[Fedora-directory-commits] ldapserver/ldap/admin/src cfg_sspt.c, 1.8, 1.9 create_instance.c, 1.26, 1.27 ds_remove_uninst.cpp, 1.6, 1.7 init_ds_env.c, 1.5, 1.6 instindex.cpp, 1.9, 1.10
Richard Allen Megginson (rmeggins)
fedora-directory-commits at redhat.com
Tue Apr 11 02:14:34 UTC 2006
- Previous message (by thread): [Fedora-directory-commits] ldapserver/include/base ereport.h, 1.6, 1.7 util.h, 1.6, 1.7
- Next message (by thread): [Fedora-directory-commits] ldapserver/ldap/clients/dsgw cgiutil.c, 1.6, 1.7 ckdel.c, 1.4, 1.5 ckdump.c, 1.4, 1.5 ckget.c, 1.4, 1.5 ckpurge.c, 1.4, 1.5 ckput.c, 1.4, 1.5 config.c, 1.5, 1.6 cookie.c, 1.5, 1.6 dbtdsgw.h, 1.4, 1.5 domodify.c, 1.5, 1.6 dsexpldif.c, 1.4, 1.5 dsgw.h, 1.6, 1.7 dsgwutil.c, 1.5, 1.6 dsimpldif.c, 1.4, 1.5 emitf.c, 1.4, 1.5 entrydisplay.c, 1.5, 1.6 htmlparse.c, 1.4, 1.5 ldaputil.c, 1.4, 1.5 templateindex.c, 1.4, 1.5 tutor.c, 1.4, 1.5
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: rmeggins
Update of /cvs/dirsec/ldapserver/ldap/admin/src
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8136/ldapserver/ldap/admin/src
Modified Files:
cfg_sspt.c create_instance.c ds_remove_uninst.cpp
init_ds_env.c instindex.cpp
Log Message:
Bug(s) fixed: 186280
Bug Description: ldapserver: Close potential security vulnerabilities in CGI code
Reviewed by: Nathan, Noriko, and Pete (Thanks!)
Fix Description: Clean up usage of sprintf, strcpy, fgets instead of
gets, fixed buffer usage, etc., mostly in the CGI code and other user
facing code (i.e. setup). Also, Steve Grubb told me about a GCC trick
to force it to check printf style varargs functions, to check the format
string against the argument string, for type mismatches, missing
arguments, and too many arguments.
In the CGI form argument parsing code, we needed to be more careful
about checking for bad input - good input is supposed to look like this:
name=value&name=value&.....
&name=value. I don't think the original code
was checking properly for something like name&name=value.
There was another place where we were not checking to see if a buffer
had enough room before appending a string to it.
I had to change a couple of functions to allow passing in the size of
the buffer.
Fixed some issues raised by Noriko and Nathan.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
Index: cfg_sspt.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/cfg_sspt.c,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- cfg_sspt.c 16 Feb 2006 17:39:47 -0000 1.8
+++ cfg_sspt.c 11 Apr 2006 02:14:31 -0000 1.9
@@ -239,6 +239,12 @@
#ifdef CGI_DEBUG
#include <stdarg.h>
+static void debug_log (const char* file, const char* format, ...)
+#ifdef __GNUC__
+ __attribute__ ((format (printf, 2, 3)));
+#else
+ ;
+#endif
static void
debug_log (const char* file, const char* format, ...)
@@ -375,6 +381,12 @@
list of strings to substitute in the format; basically just constructs
the correct aci string and passes it to add_aci
*/
+int add_aci_v(LDAP* ld, char* DN, char* format, ...)
+#ifdef __GNUC__
+ __attribute__ ((format (printf, 3, 4)));
+#else
+ ;
+#endif
int
add_aci_v(LDAP* ld, char* DN, char* format, ...)
{
Index: create_instance.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/create_instance.c,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -r1.26 -r1.27
--- create_instance.c 16 Mar 2006 22:19:31 -0000 1.26
+++ create_instance.c 11 Apr 2006 02:14:31 -0000 1.27
@@ -145,6 +145,13 @@
#endif
static char *make_error(char *fmt, ...)
