Index: trunk/src/cutest_sh_utils.c =================================================================== --- trunk/src/cutest_sh_utils.c (revision 21) +++ trunk/src/cutest_sh_utils.c (revision 22) @@ -10,6 +10,6 @@ int ret = 0; +#if defined(SH_WITH_CLIENT) || defined(SH_STANDALONE) char input[16] = "foobar"; -#if defined(SH_WITH_CLIENT) || defined(SH_STANDALONE) ret = sh_util_obscure_ok ("0xA1,0xA2,0xA3"); Index: trunk/src/samhain.c =================================================================== --- trunk/src/samhain.c (revision 21) +++ trunk/src/samhain.c (revision 22) @@ -382,5 +382,5 @@ */ (void) sl_strlcpy (sh.host.name, _("localhost"), SH_MINIBUF); - sh.host.system[0] = '\0'; + sh.host.system[0] = '\0'; /* flawfinder: ignore *//* ff bug */ sh.host.release[0] = '\0'; sh.host.machine[0] = '\0'; @@ -582,5 +582,5 @@ skey->mailkey_old[0] = '\0'; skey->mailkey_new[0] = '\0'; - skey->crypt[0] = '\0'; + skey->crypt[0] = '\0'; /* flawfinder: ignore *//* ff bug */ skey->session[0] = '\0'; skey->vernam[0] = '\0'; @@ -725,14 +725,23 @@ char exef[128]; + if (!pidlist) + return NULL; + for (i = 0; i < 65535; ++i) pidlist[i] = 0; i = 0; if (0 != stat(SH_INSTALL_PATH, &buf)) - return NULL; + { + free(pidlist); + return NULL; + } ino = (long) buf.st_ino; if (NULL == (dp = opendir("/proc"))) - return NULL; + { + free(pidlist); + return NULL; + } while (NULL != (d = readdir(dp)) && i < 65535) { @@ -860,16 +869,11 @@ - fullpath = malloc(strlen(SH_INSTALL_PATH)+1); + fullpath = strdup (SH_INSTALL_PATH); if (fullpath == NULL) - { perror(_("malloc")); exit (1); } - else - strcpy(fullpath, SH_INSTALL_PATH); /* known to fit */ - - argp[0] = malloc(strlen(SH_INSTALL_PATH)+1); + { perror(_("strdup")); exit (1); } + + argp[0] = strdup (SH_INSTALL_PATH); if (argp[0] == NULL) - { perror(_("malloc")); exit (1); } - else - strcpy(argp[0], SH_INSTALL_PATH); /* known to fit */ - + { perror(_("strdup")); exit (1); } for (times = 1; times < 32; ++times) argp[times] = NULL; @@ -879,9 +883,7 @@ for (times = 2; times < res; ++times) { - argp[times-1] = malloc(strlen(argv[times])+1); + argp[times-1] = strdup (argv[times]); if (argp[times-1] == NULL) - { perror(_("malloc")); exit (1); } - else - strcpy(argp[times-1], argv[times]); /* known to fit */ + { perror(_("strdup")); exit (1); } } @@ -903,5 +905,5 @@ _exit(4); } - (void) execv(fullpath, argp); + (void) execv(fullpath, argp); /* flawfinder: ignore *//* wtf? */ if (errno == EPERM) _exit(4); @@ -941,5 +943,8 @@ pidlist = procdirSamhain (); if (pid == 0 && NULL == pidlist) /* pid file not found */ - return (0); + { + free(fullpath); + return (0); + } status = 0; @@ -956,4 +961,5 @@ } } + free(fullpath); if (status == 7) return 0; @@ -992,5 +998,5 @@ } } - + free(fullpath); /* silence smatch false positive */ exit (1); /* no exit handler installed yet */ /*@notreached@*/ @@ -1022,5 +1028,5 @@ /* Add a new schedule to the linked list of schedules */ -static sh_schedule_t * sh_set_schedule_int (char * str, +static sh_schedule_t * sh_set_schedule_int (const char * str, sh_schedule_t * FileSchedIn, /*@out@*/ int * status) @@ -1052,5 +1058,5 @@ /* Add a new schedule to the linked list FileSchedOne */ -int sh_set_schedule_one (char * str) +int sh_set_schedule_one (const char * str) { int status; @@ -1061,5 +1067,5 @@ /* Add a new schedule to the linked list FileSchedTwo */ -int sh_set_schedule_two (char * str) +int sh_set_schedule_two (const char * str) { int status; @@ -1214,10 +1220,15 @@ /* Save the timezone. */ - if ((tzptr = getenv("TZ")) != NULL) + if (NULL != (tzptr = getenv("TZ"))) /* flawfinder: ignore */ { tzlen = strlen(tzptr); - sh.timezone = malloc (tzlen + 1); - if (sh.timezone != NULL) - (void) sl_strlcpy (sh.timezone, tzptr, tzlen + 1); + if (tzlen < 1024) + { + sh.timezone = malloc (tzlen + 1); + if (sh.timezone != NULL) + (void) sl_strlcpy (sh.timezone, tzptr, tzlen + 1); + } + else + sh.timezone = NULL; } else Index: trunk/src/samhain_setpwd.c =================================================================== --- trunk/src/samhain_setpwd.c (revision 21) +++ trunk/src/samhain_setpwd.c (revision 22) @@ -1,8 +1,3 @@ #include "config_xor.h" - -#ifdef HAVE_BROKEN_INCLUDES -#define _ANSI_C_SOURCE -#define _POSIX_SOURCE -#endif #include @@ -13,8 +8,129 @@ #include #include +#include #include #include +#include +#include #include +#if defined(HAVE_SCHED_H) && defined(HAVE_SCHED_YIELD) +#include +#endif + +#if defined(HAVE_INT_32) +typedef unsigned int UINT32; +#elif defined(HAVE_LONG_32) +typedef unsigned long UINT32; +#elif defined(HAVE_SHORT_32) +typedef unsigned short UINT32; +#endif + +#define TAUS_MAX 4294967295UL + +static UINT32 taus_state[3]; + +static UINT32 taus_get () +{ + +#define TAUSWORTHE(s,a,b,c,d) ((s &c) <>b) + taus_state[0] = TAUSWORTHE (taus_state[0], 13, 19, 4294967294UL, 12); + taus_state[1] = TAUSWORTHE (taus_state[1], 2, 25, 4294967288UL, 4); + taus_state[2] = TAUSWORTHE (taus_state[2], 3, 11, 4294967280UL, 17); + return (taus_state[0] ^ taus_state[1] ^ taus_state[2]); +} + +static void taus_seed () +{ + unsigned char buf[12]; + unsigned char buf2[12]; + unsigned char buf3[12]; + ssize_t count; + size_t nbytes = sizeof(buf); + size_t where = 0; + + struct timeval t1, t2; + UINT32 delta, k[3]; + int i, j; + + int fd = open ("/dev/urandom", O_RDONLY); + + if (fd == -1) + { + gettimeofday(&t1, NULL); + delta = t1.tv_usec; + memcpy(&buf[0], &delta, 4); + gettimeofday(&t1, NULL); + delta = t1.tv_usec; + memcpy(&buf[4], &delta, 4); + gettimeofday(&t1, NULL); + delta = t1.tv_usec; + memcpy(&buf[8], &delta, 4); + goto second; + } + + while (nbytes) { + count = read(fd, &buf[where], nbytes); + if (count == -1 && errno == EINTR) + continue; + where += count; + nbytes -= count; + } while (count == -1 && errno == EINTR); + + close(fd); + + second: + for (i = 0; i < 12; ++i) + { + gettimeofday(&t1, NULL); + if (0 == fork()) + _exit(EXIT_SUCCESS); + wait(NULL); + gettimeofday(&t2, NULL); + delta = t2.tv_usec - t1.tv_usec; + buf2[i] = (unsigned char) delta; + } + + for (i = 0; i < 12; ++i) + { + gettimeofday(&t1, NULL); + for (j = 0; j < 32768; ++j) + { + if (0 == kill (j,0)) + k[i % 3] ^= j; + } + gettimeofday(&t2, NULL); + delta = t2.tv_usec - t1.tv_usec; + buf3[i] ^= (unsigned char) delta; + } + + memcpy(&taus_state[0], &buf3[0], 4); + memcpy(&taus_state[1], &buf3[4], 4); + memcpy(&taus_state[2], &buf3[8], 4); + + taus_state[0] ^= k[0]; + taus_state[1] ^= k[1]; + taus_state[2] ^= k[2]; + + memcpy(&k[0], &buf2[0], 4); + memcpy(&k[1], &buf2[4], 4); + memcpy(&k[2], &buf2[8], 4); + + taus_state[0] ^= k[0]; + taus_state[1] ^= k[1]; + taus_state[2] ^= k[2]; + + memcpy(&k[0], &buf[0], 4); + memcpy(&k[1], &buf[4], 4); + memcpy(&k[2], &buf[8], 4); + + taus_state[0] ^= k[0]; + taus_state[1] ^= k[1]; + taus_state[2] ^= k[2]; + + taus_state[0] |= (UINT32) 0x03; + taus_state[1] |= (UINT32) 0x09; + taus_state[2] |= (UINT32) 0x17; +} #ifdef SH_STEALTH @@ -112,4 +228,5 @@ char * newn; + size_t nlen; int oldf; int newf; @@ -196,5 +313,5 @@ (void) umask (0); - srand(time(NULL) ^ getpid()); + taus_seed(); bytecount = 0; @@ -206,8 +323,9 @@ oldf = open(argv[1], O_RDONLY); - newn = (char *) malloc (strlen(argv[1])+strlen(argv[2])+2); - strcpy(newn, argv[1]); - strcat(newn, "."); - strcat(newn, argv[2]); + nlen = strlen(argv[1])+strlen(argv[2])+2; + newn = (char *) malloc (nlen); + strncpy(newn, argv[1], nlen); newn[nlen-1] = '\0'; + strncat(newn, ".", nlen); newn[nlen-1] = '\0'; + strncat(newn, argv[2], nlen); newn[nlen-1] = '\0'; newf = open(newn, O_WRONLY|O_CREAT|O_TRUNC, S_IRWXU); @@ -265,5 +383,5 @@ (unsigned char) *found_it); - ccd = (unsigned char) (256.0 * rand()/(RAND_MAX+1.0)); + ccd = (unsigned char) (256.0 * (taus_get()/(TAUS_MAX+1.0))); sprintf(&newpwd[i*2], _("%02x"), (unsigned char) ccd); @@ -340,5 +458,5 @@ (unsigned char) *found_it); - ccd = (unsigned char) (256.0 * rand()/(RAND_MAX+1.0)); + ccd = (unsigned char) (256.0 * taus_get()/(TAUS_MAX+1.0)); sprintf(&newpwd[i*2], _("%02x"), (unsigned char) ccd); Index: trunk/src/sh_calls.c =================================================================== --- trunk/src/sh_calls.c (revision 21) +++ trunk/src/sh_calls.c (revision 22) @@ -82,5 +82,5 @@ /* Set aud functions */ -int sh_aud_set_functions(char * str_s) +int sh_aud_set_functions(const char * str_s) { int i = 0; Index: trunk/src/sh_database.c =================================================================== --- trunk/src/sh_database.c (revision 21) +++ trunk/src/sh_database.c (revision 22) @@ -40,6 +40,4 @@ #include "sh_error.h" #include "sh_utils.h" - -extern int safe_logger (int signal, int method, pid_t thepid); #undef FIL__ @@ -253,10 +251,10 @@ static int sh_persistent_dbconn = S_TRUE; -int sh_database_use_persistent (char * str) +int sh_database_use_persistent (const char * str) { return sh_util_flagval (str, &sh_persistent_dbconn); } -static int insert_value (char * ptr, char * str) +static int insert_value (char * ptr, const char * str) { if (!ptr || !str) @@ -276,21 +274,21 @@ -int sh_database_set_database (char * str) +int sh_database_set_database (const char * str) { return insert_value (db_name, str); } -int sh_database_set_table (char * str) +int sh_database_set_table (const char * str) { return insert_value (db_table, str); } -int sh_database_set_host (char * str) +int sh_database_set_host (const char * str) { return insert_value (db_host, str); } -int sh_database_set_user (char * str) +int sh_database_set_user (const char * str) { return insert_value (db_user, str); } -int sh_database_set_password (char * str) +int sh_database_set_password (const char * str) { return insert_value (db_password, str); @@ -568,5 +566,5 @@ oracle_doconnect: - if (!getenv("ORACLE_HOME")) + if (!getenv("ORACLE_HOME")) /* flawfinder: ignore */ { sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN, @@ -1482,5 +1480,5 @@ } -int sh_database_add_to_hash (char * str) +int sh_database_add_to_hash (const char * str) { int i; @@ -1692,5 +1690,5 @@ static int enter_wrapper = 1; -int set_enter_wrapper (char * str) +int set_enter_wrapper (const char * str) { return sh_util_flagval(str, &enter_wrapper); Index: trunk/src/sh_entropy.c =================================================================== --- trunk/src/sh_entropy.c (revision 21) +++ trunk/src/sh_entropy.c (revision 22) @@ -170,5 +170,5 @@ memset( &addr, 0, sizeof(addr) ); addr.sun_family = AF_UNIX; - strcpy( addr.sun_path, name ); /* known to fit */ + sl_strlcpy( addr.sun_path, name, sizeof(addr.sun_path) ); addr_len = offsetof( struct sockaddr_un, sun_path ) + strlen( addr.sun_path ); @@ -570,4 +570,5 @@ char * arg[4]; char * envp[2]; + size_t len; SL_ENTER(_("sh_popen")); @@ -580,7 +581,8 @@ if (sh.timezone != NULL) { - envp[0] = malloc (sl_strlen(sh.timezone) + 4); /* free() ok */ + len = sl_strlen(sh.timezone) + 4; + envp[0] = malloc (len); /* free() ok */ if (envp[0] != NULL) - sprintf (envp[0], "TZ=%s", sh.timezone); /* known to fit */ + sl_snprintf (envp[0], len, "TZ=%s", sh.timezone); else envp[0] = NULL; @@ -778,4 +780,5 @@ sl_strlcat(combuf, _(source[i].command), 80); + /* flawfinder: ignore */ if ( access (combuf, X_OK) == 0) { Index: trunk/src/sh_err_console.c =================================================================== --- trunk/src/sh_err_console.c (revision 21) +++ trunk/src/sh_err_console.c (revision 22) @@ -112,5 +112,5 @@ /* Enable the message queue */ -int enable_msgq(char * foo) +int enable_msgq(const char * foo) { int i; @@ -234,5 +234,5 @@ /* ---- Set the console device. ---- */ -int sh_log_set_console (char * address) +int sh_log_set_console (const