s\" \"%s\"",sortt,sortf,sites,general3)>=sizeof(csort)) {
+               debuga(_("Sort command too long when sorting file \"%s\" to \"%s\"\n"),general3,sites);
+               exit(EXIT_FAILURE);
+       }
        cstatus=system(csort);
        if (!WIFEXITED(cstatus) || WEXITSTATUS(cstatus)) {
                debuga(_("sort command return status %d\n"),WEXITSTATUS(cstatus));

diff --git a/topuser.c b/topuser.c
index 463a4829be72c27c673dca104aa04ecaf3854ec5..4394eec9e09f9fac318b1bee9e2bd348b696a038 100644 (file)
--- a/topuser.c
+++ b/topuser.c
@@ -167,7 +167,10 @@ void topuser(void)
        }
 
        snprintf(top1,sizeof(top1),"%s/top",outdirname);
-       sprintf(csort,"sort -T \"%s\" -t \"\t\" %s %s -o \"%s\" \"%s\"", tmp, order, sfield, top1, top2);
+       if (snprintf(csort,sizeof(csort),"sort -T \"%s\" -t \"\t\" %s %s -o \"%s\" \"%s\"", tmp, order, sfield, top1, top2)>=sizeof(csort)) {
+               debuga(_("Sort command too long when sorting file \"%s\" to \"%s\"\n"),top2,top1);
+               exit(EXIT_FAILURE);
+       }
        cstatus=system(csort);
        if (!WIFEXITED(cstatus) || WEXITSTATUS(cstatus)) {
                debuga(_("sort command return status %d\n"),WEXITSTATUS(cstatus));

diff --git a/useragent.c b/useragent.c
index c3f6f9aee1480557ee22df82e132ef73bf823f06..d6e5f735f888f2d205e7a4772a7f767234e54710 100644 (file)
--- a/useragent.c
+++ b/useragent.c
@@ -132,7 +132,10 @@ void useragent(void)
                debuga(_("Sorting file: %s\n"),tmp2);
        }
 
-       sprintf(csort,"sort -n -t \"\t\" -k 3,3 -k 2,2 -k 1,1 -o \"%s\" \"%s\"",tmp2,tmp3);
+       if (snprintf(csort,sizeof(csort),"sort -n -t \"\t\" -k 3,3 -k 2,2 -k 1,1 -o \"%s\" \"%s\"",tmp2,tmp3)>=sizeof(csort)) {
+               debuga(_("Sort command too long when sorting file \"%s\" to \"%s\"\n"),tmp2,tmp3);
+               exit(EXIT_FAILURE);
+       }
        cstatus=system(csort);
        if (!WIFEXITED(cstatus) || WEXITSTATUS(cstatus)) {
                debuga(_("sort command return status %d\n"),WEXITSTATUS(cstatus));
@@ -212,7 +215,10 @@ void useragent(void)
        fputs("</table>\n",fp_ht);
        fclose(fp_in);
 
-       sprintf(csort,"sort -t \"\t\" -k 2,2 -o \"%s\" \"%s\"",tmp3,tmp2);
+       if (snprintf(csort,sizeof(csort),"sort -t \"\t\" -k 2,2 -o \"%s\" \"%s\"",tmp3,tmp2)>=sizeof(csort)) {
+               debuga(_("Sort command too long when sorting file \"%s\" to \"%s\"\n"),tmp2,tmp3);
+               exit(EXIT_FAILURE);
+       }
        cstatus=system(csort);
        if (!WIFEXITED(cstatus) || WEXITSTATUS(cstatus)) {
                debuga(_("sort command return status %d\n"),WEXITSTATUS(cstatus));
@@ -278,7 +284,10 @@ void useragent(void)
                exit(EXIT_FAILURE);
        }
 
-       sprintf(csort,"sort -n -r -k 1,1 -o \"%s\" \"%s\"",tmp3,tmp2);
+       if (snprintf(csort,sizeof(csort),"sort -n -r -k 1,1 -o \"%s\" \"%s\"",tmp3,tmp2)>=sizeof(csort)) {
+               debuga(_("Sort command too long when sorting file \"%s\" to \"%s\"\n"),tmp2,tmp3);
+               exit(EXIT_FAILURE);
+       }
        cstatus=system(csort);
        if (!WIFEXITED(cstatus) || WEXITSTATUS(cstatus)) {
                debuga(_("sort command return status %d\n"),WEXITSTATUS(cstatus));