Protect a few buffers against overflows

Use snprintf instead of strcpy, strcat or sprintf.

diff --git a/html.c b/html.c
index e7493854c24e94c0dc902897c669c9c9cd5b633a..14a2dbe7a887923e2bd68726471ee67a023b28e0 100644 (file)
--- a/html.c
+++ b/html.c
@@ -64,11 +64,15 @@ void htmlrel(void)
 
        if((ReportType & REPORT_TYPE_USERS_SITES) == 0) return;
 
-       strcpy(tmp2,tmp);
-       strcat(tmp2,"/sargtmp.unsort");
+       if (snprintf(tmp2,sizeof(tmp2),"%s/sargtmp.unsort",tmp)>=sizeof(tmp2)) {
+               debuga(_("File name too long: %s/sargtmp.unsort\n"),tmp);
+               exit(EXIT_FAILURE);
+       }
 
-       strcpy(tmp3,tmp);
-       strcat(tmp3,"/sargtmp.log");
+       if (snprintf(tmp3,sizeof(tmp3),"%s/sargtmp.log",tmp)>=sizeof(tmp3)) {
+               debuga(_("File name too long: %s/sargtmp.log\n"),tmp);
+               exit(EXIT_FAILURE);
+       }
 
        tnacc=globstat.nacc;
        totbytes=globstat.nbytes;

diff --git a/include/conf.h b/include/conf.h
index 3425c16a3faacd09cdc0b28abc4b745534790422..3e8582c70b5a4b9d210ba5f6d44c61c303f8ba0a 100755 (executable)
--- a/include/conf.h
+++ b/include/conf.h
@@ -400,9 +400,7 @@ char AuthUserTemplateFile[1024];
 //! \c True to use anonymous file and directory names in the report.
 bool AnonymousOutputFiles;
 char val1[MAXLEN];
-char val2[MAXLEN];
 char val3[MAXLEN];
-char val4[MAXLEN];
 char val5[MAXLEN];
 char val6[MAXLEN];
 char val7[MAXLEN];

diff --git a/log.c b/log.c
index f8b551a06f2f9fbf4883de0bea564e55f8dcd9ba..4e1265a6839137d5f1b501ad5b32ee39ef70d39d 100644 (file)
--- a/log.c
+++ b/log.c
@@ -108,7 +108,6 @@ int main(int argc,char *argv[])
        char denied_sort[MAXLEN];
        char authfail_unsort[MAXLEN];
        char start_hour[128];
-       char end_hour[128];
        char *linebuf;
        const char *url;
        char *full_url;
@@ -210,7 +209,7 @@ int main(int argc,char *argv[])
        NRedirectorLogs=0;
        for (ilf=0 ; ilf<ILF_Last ; ilf++) ilf_count[ilf]=0;
 
-       sprintf(ExcludeCodes,"%s/exclude_codes",SYSCONFDIR);
+       snprintf(ExcludeCodes,sizeof(ExcludeCodes),"%s/exclude_codes",SYSCONFDIR);
        strcpy(GraphDaysBytesBarColor,"orange");
        strcpy(BgColor,"#ffffff");
        strcpy(TxColor,"#000000");
@@ -324,7 +323,6 @@ int main(int argc,char *argv[])
        SquidGuardConf[0]='\0';
        DansGuardianConf[0]='\0';
        start_hour[0]='\0';
-       end_hour[0]='\0';
        hm_str[0]='\0';
        HostAliasFile[0]='\0';
 
@@ -881,7 +879,10 @@ int main(int argc,char *argv[])
                                if(access(ParsedOutputLog,R_OK) != 0) {
                                        my_mkdir(ParsedOutputLog);
                                }
-                               sprintf(arq_log,"%s/sarg_temp.log",ParsedOutputLog);
+                               if (snprintf(arq_log,sizeof(arq_log),"%s/sarg_temp.log",ParsedOutputLog)>=sizeof(arq_log)) {
+                                       debuga(_("File name too long: %s/sarg_temp.log"),ParsedOutputLog);
+                                       exit(EXIT_FAILURE);
+                               }
                                if((fp_log=MY_FOPEN(arq_log,"w"))==NULL) {
                                        debuga(_("(log) Cannot open log file: %s - %s\n"),arq_log,strerror(errno));
                                        exit(EXIT_FAILURE);
@@ -1283,7 +1284,7 @@ int main(int argc,char *argv[])
 
                        // include_users
                        if(IncludeUsers[0] != '\0') {
-                               sprintf(val1,":%s:",user);
+                               snprintf(val1,sizeof(val1),":%s:",user);
                                if((str=(char *) strstr(IncludeUsers,val1)) == (char *) NULL )
                                        continue;
                        }
@@ -1400,7 +1401,7 @@ int main(int argc,char *argv[])
                        }
 
                        if(puser) {
-                               sprintf(wuser,":%s:",user);
+                               snprintf(wuser,sizeof(wuser),":%s:",user);
                                if(strstr(userfile, wuser) == 0)
                                        continue;
                        }
@@ -1425,8 +1426,8 @@ int main(int argc,char *argv[])
 