char * address) { SL_ENTER(_("sh_log_set_console")); Index: trunk/src/sh_err_log.c =================================================================== --- trunk/src/sh_err_log.c (revision 21) +++ trunk/src/sh_err_log.c (revision 22) @@ -604,5 +604,5 @@ char sigkey_old[KEY_LEN+1]; char sigkey_new[KEY_LEN+1]; - char crypt[KEY_LEN+1]; + char crypto[KEY_LEN+1]; struct lfstc * next; } open_logfile; @@ -613,5 +613,5 @@ #ifdef SH_WITH_SERVER -int set_flag_sep_log (char * str) +int set_flag_sep_log (const char * str) { return sh_util_flagval(str, &flag_sep_log); @@ -642,5 +642,5 @@ char * sigkey_new; char * sigkey_old; - char * crypt; + char * crypto; SL_ENTER(_("sh_log_file")); @@ -734,5 +734,5 @@ memset(current->sigkey_old, (int)'\0', KEY_LEN+1); memset(current->sigkey_new, (int)'\0', KEY_LEN+1); - memset(current->crypt, (int)'\0', KEY_LEN+1); + memset(current->crypto, (int)'\0', KEY_LEN+1); current->next = logfile_list; logfile_list = current; @@ -841,5 +841,5 @@ sigkey_old = current->sigkey_old; sigkey_new = current->sigkey_new; - crypt = current->crypt; + crypto = current->crypto; } else @@ -847,5 +847,5 @@ sigkey_old = skey->sigkey_old; sigkey_new = skey->sigkey_new; - crypt = skey->crypt; + crypto = skey->crypt; /* flawfinder: ignore */ } @@ -869,10 +869,10 @@ /* Copy it to 'crypt' for encryption. */ - (void) sl_strlcpy(crypt, sigkey_new, KEY_LEN+1); + (void) sl_strlcpy(crypto, sigkey_new, KEY_LEN+1); /* Use message and compiled-in key to encrypt. */ BREAKEXIT(sh_util_encode); - sh_util_encode(crypt, log_msg.msg, 0, 'B'); + sh_util_encode(crypto, log_msg.msg, 0, 'B'); /* Send out the key. @@ -900,6 +900,6 @@ sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_START_KEY_MAIL, - sh.prg_name, crypt, - crypt, log_msg.timestamp); + sh.prg_name, crypto, + crypto, log_msg.timestamp); /* send to other allowed channels @@ -913,5 +913,5 @@ sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_START_KEY, - sh.prg_name, crypt); + sh.prg_name, crypto); /* Cleanup. @@ -926,5 +926,5 @@ - memset (crypt, (int) '\0', KEY_LEN); + memset (crypto, (int) '\0', KEY_LEN); sh.flag.log_start = S_FALSE; current->log_start = S_FALSE; @@ -949,23 +949,23 @@ (void) sl_strlcpy (sigkey_old, sigkey_new, KEY_LEN+1); - /*@-bufferoverflowhigh -usedef@*/ + /*@-usedef@*/ #ifdef SH_USE_XML if (log_msg.timestamp[0] != '\0') - sprintf(log_msg.sig, /* known to fit */ + sl_snprintf(log_msg.sig, sizeof(log_msg.sig), #ifdef FIX_XML - _("\n%s%s\n"), /* FIX XML */ -#else - _("\nsig>%s%s\n"), /* FIX XML */ -#endif - log_msg.signature, log_msg.timestamp); + _("\n%s%s\n"), /* FIX XML */ +#else + _("\nsig>%s%s\n"), /* FIX XML */ +#endif + log_msg.signature, log_msg.timestamp); else - sprintf(log_msg.sig, /* known to fit */ + sl_snprintf(log_msg.sig, sizeof(log_msg.sig), #ifdef FIX_XML - _("\n%s\n"), /* FIX XML */ -#else - _("\nsig>%s\n"), /* FIX XML */ -#endif - log_msg.signature); - /*@+bufferoverflowhigh +usedef@*/ + _("\n%s\n"), /* FIX XML */ +#else + _("\nsig>%s\n"), /* FIX XML */ +#endif + log_msg.signature); + /*@+usedef@*/ #ifdef SH_STEALTH Index: trunk/src/sh_err_syslog.c =================================================================== --- trunk/src/sh_err_syslog.c (revision 21) +++ trunk/src/sh_err_syslog.c (revision 22) @@ -110,5 +110,5 @@ /* set syslog facility */ -int sh_log_set_facility (char * c) +int sh_log_set_facility (const char * c) { int loop = 0; Index: trunk/src/sh_error.c =================================================================== --- trunk/src/sh_error.c (revision 21) +++ trunk/src/sh_error.c (revision 22) @@ -102,5 +102,5 @@ /* convert a string to a numeric priority */ -int sh_error_convert_level (char * str_s); +int sh_error_convert_level (const char * str_s); static int IsInitialized = BAD; @@ -219,5 +219,5 @@ } -static int sh_error_set_classmask (/*@notnull@*/char * c, int * facility_mask) +static int sh_error_set_classmask (const char * str, int * facility_mask) { char * p; @@ -225,8 +225,9 @@ unsigned int i; size_t len; + char * c; SL_ENTER(_("sh_error_set_classmask")); - if (c == NULL) + if (str == NULL) SL_RETURN( -1, _("sh_error_set_classmask")); @@ -234,7 +235,11 @@ (void) sh_error_init(); - if (c[0] == (char) 34) - ++c; - len = strlen(c); + if (str[0] == (char) 34) + ++str; + len = strlen(str); + + c = SH_ALLOC(len+1); + sl_strlcpy(c, str, len+1); + if (c[len-1] == (char) 34) c[len-1] = '\0'; @@ -273,36 +278,37 @@ } while (p); + SH_FREE(c); SL_RETURN( 0, _("sh_error_set_classmask")); } -int sh_error_log_mask (char * c) +int sh_error_log_mask (const char * c) { return (sh_error_set_classmask(c, &(errFlags.log_class))); } -int sh_error_mail_mask (char * c) +int sh_error_mail_mask (const char * c) { return (sh_error_set_classmask(c, &(errFlags.mail_class))); } -int sh_error_print_mask (char * c) +int sh_error_print_mask (const char * c) { return (sh_error_set_classmask(c, &(errFlags.print_class))); } -int sh_error_export_mask (char * c) +int sh_error_export_mask (const char * c) { return (sh_error_set_classmask(c, &(errFlags.export_class))); } -int sh_error_syslog_mask (char * c) +int sh_error_syslog_mask (const char * c) { return (sh_error_set_classmask(c, &(errFlags.syslog_class))); } -int sh_error_external_mask (char * c) +int sh_error_external_mask (const char * c) { return (sh_error_set_classmask(c, &(errFlags.external_class))); } -int sh_error_database_mask (char * c) +int sh_error_database_mask (const char * c) { return (sh_error_set_classmask(c, &(errFlags.database_class))); } -int sh_error_prelude_mask (char * c) +int sh_error_prelude_mask (const char * c) { return (sh_error_set_classmask(c, &(errFlags.prelude_class))); @@ -446,5 +452,5 @@ }; -int sh_error_convert_level (char * str_s) +int sh_error_convert_level (const char * str_s) { int i; @@ -472,5 +478,5 @@ /* --- Set severity levels. --- */ -int sh_error_set_iv (int iv, char * str_s) +int sh_error_set_iv (int iv, const char * str_s) { int level = (-1); @@ -1126,13 +1132,15 @@ { int retval; + size_t ex_len; /* will truncate to 65280 bytes */ export_block = 1; - ex_msg = SH_ALLOC (64 + sl_strlen(lmsg->msg) + 1); - /*@-bufferoverflowhigh@*/ - sprintf(ex_msg, _("%d?