[Fedora-directory-commits] adminserver/lib/libsi18n getlang.c, 1.4, 1.5 getstrprop.c, 1.3, 1.4 makstrdb.c, 1.3, 1.4 propset.c, 1.3, 1.4 txtfile.c, 1.3, 1.4

Richard Allen Megginson (rmeggins) fedora-directory-commits at redhat.com
Fri Mar 31 22:58:37 UTC 2006


Author: rmeggins

Update of /cvs/dirsec/adminserver/lib/libsi18n
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28761/adminserver/lib/libsi18n

Modified Files:
	getlang.c getstrprop.c makstrdb.c propset.c txtfile.c 
Log Message:
Bug(s) fixed: 186280
Bug Description: adminserver: Close potential security vulnerabilities 
in CGI code
Reviewed by: Rob, Pete, Nathan, Noriko (Thanks!)
Fix Description: Most of this just involves making sure that we use 
PR_snprintf/PL_strncpyz/PL_strcatn where able, or just making sure we 
use snprintf/strncpy/strncat correctly and null terminate the buffers.  
I also got rid of some dead code, unused variables, and the like.  There 
are a few cases that are more complex that I have specified below.  In 
some cases I had to change the function signature to add a size 
parameter in cases where the function was copying to a given char * and 
the size was assumed (in most cases this was safe but it's still dangerous).
Platforms tested: Fedora Core 5
Flag Day: no
Doc impact: no



Index: getlang.c
===================================================================
RCS file: /cvs/dirsec/adminserver/lib/libsi18n/getlang.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- getlang.c	18 Aug 2005 19:20:24 -0000	1.4
+++ getlang.c	31 Mar 2006 22:58:34 -0000	1.5
@@ -75,16 +75,22 @@
 {
 	switch(type) {
 	case CLIENT_LANGUAGE:
-		if (language)
-			strcpy(client_language, language);
+		if (language) {
+			strncpy(client_language, language, sizeof(client_language));
+            client_language[sizeof(client_language)-1] = 0;
+        }
 		break;
 	case ADMIN_LANGUAGE:
-		if (language)
-			strcpy(admin_language, language);
+		if (language) {
+			strncpy(admin_language, language, sizeof(admin_language));
+            admin_language[sizeof(admin_language)-1] = 0;
+        }
 		break;
 	case DEFAULT_LANGUAGE:
-		if (language)
-			strcpy(default_language, language);
+		if (language) {
+			strncpy(default_language, language, sizeof(default_language));
+            default_language[sizeof(default_language)-1] = 0;
+        }
 		break;
 	}
 	return ;
@@ -125,7 +131,7 @@
 
 NSAPI_PUBLIC
 int
-GetFileForLanguage(char* filePath,char* language,char* existingFilePath)
+GetFileForLanguage(char* filePath,char* language,char* existingFilePath,size_t existingSize)
 {
   /* Input: filePath,language
    * filePath is of the form "/xxx/xxx/$$LANGDIR/xxx/xxx/filename"
@@ -212,7 +218,8 @@
       
       /* Try: /path/language/filename.ext */
       if (pattern) {
-        strcpy(existingFilePath,filePath);
+        strncpy(existingFilePath,filePath, existingSize);
+        existingFilePath[existingSize-1] = 0;
         strReplace(existingFilePath,"$$LANGDIR",acceptLanguageList[iLang]);
 
         if (stat(existingFilePath,&info)==0) {
@@ -228,14 +235,16 @@
       
       /* Try: /path/filename_language.ext */
       {
-        strcpy(existingFilePath,filePath);
+        strncpy(existingFilePath,filePath, existingSize);
+        existingFilePath[existingSize-1] = 0;
         strReplace(existingFilePath,"$$LANGDIR/",emptyString);
         pDot = strrchr(existingFilePath,'.');
         pSlash = strrchr(existingFilePath,'/');
         if (pSlash>=pDot) {
           pDot = strchr(existingFilePath,'\0');
         }
-        sprintf(lang_modifier,"%c%s",LANG_DELIMIT,acceptLanguageList[iLang]);
+        snprintf(lang_modifier,sizeof(lang_modifier),"%c%s",LANG_DELIMIT,acceptLanguageList[iLang]);
+        lang_modifier[sizeof(lang_modifier)-1] = 0;
         strReplace(pDot,emptyString,lang_modifier);
 
         if (stat(existingFilePath,&info)==0) {


Index: getstrprop.c
===================================================================
RCS file: /cvs/dirsec/adminserver/lib/libsi18n/getstrprop.c,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- getstrprop.c	18 Aug 2005 19:20:24 -0000	1.3
+++ getstrprop.c	31 Mar 2006 22:58:34 -0000	1.4
@@ -154,7 +154,6 @@
 #if 0
 #include "base/crit.h"
 #include "base/systhr.h"
-static char pathDB[100] = "\0";
 static int Initialized = 0;
 
 #ifdef XP_UNIX


Index: makstrdb.c
===================================================================
RCS file: /cvs/dirsec/adminserver/lib/libsi18n/makstrdb.c,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- makstrdb.c	18 Aug 2005 19:20:24 -0000	1.3
+++ makstrdb.c	31 Mar 2006 22:58:34 -0000	1.4
@@ -117,7 +117,6 @@
   char* cptr;
   RESOURCE_TABLE* table;
   NSRESHANDLE hresdb;
-  char DBTlibraryName[128];
   
   /* Creating database */
   hresdb = NSResCreateTable(DATABASE_NAME, NULL);


Index: propset.c
===================================================================
RCS file: /cvs/dirsec/adminserver/lib/libsi18n/propset.c,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- propset.c	18 Aug 2005 19:20:24 -0000	1.3
+++ propset.c	31 Mar 2006 22:58:34 -0000	1.4
@@ -117,7 +117,7 @@
     char *filepath;
     char *p, *q;
     int n;
-    char linebuf[1000];
+    char linebuf[FILE_BUFFER_SIZE+1];
     int st;
 
     st = PropertiesLanguageStatus(propset, language);


Index: txtfile.c
===================================================================
RCS file: /cvs/dirsec/adminserver/lib/libsi18n/txtfile.c,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- txtfile.c	18 Aug 2005 19:20:24 -0000	1.3
+++ txtfile.c	31 Mar 2006 22:58:34 -0000	1.4
@@ -25,16 +25,6 @@
 
 #include "txtfile.h"
 
-
-
-#if 0
-char fileBuffer[FILE_BUFFER_SIZE + 1];
-char *fbCurrent;
-int  fbSize;
-int fbStatus;
-#endif
-
-
 TEXTFILE * OpenTextFile(char *filename, int access)
 {
     TEXTFILE *txtfile;




More information about the Fedora-directory-commits mailing list