File 0011-check-prevent-various-buffer-overflows.patch of Package sblim-sfcb

From 5bd0849109748dc6cdb4fcf84c2ec8719514158c Mon Sep 17 00:00:00 2001
From: =?utf-8?q?Klaus=20K=C3=A4mpf?= <kkaempf@suse.de>
Date: Wed, 22 Oct 2008 11:47:58 +0200
Subject: [PATCH] check/prevent various buffer overflows

---
 msgqueue.c         |    3 ++-
 providerRegister.c |    4 ++--
 support.c          |   30 +++++++++++++++++++++++++-----
 3 files changed, 29 insertions(+), 8 deletions(-)

diff --git a/msgqueue.c b/msgqueue.c
index 8834052..f08cf13 100644
--- a/msgqueue.c
+++ b/msgqueue.c
@@ -697,6 +697,7 @@ void localConnectServer()
          }
          /* any other error, just return (should probably be more graceful) */
          else {
+	   perror("Other accept error");
            return;
          }
       }
diff --git a/providerRegister.c b/providerRegister.c
index 8ad6faf..3671b4c 100644
--- a/providerRegister.c
+++ b/providerRegister.c
@@ -130,7 +130,7 @@ ProviderRegister *newProviderRegister(char *fn)
      dir = "/var/lib/sfcb/registration";
    }
 
-   strcpy(fin, dir);
+   strncpy(fin, dir, sizeof(fin)-18); /* 18 = strlen("/providerRegister")+1 */
    strcat(fin, "/providerRegister");
    in = fopen(fin, "r");
    if (in == NULL) 
@@ -144,7 +144,7 @@ ProviderRegister *newProviderRegister(char *fn)
       bb->ht = UtilFactory->newHashTable(61,
                   UtilHashTable_charKey | UtilHashTable_ignoreKeyCase);
 
-      while (fgets(fin, 1024, in)) {
+      while (fgets(fin, sizeof(fin), in)) {
          n++;
          if (stmt) free(stmt);
          stmt = strdup(fin);
diff --git a/support.c b/support.c
index 2f53812..144b4f7 100644
--- a/support.c
+++ b/support.c
@@ -52,7 +52,11 @@ int localClientMode=0;        /**< flag determining whether local client connect
 void *loadLibib(const char *libname)
 {
    char filename[255];
-   sprintf(filename, "lib%s.so", libname);
+   if (snprintf(filename, 255, "lib%s.so", libname) >= 255) 
+    {
+      mlogf(M_ERROR,M_SHOW,"--- loadLibib: output truncated\n");
+      return NULL;
+    }
    return dlopen(filename, RTLD_LAZY);
 }
 
@@ -61,7 +65,11 @@ static void *getGenericEntryPoint(void *library, const char *ptype)
 {
    char entry_point[255];
    void *sym;
-   sprintf(entry_point, "_Generic_Create_%sMI", ptype);
+   if (snprintf(entry_point, 255, "_Generic_Create_%sMI", ptype) >= 255) 
+    {
+      mlogf(M_ERROR,M_SHOW,"--- getGenericEntryPoint: output truncated\n");
+      return NULL;
+    }
    sym = dlsym(library, entry_point);
    return sym;
 }
@@ -72,7 +80,11 @@ static void *getFixedEntryPoint(const char *provider,
 {
    char entry_point[255];
    void *sym;
-   sprintf(entry_point, "%s_Create_%sMI", provider, ptype);
+   if (snprintf(entry_point, 255, "%s_Create_%sMI", provider, ptype) >= 255)
+    {
+      mlogf(M_ERROR,M_SHOW,"--- getFixedEntryPoint: output truncated\n");
+      return NULL;
+    }
    sym = dlsym(library, entry_point);
    return sym;
 }
@@ -366,7 +378,11 @@ int memAdd(void *ptr, int *memId);
 void *tool_mm_load_lib(const char *libname)
 {
    char filename[255];
-   sprintf(filename, "lib%s.so", libname);
+   if (snprintf(filename, 255, "lib%s.so", libname) >= 255)
+    {
+      mlogf(M_ERROR,M_SHOW,"--- tool_mm_load_lib: output truncated\n");
+      return NULL;
+    }
    return dlopen(filename, RTLD_LAZY);
 }
 
@@ -919,7 +935,11 @@ void dumpTiming(int pid)
    
    if (collectStat==0) return;
    
-   sprintf(buffer,"/proc/%d/stat",pid);
+   if (snprintf(buffer,4096,"/proc/%d/stat",pid) >= 4096)
+    {
+      mlogf(M_ERROR,M_SHOW,"--- dumpTiming: output truncated\n");
+      return;
+    }
    f=fopen(buffer,"r");
    l=fread(buffer,1,4095,f);
    fclose(f);   
-- 
1.6.0.2

openSUSE Build Service is sponsored by