                        if((str=(char *) strstr(linebuf, "[SmartFilter:")) != (char *) NULL ) {
                                fixendofline(str);
-                               sprintf(smartfilter,"\"%s\"",str+1);
-                       } else sprintf(smartfilter,"\"\"");
+                               snprintf(smartfilter,sizeof(smartfilter),"\"%s\"",str+1);
+                       } else strcpy(smartfilter,"\"\"");
 
                        nopen=0;
                        prev_ufile=NULL;
@@ -1638,11 +1639,19 @@ int main(int argc,char *argv[])
                fclose(fp_authfail);
 
        if(fp_log != NULL) {
+               char end_hour[128];
+               char val2[40];
+               char val4[255];//val4 must not be bigger than arq_log without fixing the strcpy below
+               
                fclose(fp_log);
-               strcpy(end_hour,tbuf2);
+               strncpy(end_hour,tbuf2,sizeof(end_hour)-1);
+               end_hour[sizeof(end_hour)-1]='\0';
                strftime(val2,sizeof(val2),"%d%m%Y",&period.start);
                strftime(val1,sizeof(val1),"%d%m%Y",&period.end);
-               sprintf(val4,"%s/sarg-%s_%s-%s_%s.log",ParsedOutputLog,val2,start_hour,val1,end_hour);
+               if (snprintf(val4,sizeof(val4),"%s/sarg-%s_%s-%s_%s.log",ParsedOutputLog,val2,start_hour,val1,end_hour)>=sizeof(val4)) {
+                       debuga(_("File name too long: %s/sarg-%s_%s-%s_%s.log"),ParsedOutputLog,val2,start_hour,val1,end_hour);
+                       exit(EXIT_FAILURE);
+               }
                if (rename(arq_log,val4)) {
                        debuga(_("failed to rename %s to %s - %s\n"),arq_log,val4,strerror(errno));
                } else {
@@ -1653,7 +1662,10 @@ int main(int argc,char *argv[])
                                No double quotes around ParsedOutputLogCompress because it may contain command line options. If double quotes are
                                necessary around the command name, put them in the configuration file.
                                */
-                               sprintf(val1,"%s \"%s\"",ParsedOutputLogCompress,arq_log);
+                               if (snprintf(val1,sizeof(val1),"%s \"%s\"",ParsedOutputLogCompress,arq_log)>=sizeof(val1)) {
+                                       debuga(_("Command too long: %s \"%s\""),ParsedOutputLogCompress,arq_log);
+                                       exit(EXIT_FAILURE);
+                               }
                                cstatus=system(val1);
                                if (!WIFEXITED(cstatus) || WEXITSTATUS(cstatus)) {
                                        debuga(_("command return status %d\n"),WEXITSTATUS(cstatus));

diff --git a/smartfilter.c b/smartfilter.c
index 32661dae29b3afec4bbc867d50cbd6f78843ad46..a4372d5bd17c0fc8ac29e61810f64f2738344d95 100644 (file)
--- a/smartfilter.c
+++ b/smartfilter.c
@@ -44,7 +44,7 @@ void smartfilter_report(void)
        char data[15];
        char hora[15];
        char smartcat[256];
-       char smartheader[15];
+       char smartheader[50];
        char ftime[128];
        char smartuser[MAXLEN];
        int  fuser=0;
@@ -54,13 +54,26 @@ void smartfilter_report(void)
 
        ouser[0]='\0';
 
-       strcpy(smartheader,_("SmartFilter"));
+       strncpy(smartheader,_("SmartFilter"),sizeof(smartheader)-1);
+       smartheader[sizeof(smartheader)-1]='\0';
        strup(smartheader);
 
-       sprintf(smart_in,"%s/smartfilter.unsort",outdirname);
-       sprintf(sites,"%s/sarg-sites",outdirname);
-       sprintf(smart_ou,"%s/smartfilter.log",outdirname);
-       sprintf(report,"%s/smartfilter.html",outdirname);
+       if (snprintf(smart_in,sizeof(smart_in),"%s/smartfilter.unsort",outdirname)>=sizeof(smart_in)) {
+               debuga(_("File name too long: %s/smartfilter.unsort"),outdirname);
+               exit(EXIT_FAILURE);
+       }
+       if (snprintf(sites,sizeof(sites),"%s/sarg-sites",outdirname)>=sizeof(sites)) {
+               debuga(_("File name too long: %s/sarg-sites"),outdirname);
+               exit(EXIT_FAILURE);
+       }
+       if (snprintf(smart_ou,sizeof(smart_ou),"%s/smartfilter.log",outdirname)>=sizeof(smart_ou)) {
+               debuga(_("File name too long: %s/smartfilter.log"),outdirname);
+               exit(EXIT_FAILURE);
+       }
+       if (snprintf(report,sizeof(report),"%s/smartfilter.html",outdirname)>=sizeof(report)) {
+               debuga(_("File name too long: %s/smartfilter.html"),outdirname);
+               exit(EXIT_FAILURE);
+       }
 
        if (snprintf(csort,sizeof(csort),"sort -n -t \"\t\" -k 1,1 -k 2,2 -k 3,3 -o \"%s\" \"%s\"",smart_ou,smart_in)>=sizeof(csort)) {
                debuga(_("cannot build the sort command to sort file %s\n"),smart_in);