%u?%s"), /* known to fit */ - severity, class, lmsg->msg); - /*@-bufferoverflowhigh@*/ + ex_len = 64 + sl_strlen(lmsg->msg) + 1; + ex_msg = SH_ALLOC (ex_len); + + sl_snprintf(ex_msg, ex_len, _("%d?%u?%s"), + severity, class, lmsg->msg); + retval = sh_forward (ex_msg); SH_FREE(ex_msg); @@ -1306,8 +1314,8 @@ /* allocate space for user-defined message header */ -int sh_error_ehead (/*@null@*/char * str_s) +int sh_error_ehead (/*@null@*/const char * str_s) { size_t size; - char * s; + const char * s; SL_ENTER(_("sh_error_ehead")); @@ -1324,5 +1332,5 @@ size = /*@i@*/strlen(s); - if (/*@i@*/s[size-1] == (char) 34) --size; + if (/*@i@*/s[size-1] == (char) 34) --size; /* truncate */ if (ehead_format != NULL) @@ -1482,5 +1490,5 @@ len = sl_strlen(lmsg->msg); /*@i@*/required = sl_vsnprintf(&(lmsg->msg[len]), - (lmsg->msg_len - len), lmsg->format, vl); + (lmsg->msg_len - len), lmsg->format, vl); if ( (required + len) > (lmsg->msg_len - 4) ) { Index: trunk/src/sh_extern.c =================================================================== --- trunk/src/sh_extern.c (revision 21) +++ trunk/src/sh_extern.c (revision 22) @@ -364,7 +364,6 @@ PDBGC(5); - sprintf(pname, _("/proc/self/fd/%d"), /* known to fit */ - pfd); - if (access(pname, R_OK|X_OK) == 0) + sl_snprintf(pname, sizeof(pname), _("/proc/self/fd/%d"), pfd); + if (access(pname, R_OK|X_OK) == 0) /* flawfinder: ignore */ { PDBGC(6); @@ -402,5 +401,5 @@ * -- execute path if executable */ - if (0 == access(task->command, R_OK|X_OK)) + if (0 == access(task->command, R_OK|X_OK)) /* flawfinder: ignore */ { PDBGC(5); @@ -544,20 +543,20 @@ task->exit_status = WEXITSTATUS(task->exit_status); if ((flag_err_debug == SL_TRUE) || (task->exit_status != 0)) - sprintf(infomsg, /* known to fit */ - _("Subprocess exited normally with status %d"), - task->exit_status); + sl_snprintf(infomsg, sizeof(infomsg), + _("Subprocess exited normally with status %d"), + task->exit_status); } else if (WIFSIGNALED(task->exit_status) != 0) { - sprintf(infomsg, /* known to fit */ - _("Subprocess terminated by signal %d"), - WTERMSIG(task->exit_status)); + sl_snprintf(infomsg, sizeof(infomsg), + _("Subprocess terminated by signal %d"), + WTERMSIG(task->exit_status)); task->exit_status = EXIT_FAILURE; } else if (WIFSTOPPED(task->exit_status) != 0) { - sprintf(infomsg, /* known to fit */ - _("Subprocess stopped by signal %d, killing"), - WSTOPSIG(task->exit_status)); + sl_snprintf(infomsg, sizeof(infomsg), + _("Subprocess stopped by signal %d, killing"), + WSTOPSIG(task->exit_status)); task->exit_status = EXIT_FAILURE; (void) aud_kill (FIL__, __LINE__, task->pid, 9); @@ -567,6 +566,6 @@ else { - sprintf(infomsg, /* known to fit */ - _("Subprocess exit status unknown")); + sl_snprintf(infomsg, sizeof(infomsg), + _("Subprocess exit status unknown")); task->exit_status = EXIT_FAILURE; } @@ -581,6 +580,6 @@ } (void) aud_kill (FIL__, __LINE__, task->pid, 9); - sprintf(infomsg, /* known to fit */ - _("Subprocess not yet exited, killing")); + sl_snprintf(infomsg, sizeof(infomsg), + _("Subprocess not yet exited, killing")); task->exit_status = EXIT_FAILURE; (void) waitpid (task->pid, NULL, 0); @@ -588,6 +587,6 @@ else { - sprintf(infomsg, /* known to fit */ - _("Waitpid returned error %d\n"), errno); + sl_snprintf(infomsg, sizeof(infomsg), + _("Waitpid returned error %d\n"), errno); task->exit_status = EXIT_FAILURE; } @@ -646,5 +645,5 @@ -int sh_ext_tas_add_envv(sh_tas_t * tas, char * key, char * val) +int sh_ext_tas_add_envv(sh_tas_t * tas, const char * key, const char * val) { size_t sk = 0, sv = 0; @@ -697,5 +696,5 @@ } -int sh_ext_tas_add_argv(sh_tas_t * tas, char * val) +int sh_ext_tas_add_argv(sh_tas_t * tas, const char * val) { size_t sv = 0; @@ -722,5 +721,5 @@ } -void sh_ext_tas_command(sh_tas_t * tas, char * command) +void sh_ext_tas_command(sh_tas_t * tas, const char * command) { size_t len = sl_strlen(command); @@ -842,5 +841,5 @@ static -int sh_ext_add_envv(char * key, char * val) +int sh_ext_add_envv(const char * key, const char * val) { SL_ENTER(_("sh_ext_add_envv")); @@ -861,5 +860,5 @@ static -int sh_ext_init(char * command) +int sh_ext_init(const char * command) { sh_com_t * retval; @@ -896,5 +895,5 @@ static -int sh_ext_uid (char * user, /*@out@*/uid_t * uid, /*@out@*/gid_t * gid) +int sh_ext_uid (const char * user, /*@out@*/uid_t * uid, /*@out@*/gid_t * gid) { struct passwd * tempres; @@ -922,9 +921,11 @@ static -int sh_ext_add (char * argstring, int * ntok, char * stok[]) +int sh_ext_add (const char * argstring, int * ntok, char * stok[]) { int i = 0; size_t s; char * p; + char * new; + size_t len; SL_ENTER(_("sh_ext_add")); @@ -935,8 +936,12 @@ } + len = strlen(argstring) + 1; + new = SH_ALLOC(len); + sl_strlcpy(new, argstring, len); + do { if (i == 0) - p = strtok (argstring, ", \t"); + p = strtok (new, ", \t"); else p = strtok (NULL, ", \t"); @@ -957,4 +962,5 @@ *ntok = i; + SH_FREE(new); SL_RETURN (0, _("sh_ext_add")); @@ -971,5 +977,5 @@ * -- start a new external command, and add it to the list */ -int sh_ext_setcommand(char * cmd) +int sh_ext_setcommand(const char * cmd) { int i; @@ -1018,5 +1024,5 @@ * -- add keywords to the OR filter */ -int sh_ext_add_or (char * str) +int sh_ext_add_or (const char * str) { if (ext_coms == NULL || ext_failed == (-1)) @@ -1028,5 +1034,5 @@ * -- add keywords to the AND filter */ -int sh_ext_add_and (char * str) +int sh_ext_add_and (const char * str) { if (ext_coms == NULL || ext_failed == (-1)) @@ -1038,5 +1044,5 @@ * -- add keywords to the NOT filter */ -int sh_ext_add_not (char * str) +int sh_ext_add_not (const char * str) { if (ext_coms == NULL || ext_failed == (-1)) @@ -1048,5 +1054,5 @@ * -- add keywords to the CL argument list */ -int sh_ext_add_argv (char * str) +int sh_ext_add_argv (const char * str) { if (ext_coms == NULL || ext_failed == (-1)) @@ -1058,10 +1064,8 @@ * -- add a path to the environment */ -int sh_ext_add_default (char * dummy) -{ - /* while this assignment looks ridiculous, it is here to avoid - * an 'unused parameter' warning - */ - char * p = (dummy == NULL ? dummy : NULL); +int sh_ext_add_default (const char * dummy) +{ + (void) dummy; + char * p = NULL; int i; @@ -1084,5 +1088,5 @@ * -- add an environment variable */ -int sh_ext_add_environ (char * str) +int sh_ext_add_environ (const char * str) { int i; @@ -1095,5 +1099,5 @@ * -- set deadtime */ -int sh_ext_deadtime (char * str) +int sh_ext_deadtime (const char * str) { long deadtime = 0; @@ -1119,5 +1123,5 @@ * -- define type */ -int sh_ext_type (char * str) +int sh_ext_type (const char * str) { SL_ENTER(_("sh_ext_type")); @@ -1154,5 +1158,5 @@ * -- define checksum */ -int sh_ext_checksum (char * str) +int sh_ext_checksum (const char * str) { SL_ENTER(_("sh_ext_checksum")); @@ -1175,5 +1179,5 @@ * -- choose privileges */ -int sh_ext_priv (char * c) +int sh_ext_priv (const char * c) { Index: trunk/src/sh_fifo.c =================================================================== --- trunk/src/sh_fifo.c (revision 21) +++ trunk/src/sh_fifo.c (revision 22) @@ -87,5 +87,5 @@ } - strcpy (item->data, indat); /* known to fit */ + sl_strlcpy (item->data, indat, len+1); item->data[len] = '\0'; @@ -143,5 +143,5 @@ } - strcpy (item->data, indat); /* known to fit */ + sl_strlcpy (item->data, indat, len+1); item->data[len] = '\0'; @@ -195,6 +195,5 @@ len = sl_strlen(getit->data); retval = SH_ALLOC(len+1); - strcpy (retval, getit->data); /* known to fit */ - retval[len] = '\0'; + sl_strlcpy (retval, getit->data, len+1); memset(getit->data, 0, len); Index: trunk/src/sh_files.c =================================================================== --- trunk/src/sh_files.c (revision 21) +++ trunk/src/sh_files.c (revision 22) @@ -72,10 +72,8 @@ #define FIL__ _("sh_files.c") -extern int safe_logger (int signal, int method, pid_t thepid); - extern int flag_err_debug; extern int flag_err_info; -int sh_files_reportonce(char * c) +int sh_files_reportonce(const char * c) { int i; @@ -86,5 +84,5 @@ } -int sh_files_fulldetail(char * c) +int sh_files_fulldetail(const char * c) { int i; @@ -156,6 +154,6 @@ static int sh_files_fullpath (char * testdir, char * d_name, char * statpath); -static int sh_files_pushdir (int class, char * str_s); -static int sh_files_pushfile (int class, char * str_s); +static int sh_files_pushdir (int class, const char * str_s); +static int sh_files_pushfile (int class, const char * str_s); static int sh_files_checkdir (int class, int rdepth, char * dirName, char * relativeName); @@ -446,10 +444,10 @@ -int sh_files_pushfile_prelink (char * str_s) +int sh_files_pushfile_prelink (const char * str_s) { return (sh_files_pushfile (SH_LEVEL_PRELINK, str_s)); } -int sh_files_pushfile_user0 (char * str_s) +int sh_files_pushfile_user0 (const char * str_s) { return (sh_files_pushfile (SH_LEVEL_USER0, str_s)); @@ -457,5 +455,5 @@ -int sh_files_pushfile_user1 (char * str_s) +int sh_files_pushfile_user1 (const char * str_s) { return (sh_files_pushfile (SH_LEVEL_USER1, str_s)); @@ -463,30 +461,30 @@ -int sh_files_pushfile_ro (char * str_s) +int sh_files_pushfile_ro (const char * str_s) { return (sh_files_pushfile (SH_LEVEL_READONLY, str_s)); } -int sh_files_pushfile_attr (char * str_s) +int sh_files_pushfile_attr (const char * str_s) { return (sh_files_pushfile (SH_LEVEL_ATTRIBUTES, str_s)); } -int sh_files_pushfile_log (char * str_s) +int sh_files_pushfile_log (const char * str_s) { return (sh_files_pushfile (SH_LEVEL_LOGFILES, str_s)); } -int sh_files_pushfile_glog (char * str_s) +int sh_files_pushfile_glog (const char * str_s) { return (sh_files_pushfile (SH_LEVEL_LOGGROW, str_s)); } -int sh_files_pushfile_noig (char * str_s) +int sh_files_pushfile_noig (const char * str_s) { return (sh_files_pushfile (SH_LEVEL_NOIGNORE, str_s)); } -int sh_files_pushfile_allig (char * str_s) +int sh_files_pushfile_allig (const char * str_s) { return (sh_files_pushfile (SH_LEVEL_ALLIGNORE, str_s)); @@ -511,5 +509,5 @@ /* set mask(class) */ -static int sh_files_parse_mask (unsigned long * mask, char * str) +static int sh_files_parse_mask (unsigned long * mask, const char * str) { int l, i = 0, act = 0, k = 0; @@ -602,37 +600,37 @@ } -int sh_files_redef_prelink(char * str) +int sh_files_redef_prelink(const char * str) { return (sh_files_parse_mask(&mask_PRELINK, str)); } -int sh_files_redef_user0(char * str) +int sh_files_redef_user0(const char * str) { return (sh_files_parse_mask(&mask_USER0, str)); } -int sh_files_redef_user1(char * str) +int sh_files_redef_user1(const char * str) { return (sh_files_parse_mask(&mask_USER1, str)); } -int sh_files_redef_readonly(char * str) +int sh_files_redef_readonly(const char * str) { return (sh_files_parse_mask(&mask_READONLY, str)); } -int sh_files_redef_loggrow(char * str) +int sh_files_redef_loggrow(const char * str) { return (sh_files_parse_mask(&mask_LOGGROW, str)); } -int sh_files_redef_logfiles(char * str) +int sh_files_redef_logfiles(const char * str) { return (sh_files_parse_mask(&mask_LOGFILES, str)); } -int sh_files_redef_attributes(char * str) +int sh_files_redef_attributes(const char * str) { return (sh_files_parse_mask(&mask_ATTRIBUTES, str)); } -int sh_files_redef_noignore(char * str) +int sh_files_redef_noignore(const char * str) { return (sh_files_parse_mask(&mask_NOIGNORE, str)); } -int