From: Frédéric Marchal Date: Fri, 26 Jun 2009 12:54:27 +0000 (+0000) Subject: Removed fscanf that is prone to buffer overflows. X-Git-Tag: v2_2_6~76 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7ebe75afd3099a119a4f9ef711cd6cdc8d94bc15;p=thirdparty%2Fsarg.git Removed fscanf that is prone to buffer overflows. Size of buffers increased. --- diff --git a/topuser.c b/topuser.c index 89a78e5..9a230d5 100644 --- a/topuser.c +++ b/topuser.c @@ -48,6 +48,9 @@ int topuser() int topcount=0; char *s; int cstatus; + char warea[1500]; + char user2[MAXLEN]; + char name[MAXLEN]; ipantes[0]='\0'; nameantes[0]='\0'; @@ -74,12 +77,53 @@ int topuser() exit(1); } - fscanf(fp_in,"%s%s%s%s%s%s%s%s%s%s",user,nacc,nbytes,url,ip,time,date,elap,incac,oucac); + //fscanf(fp_in,"%s%s%s%s%s%s%s%s%s%s",user,nacc,nbytes,url,ip,time,date,elap,incac,oucac); + fgets(warea,sizeof(warea),fp_in); + if (getword(user,sizeof(user),warea,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",wger); + exit(1); + } strcpy(olduser,user); totuser=1; while(!feof(fp_in)) { + if (getword(nacc,sizeof(nacc),warea,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",wger); + exit(1); + } + if (getword(nbytes,sizeof(nbytes),warea,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",wger); + exit(1); + } + if (getword(url,sizeof(url),warea,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",wger); + exit(1); + } + if (getword(ip,sizeof(ip),warea,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",wger); + exit(1); + } + if (getword(time,sizeof(time),warea,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",wger); + exit(1); + } + if (getword(date,sizeof(date),warea,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",wger); + exit(1); + } + if (getword(elap,sizeof(elap),warea,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",wger); + exit(1); + } + if (getword(incac,sizeof(incac),warea,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",wger); + exit(1); + } + if (getword(oucac,sizeof(oucac),warea,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",wger); + exit(1); + } if(strcmp(olduser,user) != 0) { if(strcmp(user,"TOTAL") != 0) totuser++; @@ -89,8 +133,7 @@ int topuser() my_lltoa(tnelap,val3,15); my_lltoa(tnincache,val4,15); my_lltoa(tnoucache,val5,15); - sprintf(preg,"%s %s %s %s %s %s\n",olduser,val1,val2,val3,val4,val5); - fputs(preg,fp_top2); + fprintf(fp_top2,"%s %s %s %s %s %s\n",olduser,val1,val2,val3,val4,val5); strcpy(olduser,user); ttnbytes+=tnbytes; @@ -111,7 +154,12 @@ int topuser() tnincache+=my_atoll(incac); tnoucache+=my_atoll(oucac); - fscanf(fp_in,"%s%s%s%s%s%s%s%s%s%s",user,nacc,nbytes,url,ip,time,date,elap,incac,oucac); + //fscanf(fp_in,"%s%s%s%s%s%s%s%s%s%s",user,nacc,nbytes,url,ip,time,date,elap,incac,oucac); + fgets(warea,sizeof(warea),fp_in); + if (getword(user,sizeof(user),warea,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",wger); + exit(1); + } if(strcmp(user,"TOTAL") == 0) continue; @@ -122,8 +170,7 @@ int topuser() my_lltoa(tnelap,val3,15); my_lltoa(tnincache,val4,15); my_lltoa(tnoucache,val5,15); - sprintf(preg,"%s %s %s %s %s %s\n",olduser,val1,val2,val3,val4,val5); - fputs(preg,fp_top2); + fprintf(fp_top2,"%s %s %s %s %s %s\n",olduser,val1,val2,val3,val4,val5); ttnbytes+=tnbytes; ttnacc+=tnacc; diff --git a/totger.c b/totger.c index 5334d48..e6543ef 100644 --- a/totger.c +++ b/totger.c @@ -35,9 +35,10 @@ int totalger(const char *dirname, int debug, const char *outdir) long long int tnbytes=0; long long int telap=0; long long int tincache=0, toucache=0; - char wger[MAXLEN], user[MAXLEN], nacc[10], nbytes[10], url[1024]; - char ip[MAXLEN], hora[9], data[11], elap[15]; - char incac[15], oucac[15]; + char wger[MAXLEN], user[MAXLEN], nacc[16], nbytes[16], url[2048]; + char ip[MAXLEN], hora[9], data[11], elap[16]; + char incac[16], oucac[16]; + char warea[1500]; strcpy(wger,dirname); strcat(wger,"/sarg-general"); @@ -47,17 +48,59 @@ int totalger(const char *dirname, int debug, const char *outdir) exit(1); } - fscanf(fp_in,"%s%s%s%s%s%s%s%s%s%s",user,nacc,nbytes,url,ip,hora,data,elap,incac,oucac); + //fscanf(fp_in,"%s%s%s%s%s%s%s%s%s%s",user,nacc,nbytes,url,ip,hora,data,elap,incac,oucac); + fgets(warea,sizeof(warea),fp_in); while(!feof(fp_in)) { + if (getword(user,sizeof(user),warea,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",wger); + exit(1); + } + if (getword(nacc,sizeof(nacc),warea,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",wger); + exit(1); + } + if (getword(nbytes,sizeof(nbytes),warea,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",wger); + exit(1); + } + if (getword(url,sizeof(url),warea,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",wger); + exit(1); + } + if (getword(ip,sizeof(ip),warea,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",wger); + exit(1); + } + if (getword(hora,sizeof(hora),warea,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",wger); + exit(1); + } + if (getword(data,sizeof(data),warea,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",wger); + exit(1); + } + if (getword(elap,sizeof(elap),warea,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",wger); + exit(1); + } + if (getword(incac,sizeof(incac),warea,' ')<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",wger); + exit(1); + } + if (getword(oucac,sizeof(oucac),warea,0)<0) { + printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",wger); + exit(1); + } tnacc+=my_atoll(nacc); tnbytes+=my_atoll(nbytes); telap+=my_atoll(elap); tincache+=my_atoll(incac); toucache+=my_atoll(oucac); - fscanf(fp_in,"%s%s%s%s%s%s%s%s%s%s",user,nacc,nbytes,url,ip,hora,data,elap,incac,oucac); + //fscanf(fp_in,"%s%s%s%s%s%s%s%s%s%s",user,nacc,nbytes,url,ip,hora,data,elap,incac,oucac); + fgets(warea,sizeof(warea),fp_in); } fclose(fp_in);