[Fedora-directory-commits] adminserver/lib/ldaputil/utest stubs.c, 1.3, 1.4

Fri Mar 31 22:58:31 UTC 2006

Author: rmeggins

Update of /cvs/dirsec/adminserver/lib/ldaputil/utest
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28761/adminserver/lib/ldaputil/utest

Modified Files:
	stubs.c 
Log Message:
Bug(s) fixed: 186280
Bug Description: adminserver: Close potential security vulnerabilities 
in CGI code
Reviewed by: Rob, Pete, Nathan, Noriko (Thanks!)
Fix Description: Most of this just involves making sure that we use 
PR_snprintf/PL_strncpyz/PL_strcatn where able, or just making sure we 
use snprintf/strncpy/strncat correctly and null terminate the buffers.  
I also got rid of some dead code, unused variables, and the like.  There 
are a few cases that are more complex that I have specified below.  In 
some cases I had to change the function signature to add a size 
parameter in cases where the function was copying to a given char * and 
the size was assumed (in most cases this was safe but it's still dangerous).
Platforms tested: Fedora Core 5
Flag Day: no
Doc impact: no



Index: stubs.c
===================================================================
RCS file: /cvs/dirsec/adminserver/lib/ldaputil/utest/stubs.c,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4

--- stubs.c	18 Aug 2005 19:19:34 -0000	1.3
+++ stubs.c	31 Mar 2006 22:58:28 -0000	1.4
@@ -87,8 +87,8 @@
     if (!val) return LDAPU_ERR_OUT_OF_MEMORY;
 
     ptr = val;
-    sprintf(attr_eq1, "%s =", attr);
-    sprintf(attr_eq2, "%s=", attr);
+    PR_snprintf(attr_eq1, sizeof(attr_eq1), "%s =", attr);
+    PR_snprintf(attr_eq2, sizeof(attr_eq2), "%s=", attr);
 
     while(cert_dn &&
 	  ((dnptr = strstr(cert_dn, attr_eq1)) ||