sh_files_redef_allignore(char * str) +int sh_files_redef_allignore(const char * str) { return (sh_files_parse_mask(&mask_ALLIGNORE, str)); @@ -725,5 +723,5 @@ if (zfileList == NULL) { - (void) safe_logger (0, 0, getpid()); + (void) safe_logger (0, 0, NULL); aud__exit(FIL__, __LINE__, EXIT_FAILURE); } @@ -734,5 +732,5 @@ if (-1 == ret) { - (void) safe_logger (0, 0, getpid()); + (void) safe_logger (0, 0, NULL); aud__exit(FIL__, __LINE__, EXIT_FAILURE); } @@ -745,12 +743,13 @@ -static int sh_files_pushfile (int class, char * str_s) -{ +static int sh_files_pushfile (int class, const char * str_s) +{ + int len; char * tmp; - int len; + char * p; #ifdef HAVE_GLOB_H - glob_t pglob; int globstatus = -1; unsigned int gloop; + glob_t pglob; #endif @@ -808,7 +807,8 @@ * special case of the root directory. */ - if (str_s[len-1] == '/' && len > 1) + p = sh_util_strdup (str_s); + if (p[len-1] == '/' && len > 1) { - str_s[len-1] = '\0'; + p[len-1] = '\0'; --len; } @@ -817,12 +817,12 @@ #ifdef HAVE_GLOB_H - if (0 == sh_files_has_metachar(str_s)) - { - sh_files_push_file_int (class, str_s, len); + if (0 == sh_files_has_metachar(p)) + { + sh_files_push_file_int (class, p, len); } else { pglob.gl_offs = 0; - globstatus = glob (str_s, 0, sh_files_globerr, &pglob); + globstatus = glob (p, 0, sh_files_globerr, &pglob); if (globstatus == 0 && pglob.gl_pathc > 0) @@ -834,5 +834,5 @@ else { - tmp = sh_util_safe_name (str_s); + tmp = sh_util_safe_name (p); if (pglob.gl_pathc == 0 @@ -869,7 +869,8 @@ #else - sh_files_push_file_int (class, str_s, len); -#endif - + sh_files_push_file_int (class, p, len); +#endif + + SH_FREE(p); SL_RETURN((0),_("sh_files_pushfile")); } @@ -1028,45 +1029,45 @@ } -int sh_files_pushdir_prelink (char * str_s) +int sh_files_pushdir_prelink (const char * str_s) { return (sh_files_pushdir (SH_LEVEL_PRELINK, str_s)); } -int sh_files_pushdir_user0 (char * str_s) +int sh_files_pushdir_user0 (const char * str_s) { return (sh_files_pushdir (SH_LEVEL_USER0, str_s)); } -int sh_files_pushdir_user1 (char * str_s) +int sh_files_pushdir_user1 (const char * str_s) { return (sh_files_pushdir (SH_LEVEL_USER1, str_s)); } -int sh_files_pushdir_attr (char * str_s) +int sh_files_pushdir_attr (const char * str_s) { return (sh_files_pushdir (SH_LEVEL_ATTRIBUTES, str_s)); } -int sh_files_pushdir_ro (char * str_s) +int sh_files_pushdir_ro (const char * str_s) { return (sh_files_pushdir (SH_LEVEL_READONLY, str_s)); } -int sh_files_pushdir_log (char * str_s) +int sh_files_pushdir_log (const char * str_s) { return (sh_files_pushdir (SH_LEVEL_LOGFILES, str_s)); } -int sh_files_pushdir_glog (char * str_s) +int sh_files_pushdir_glog (const char * str_s) { return (sh_files_pushdir (SH_LEVEL_LOGGROW, str_s)); } -int sh_files_pushdir_noig (char * str_s) +int sh_files_pushdir_noig (const char * str_s) { return (sh_files_pushdir (SH_LEVEL_NOIGNORE, str_s)); } -int sh_files_pushdir_allig (char * str_s) +int sh_files_pushdir_allig (const char * str_s) { return (sh_files_pushdir (SH_LEVEL_ALLIGNORE, str_s)); @@ -1120,5 +1121,5 @@ if (tree == NULL) { - (void) safe_logger (0, 0, getpid()); + (void) safe_logger (0, 0, NULL); aud__exit(FIL__, __LINE__, EXIT_FAILURE); } @@ -1133,5 +1134,5 @@ if (-1 == ret) { - (void) safe_logger (0, 0, getpid()); + (void) safe_logger (0, 0, NULL); aud__exit(FIL__, __LINE__, EXIT_FAILURE); } @@ -1143,5 +1144,5 @@ } -static int sh_files_pushdir (int class, char * str_s) +static int sh_files_pushdir (int class, const char * str_s) { char * tmp; @@ -1149,4 +1150,5 @@ int rdepth = 0; char * tail = NULL; + char * p; #ifdef HAVE_GLOB_H @@ -1166,16 +1168,20 @@ SL_RETURN((-1), _("sh_files_pushdir")); - - if (str_s[0] != '/') - { - rdepth = strtol(str_s, &tail, 10); - if (tail == str_s) - SL_RETURN((-1), _("sh_files_pushdir")); + p = sh_util_strdup (str_s); + + if (p[0] != '/') + { + rdepth = strtol(p, &tail, 10); + if (tail == p) + { + SH_FREE(p); + SL_RETURN((-1), _("sh_files_pushdir")); + } } else - tail = str_s; + tail = p; - if (rdepth < (-1) || tail == str_s || rdepth > 99) + if (rdepth < (-1) || tail == p || rdepth > 99) rdepth = (-2); @@ -1188,8 +1194,10 @@ tmp); SH_FREE(tmp); + SH_FREE(p); SL_RETURN((-1), _("sh_files_pushdir")); } else if (len < 1) { + SH_FREE(p); SL_RETURN((-1), _("sh_files_pushdir")); } @@ -1200,4 +1208,5 @@ tmp); SH_FREE(tmp); + SH_FREE(p); SL_RETURN((-1), _("sh_files_pushdir")); } @@ -1268,4 +1277,5 @@ #endif + SH_FREE(p); SL_RETURN((0), _("sh_files_pushdir")); } @@ -1322,5 +1332,5 @@ /* Simply sets our boolean as to whether this check is active */ -int sh_files_check_hardlinks (char * opt) +int sh_files_check_hardlinks (const char * opt) { int i; @@ -1338,5 +1348,5 @@ static struct sh_hle_struct * sh_hl_exc = NULL; -int sh_files_hle_reg (char * str) +int sh_files_hle_reg (const char * str) { long offset; Index: trunk/src/sh_forward.c =================================================================== --- trunk/src/sh_forward.c (revision 21) +++ trunk/src/sh_forward.c (revision 22) @@ -345,5 +345,5 @@ } -int sh_forward_setlogserver (char * address) +int sh_forward_setlogserver (const char * address) { SL_ENTER(_("sh_forward_setlogserver")); @@ -1911,5 +1911,5 @@ -int sh_forward_use_clt_class (char * c) +int sh_forward_use_clt_class (const char * c) { int i; @@ -1919,5 +1919,5 @@ } -int sh_forward_use_clt_sev (char * c) +int sh_forward_use_clt_sev (const char * c) { int i; @@ -1950,12 +1950,11 @@ } -extern int safe_logger (int signal, int method, pid_t thepid); - -int sh_forward_register_client (char * str) + +int sh_forward_register_client (const char * str) { client_t * newclt; client_t * testclt; - char * ptr; + const char * ptr; int sepnum = 0; int sep[2]; @@ -1980,5 +1979,5 @@ if (all_clients == NULL) { - (void) safe_logger (0, 