[Fedora-directory-commits] setuputil/installer/lib prodinfo.cpp, 1.1.1.1, 1.2 setupapi.cpp, 1.1.1.1, 1.2 uninstall.cpp, 1.1.1.1, 1.2
Richard Allen Megginson (rmeggins)
fedora-directory-commits at redhat.com
Thu Mar 23 15:59:19 UTC 2006
- Previous message (by thread): [Fedora-directory-commits] adminutil/tests retrieveSIE.c,1.1,1.2
- Next message (by thread): [Fedora-directory-commits] setuputil/installer/unix dl-common.cc, 1.1.1.1, 1.2 dl-dnld.cc, 1.1.1.1, 1.2 dl-inst.cc, 1.1.1.1, 1.2 dl-uninst.cc, 1.1.1.1, 1.2 installer.cc, 1.3, 1.4 product.cc, 1.4, 1.5 uninstaller.cc, 1.1.1.1, 1.2 ux-setup.cc, 1.1.1.1, 1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: rmeggins
Update of /cvs/dirsec/setuputil/installer/lib
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv15054/setuputil/installer/lib
Modified Files:
prodinfo.cpp setupapi.cpp uninstall.cpp
Log Message:
Bug(s) fixed: 186280
Bug Description: Close potential security vulnerabilities in CGI code
Reviewed by: Nathan & Noriko (Thanks!)
Fix Description: Mostly cleaned up usage of sprintf.
Platforms tested: Fedora Core 5
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
Index: prodinfo.cpp
===================================================================
RCS file: /cvs/dirsec/setuputil/installer/lib/prodinfo.cpp,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- prodinfo.cpp 29 Jul 2005 22:16:29 -0000 1.1.1.1
+++ prodinfo.cpp 23 Mar 2006 15:59:10 -0000 1.2
@@ -24,6 +24,17 @@
** Name: prodinfo.c
**
** $Log$
+** Revision 1.2 2006/03/23 15:59:10 rmeggins
+** Bug(s) fixed: 186280
+** Bug Description: Close potential security vulnerabilities in CGI code
+** Reviewed by: Nathan & Noriko (Thanks!)
+** Fix Description: Mostly cleaned up usage of sprintf.
+** Platforms tested: Fedora Core 5
+** Flag Day: no
+** Doc impact: no
+** QA impact: should be covered by regular nightly and manual testing
+** New Tests integrated into TET: none
+**
** Revision 1.1.1.1 2005/07/29 22:16:29 foxworth
** Importing new setup sdk for open source project
**
@@ -239,17 +250,19 @@
continue;
}
if ( buf[0] == '[' ) { /* install date */
- int n;
- char tmp[BUFSIZ];
+ int end = 0;
for ( i = strlen( buf ) - 1 ; i-- ; ) {
if ( buf[i] == ']' ) {
buf[i] = '\0'; /* clean up date */
break;
}
}
- n = sscanf (buf + 1, "%s %s %s %s %s", tmp, tmp, tmp, tmp, tmp);
+ /* need to know if there are at least 5 tokens in buf - end will only be set
+ if there are at least 5 whitespace delimited tokens in (buf+1)
+ */
+ sscanf (buf + 1, "%*s %*s %*s %*s %*s%n", &end);
- if (n == 5)
+ if (end)
{
if ( tree->when ) {
break; /* this is a previous date, stop reading */
Index: setupapi.cpp
===================================================================
RCS file: /cvs/dirsec/setuputil/installer/lib/setupapi.cpp,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- setupapi.cpp 29 Jul 2005 22:16:30 -0000 1.1.1.1
+++ setupapi.cpp 23 Mar 2006 15:59:10 -0000 1.2
@@ -1887,10 +1887,9 @@
#else
FILE *f = fopen("/etc/resolv.conf", "r");
char line[SML_BUF];
- char *domain;
+ char domain[SML_BUF];
char *dm;
- domain = (char *) malloc(SML_BUF);
/* See if there's a domain entry in their resolver configuration */
if (f)
{
@@ -1898,9 +1897,20 @@
{
if (!strncasecmp(line, "domain ", 7))
{
- sscanf(&line[7], "%s", domain);
- dm = (domain[0] == '.' ? &domain[1] : domain);
- return dm;
+ int end = 0;
+ int len = strlen(line);
+ char *begin = &line[7];
+ if ((len > 8) && (line[7] == '.')) {
+ begin = &line[8];
+ }
+ sscanf(begin, "%*s%n", &end);
+ if (end) {
+ fclose(f);
+ strncpy(domain, begin, end);
+ domain[end] = 0;
+ dm = strdup(domain);
+ return dm;
+ }
}
}
fclose(f);
@@ -1913,7 +1923,12 @@
#else
getdomainname(domain, SML_BUF);
#endif
- dm = (domain[0] == '.' ? &domain[1] : domain);
+ domain[SML_BUF] = 0;
+ if (domain[0] == '.') {
+ dm = strdup(&domain[1]);
+ } else {
+ dm = strdup(domain);
+ }
#endif
return dm;
Index: uninstall.cpp
===================================================================
RCS file: /cvs/dirsec/setuputil/installer/lib/uninstall.cpp,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- uninstall.cpp 29 Jul 2005 22:16:30 -0000 1.1.1.1
+++ uninstall.cpp 23 Mar 2006 15:59:10 -0000 1.2
@@ -28,6 +28,17 @@
**
** HISTORY:
** $Log$
+** Revision 1.2 2006/03/23 15:59:10 rmeggins
+** Bug(s) fixed: 186280
+** Bug Description: Close potential security vulnerabilities in CGI code
+** Reviewed by: Nathan & Noriko (Thanks!)
+** Fix Description: Mostly cleaned up usage of sprintf.
+** Platforms tested: Fedora Core 5
+** Flag Day: no
+** Doc impact: no
+** QA impact: should be covered by regular nightly and manual testing
+** New Tests integrated into TET: none
+**
** Revision 1.1.1.1 2005/07/29 22:16:30 foxworth
** Importing new setup sdk for open source project
**
@@ -79,7 +90,7 @@
if (moduleNickName)
{
- sprintf(tstr, "%s%c%s%c%s%c%s.log",
+ snprintf(tstr, sizeof(tstr), "%s%c%s%c%s%c%s.log",
serverRoot,
PATH_DELIM,
"setup",
@@ -90,7 +101,7 @@
}
else
{
- sprintf(tstr, "%s%c%s%c%s%c%s.log",
+ snprintf(tstr, sizeof(tstr), "%s%c%s%c%s%c%s.log",
serverRoot,
PATH_DELIM,
"setup",
@@ -99,6 +110,7 @@
PATH_DELIM,
packageNickName);
}
+ tstr[sizeof(tstr)-1] = 0;
fp = fopen(tstr, "a");
- Previous message (by thread): [Fedora-directory-commits] adminutil/tests retrieveSIE.c,1.1,1.2
- Next message (by thread): [Fedora-directory-commits] setuputil/installer/unix dl-common.cc, 1.1.1.1, 1.2 dl-dnld.cc, 1.1.1.1, 1.2 dl-inst.cc, 1.1.1.1, 1.2 dl-uninst.cc, 1.1.1.1, 1.2 installer.cc, 1.3, 1.4 product.cc, 1.4, 1.5 uninstaller.cc, 1.1.1.1, 1.2 ux-setup.cc, 1.1.1.1, 1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the Fedora-directory-commits
mailing list