+#ifdef __GNUC__
+ __attribute__ ((format (printf, 1, 2)));
+#else
+ ;
+#endif
+
+static char *make_error(char *fmt, ...)
{
static char errbuf[ERR_SIZE];
va_list args;
@@ -661,6 +668,12 @@
#define chownsearch(a, b)
#endif
+char *gen_script(char *s_root, char *name, char *fmt, ...)
+#ifdef __GNUC__
+ __attribute__ ((format (printf, 3, 4)));
+#else
+ ;
+#endif
char *gen_script(char *s_root, char *name, char *fmt, ...)
{
@@ -715,6 +728,12 @@
}
char *gen_perl_script(char *s_root, char *cs_path, char *name, char *fmt, ...)
+#ifdef __GNUC__
+ __attribute__ ((format (printf, 4, 5)));
+#else
+ ;
+#endif
+char *gen_perl_script(char *s_root, char *cs_path, char *name, char *fmt, ...)
{
char myperl[PATH_SIZE];
char fn[PATH_SIZE];
@@ -1356,8 +1375,7 @@
/* ---------------------- Update server script files ---------------------- */
int update_server(server_config_s *cf)
{
- char line[PATH_SIZE], *t, *sroot = cf->sroot;
- char subdir[PATH_SIZE];
+ char *t;
char error_param[BIG_LINE] = {0};
#if defined( SOLARIS )
Index: ds_remove_uninst.cpp
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/ds_remove_uninst.cpp,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- ds_remove_uninst.cpp 2 Sep 2005 20:40:48 -0000 1.6
+++ ds_remove_uninst.cpp 11 Apr 2006 02:14:31 -0000 1.7
@@ -80,6 +80,13 @@
#include "setupapi.h"
#define MAX_STR_SIZE 512
+static void dsLogMessage(const char *level, const char *which,
+ const char *format, ...)
+#ifdef __GNUC__
+ __attribute__ ((format (printf, 3, 4)));
+#else
+ ;
+#endif
static InstallLog *installLog = NULL;
Index: init_ds_env.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/init_ds_env.c,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- init_ds_env.c 19 Apr 2005 22:06:55 -0000 1.5
+++ init_ds_env.c 11 Apr 2006 02:14:31 -0000 1.6
@@ -48,6 +48,7 @@
#include "libadminutil/distadm.h"
#include "init_ds_env.h"
#include "dsalib.h"
+#include "prprf.h"
int init_ds_env()
{
Index: instindex.cpp
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/instindex.cpp,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- instindex.cpp 14 Mar 2006 17:13:38 -0000 1.9
+++ instindex.cpp 11 Apr 2006 02:14:31 -0000 1.10
@@ -55,7 +55,7 @@
#include <string.h>
/* --------------------------------- main --------------------------------- */
-
+#if NEEDED_FOR_DEBUGGING
static void
printInfo(int argc, char *argv[], char *envp[], FILE* fp)
{
@@ -76,6 +76,7 @@
fprintf(fp, "#####################################\n");
}
+#endif
#if defined (__hpux) && defined (__ia64)
int main(int argc, char *argv[], char *envp[])
- Previous message (by thread): [Fedora-directory-commits] ldapserver/include/base ereport.h, 1.6, 1.7 util.h, 1.6, 1.7
- Next message (by thread): [Fedora-directory-commits] ldapserver/ldap/clients/dsgw cgiutil.c, 1.6, 1.7 ckdel.c, 1.4, 1.5 ckdump.c, 1.4, 1.5 ckget.c, 1.4, 1.5 ckpurge.c, 1.4, 1.5 ckput.c, 1.4, 1.5 config.c, 1.5, 1.6 cookie.c, 1.5, 1.6 dbtdsgw.h, 1.4, 1.5 domodify.c, 1.5, 1.6 dsexpldif.c, 1.4, 1.5 dsgw.h, 1.6, 1.7 dsgwutil.c, 1.5, 1.6 dsimpldif.c, 1.4, 1.5 emitf.c, 1.4, 1.5 entrydisplay.c, 1.5, 1.6 htmlparse.c, 1.4, 1.5 ldaputil.c, 1.4, 1.5 templateindex.c, 1.4, 1.5 tutor.c, 1.4, 1.5
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the Fedora-directory-commits
mailing list