0, getpid()); + (void) safe_logger (0, 0, NULL); aud__exit(FIL__, __LINE__, EXIT_FAILURE); } @@ -2012,5 +2011,7 @@ newclt->status_arr[i] = CLT_INACTIVE; sl_strlcpy(newclt->timestamp[CLT_INACTIVE], sh_unix_time(0), TIM_MAX); + /* truncate */ sl_strlcpy(newclt->hostname, &str[0], sep[0]+1); + /* truncate */ sl_strlcpy(newclt->salt, &str[sep[0]+1], sep[1]-sep[0]); sl_strlcpy(newclt->verifier, &str[sep[1]+1], sl_strlen(str)-sep[1]+1); @@ -2386,8 +2387,6 @@ #if defined(WITH_EXTERNAL) - sprintf(msg, _("%s %s %s"), /* known to fit */ - conn->hostname, - conn->timestamp[status], - _(clt_stat[status])); + sl_snprintf(msg, sizeof(msg), _("%s %s %s"), + conn->hostname, conn->timestamp[status], _(clt_stat[status])); sh_ext_execute('s', 'r', 'v', msg, 0); #endif @@ -2398,5 +2397,5 @@ static time_t time_client_limit = 86400; -int sh_forward_set_time_limit (char * c) +int sh_forward_set_time_limit (const char * c) { long val; @@ -2448,5 +2447,5 @@ static int lookup_err = SH_ERR_SEVERE; -int sh_forward_lookup_level (char * c) +int sh_forward_lookup_level (const char * c) { int ci = sh_error_convert_level (c); @@ -2603,5 +2602,5 @@ static int UseSocketPeer = S_FALSE; -int set_socket_peer (char * c) +int set_socket_peer (const char * c) { return sh_util_flagval(c, &UseSocketPeer); @@ -2731,5 +2730,4 @@ char hash[SH_MAXMSGLEN + KEY_LEN + KEY_LEN + 1]; char * buffer; - long len; int clt_sev; @@ -2737,4 +2735,5 @@ UINT32 ticks; + size_t len; int i; char * test; @@ -2821,6 +2820,8 @@ sh_error_handle((-1), FIL__, __LINE__, 0, MSG_TCP_FAUTH, &(conn->buf[KEY_LEN])); - strcpy(conn->buf, /* known to fit */ - &(conn->buf[KEY_LEN])); + len = sl_strlen(&(conn->buf[KEY_LEN])) + 1; + /* &(conn->buf[KEY_LEN]) is hostname */ + /* may overlap, thus only memmove is correct */ + memmove(conn->buf, &(conn->buf[KEY_LEN]), len); this_client->session_key[0] = '\0'; this_client->session_key_timer = (time_t) 1; @@ -2835,6 +2836,6 @@ conn->K = NULL; } - i = sl_strlen(&(conn->buf[KEY_LEN])) + KEY_LEN + 1; - conn->K = SH_ALLOC(i); + len = sl_strlen(&(conn->buf[KEY_LEN])) + KEY_LEN + 1; + conn->K = SH_ALLOC(len); sl_strlcpy (conn->K, @@ -2914,5 +2915,5 @@ conn->A = SH_ALLOC(3*KEY_LEN+1); sl_strlcpy (conn->A, conn->K, KEY_LEN+1); - sl_strlcat(conn->A, conn->buf, /* ignore remainder */ + sl_strlcat(conn->A, conn->buf, /* truncate */ 2*KEY_LEN+1); sl_strlcat(conn->A, conn->client_entry->session_key, @@ -3278,6 +3279,8 @@ sh_error_handle((-1), FIL__, __LINE__, 0, MSG_TCP_FAUTH, &(conn->buf[KEY_LEN])); - strcpy(conn->buf, /* known to fit */ - &(conn->buf[KEY_LEN])); + len = sl_strlen(&(conn->buf[KEY_LEN])) + 1; + /* &(conn->buf[KEY_LEN]) is hostname */ + /* may overlap, thus only memmove is correct */ + memmove(conn->buf, &(conn->buf[KEY_LEN]), len); this_client->session_key[0] = '\0'; this_client->session_key_timer = (time_t) 1; @@ -3293,6 +3296,6 @@ conn->K = NULL; } - i = sl_strlen(&(conn->buf[KEY_LEN])) + KEY_LEN + 1; - conn->K = SH_ALLOC(i); + len = sl_strlen(&(conn->buf[KEY_LEN])) + KEY_LEN + 1; + conn->K = SH_ALLOC(len); sl_strlcpy (conn->K, @@ -4600,9 +4603,9 @@ static unsigned int server_port = SH_DEFAULT_PORT; -int sh_forward_set_port (char * str) +int sh_forward_set_port (const char * str) { int retval = 0; unsigned long i; - char * endptr = str; + char * endptr; SL_ENTER(_("sh_forward_set_port")); @@ -4621,5 +4624,5 @@ static int use_server_interface = 0; -int sh_forward_set_interface (char * str) +int sh_forward_set_interface (const char * str) { if (0 == strcmp(str, _("INADDR_ANY"))) @@ -4814,4 +4817,6 @@ */ new_act.sa_handler = SIG_IGN; + sigemptyset( &new_act.sa_mask ); /* set an empty mask */ + new_act.sa_flags = 0; /* init sa_flags */ retry_sigaction (FIL__, __LINE__, SIGPIPE, &new_act, &old_act); @@ -5571,5 +5576,5 @@ } -int set_syslog_active(char * c) +int set_syslog_active(const char * c) { return sh_util_flagval(c, &enable_syslog_socket); Index: trunk/src/sh_getopt.c =================================================================== --- trunk/src/sh_getopt.c (revision 21) +++ trunk/src/sh_getopt.c (revision 22) @@ -391,12 +391,11 @@ if (op_table[i].hasArg == HAS_ARG_NO) { if (sl_strlen(op_table[i].longopt) < 10) - strcpy(fmt,_("%c%c%c --%-s,\t\t\t %s\n"));/* known to fit */ + sl_strlcpy(fmt,_("%c%c%c --%-s,\t\t\t %s\n"), sizeof(fmt)); else if (sl_strlen(op_table[i].longopt) < 17) - strcpy(fmt, _("%c%c%c --%-s,\t\t %s\n")); /* known to fit */ + sl_strlcpy(fmt, _("%c%c%c --%-s,\t\t %s\n"), sizeof(fmt)); else - strcpy(fmt, _("%c%c%c --%-s,\t %s\n")); /* known to fit */ - /*@-formatconst@*/ - fprintf (stdout, - fmt, + sl_strlcpy(fmt, _("%c%c%c --%-s,\t %s\n"), sizeof(fmt)); + /* flawfinder: ignore */ + fprintf (stdout, fmt, (op_table[i].shortopt == '-') ? ' ' : '-', (op_table[i].shortopt == '-') ? ' ' : op_table[i].shortopt, @@ -404,15 +403,11 @@ _(op_table[i].longopt), _(op_table[i].usage)); - /*@+formatconst@*/ } else { if (sl_strlen(op_table[i].longopt) < 12) - strcpy(fmt, /* known to fit */ - _("%c%c %s --%-s=,\t\t %s\n")); + sl_strlcpy(fmt, _("%c%c %s --%-s=,\t\t %s\n"), sizeof(fmt)); else - strcpy(fmt, /* known to fit */ - _("%c%c %s --%-s=,\t %s\n")); - /*@-formatconst@*/ - fprintf (stdout, - fmt, + sl_strlcpy(fmt, _("%c%c %s --%-s=,\t %s\n"), sizeof(fmt)); + /* flawfinder: ignore */ + fprintf (stdout, fmt, (op_table[i].shortopt == '-') ? ' ' : '-', (op_table[i].shortopt == '-') ? ' ' : op_table[i].shortopt, @@ -420,5 +415,4 @@ _(op_table[i].longopt), _(op_table[i].usage)); - /*@+formatconst@*/ } } Index: trunk/src/sh_gpg.c =================================================================== --- trunk/src/sh_gpg.c (revision 21) +++ trunk/src/sh_gpg.c (revision 22) @@ -209,4 +209,5 @@ FILE * outf = NULL; char * envp[2]; + size_t len; char path[256]; char cc1[32]; @@ -370,8 +371,8 @@ if (sh.effective.home != NULL) { - envp[0] = malloc (sl_strlen(sh.effective.home) + 6); /* free() ok */ + len = sl_strlen(sh.effective.home) + 6; + envp[0] = malloc (len); /* free() ok */ if (envp[0] != NULL) - sprintf (envp[0], "HOME=%s", /* known to fit */ - sh.effective.home); + sl_snprintf (envp[0], len, "HOME=%s", sh.effective.home); envp[1] = NULL; } @@ -486,7 +487,7 @@ pfd = get_the_fd(checkfd); - sprintf(pname, _("/proc/self/fd/%d"), /* known to fit */ - pfd); - if (0 == access(pname, R_OK|X_OK)) + sl_snprintf(pname, sizeof(pname), _("/proc/self/fd/%d"), pfd); + if (0 == access(pname, R_OK|X_OK)) /* flawfinder: ignore */ + { fcntl (pfd, F_SETFD, FD_CLOEXEC); Index: trunk/src/sh_hash.c =================================================================== --- trunk/src/sh_hash.c (revision 21) +++ trunk/src/sh_hash.c (revision 22) @@ -1268,5 +1268,5 @@ } -int sh_hash_version_string(char * str) +int sh_hash_version_string(const char * str) { int i; Index: trunk/src/sh_html.c =================================================================== --- trunk/src/sh_html.c (revision 21) +++ trunk/src/sh_html.c (revision 22) @@ -296,5 +296,5 @@ { entry_orig = realloc(entry_orig, /* free() ok */ - entry_size + line_size); + entry_size + line_size + 1); if (entry_orig) { add_size = line_size; } } @@ -302,5 +302,5 @@ { entry_orig = malloc(line_size + 1); /* free() ok */ - if (entry_orig) { entry_orig[0] = '\0'; add_size = line_size + 1; } + if (entry_orig) { entry_orig[0] = '\0'; add_size = line_size; } } if (!entry_orig) @@ -311,6 +311,7 @@ } - strcat(&entry_orig[entry_size], line); /* known to fit */ + sl_strlcat(&entry_orig[entry_size], line, line_size + 1); entry_size += add_size; + SH_VAL_EQ(entry_orig[entry_size], '\0'); } sl_close(fd); Index: trunk/src/sh_ignore.c =================================================================== --- trunk/src/sh_ignore.c (revision 21) +++ trunk/src/sh_ignore.c (revision 22) @@ -53,5 +53,5 @@ static struct sh_ignore_list * sh_ignore_add_int(struct sh_ignore_list * list, - char * addpath) + const char * addpath) { struct sh_ignore_list * new; @@ -96,5 +96,5 @@ } -int sh_ignore_add_del (char * addpath) +int sh_ignore_add_del (const char * addpath) { if ((addpath == NULL) || (addpath[0] != '/')) @@ -106,5 +106,5 @@ } -int sh_ignore_add_new (char * addpath) +int sh_ignore_add_new (const char * addpath) { if ((addpath == NULL) || (addpath[0] != '/')) Index: trunk/src/sh_kern.c =================================================================== --- trunk/src/sh_kern.c (revision 21) +++ trunk/src/sh_kern.c (revision 22) @@ -431,4 +431,5 @@ int (*rename) (int *, int *, int *, int *); + /* flawfinder: ignore */ int (*readlink) (int *, char *,int); int (*follow_link) (int *, int *); Index: trunk/src/sh_mail.c =================================================================== --- trunk/src/sh_mail.c (revision 21) +++ trunk/src/sh_mail.c (revision 22) @@ -271,5 +271,6 @@ static -int sh_filter_filteradd (char * argstring, sh_filter_type * filter, int ftype) +int sh_filter_filteradd (const char * argstring, + sh_filter_type * filter, int ftype) { int i = 0; @@ -372,5 +373,5 @@ */ static -int sh_filter_filter (char * message, sh_filter_type * filter) +int sh_filter_filter (const char * message, sh_filter_type * filter) { int i; @@ -432,5 +433,5 @@ * -- add keywords to the OR filter */ -int sh_mail_add_or (char * str) +int sh_mail_add_or (const char * str) { return (sh_filter_filteradd (str, &(mail_filter), SH_FILT_OR)); @@ -440,5 +441,5 @@ * -- add keywords to the AND filter */ -int sh_mail_add_and (char * str) +int sh_mail_add_and (const char * str) { return (sh_filter_filteradd (str, &(mail_filter), SH_FILT_AND)); @@ -448,5 +449,5 @@ * -- add keywords to the NOT filter */ -int sh_mail_add_not (char * str) +int sh_mail_add_not (const char * str) { return (sh_filter_filteradd (str, &(mail_filter), SH_FILT_NOT)); @@ -473,5 +474,5 @@ } -int sh_mail_setaddress (char * address) +int sh_mail_setaddress (const char * address) { char * p; @@ -523,5 +524,5 @@ } -int sh_mail_setaddress_int (char * address) +int sh_mail_setaddress_int (const char * address) { int i; @@ -533,5 +534,5 @@ } -int sh_mail_setNum (char * str) +int sh_mail_setNum (const char * str) { int i = atoi (str); @@ -549,5 +550,5 @@ static int all_in_one = S_FALSE; -int sh_mail_setFlag (char * str) +int sh_mail_setFlag (const char * str) { int i; @@ -559,5 +560,5 @@ static char * mail_subject = NULL; -int set_mail_subject (char * str) +int set_mail_subject (const char * str) { SL_ENTER(_("set_mail_subject")); @@ -1006,10 +1007,14 @@ /* reveal first signature key */ - (void) sl_strlcpy(skey->crypt, skey->mailkey_new, KEY_LEN+1); + /* flawfinder: ignore */ + (void) sl_strlcpy(skey->crypt, skey->mailkey_new, KEY_LEN+1); BREAKEXIT(sh_util_encode); + /* flawfinder: ignore */ sh_util_encode(skey->crypt, bufcompress, 0, 'A'); + /* flawfinder: ignore */ (void) sl_strlcat (mailMsg, skey->crypt, msgbufsize); + /* flawfinder: ignore */ memset (skey->crypt, 0, KEY_LEN); isfirst = 0; @@ -1021,8 +1026,6 @@ (void) sl_strlcpy (skey->mailkey_old, skey->mailkey_new, KEY_LEN+1); - /*@-bufferoverflowhigh@*/ - sprintf(subject, _("%06d %010ld::%s\r\n"), /* known to fit */ - mailcount, (long) id_audit, sh.host.name); - /*@+bufferoverflowhigh@*/ + sl_snprintf(subject, sizeof(subject), _("%06d %010ld::%s\r\n"), + mailcount, (long) id_audit, sh.host.name); (void) sl_strlcat (mailMsg, subject, msgbufsize); @@ -1222,5 +1225,5 @@ static char * relay_host = NULL; -int sh_mail_set_relay (char * str_s) +int sh_mail_set_relay (const char * str_s) { size_t i = 0; @@ -1251,5 +1254,5 @@ static char * mail_sender = NULL; -int sh_mail_set_sender (char *str) +int sh_mail_set_sender (const char *str) { if (mail_sender != NULL) @@ -1735,8 +1738,7 @@ if (g != 1) { - /*@-bufferoverflowhigh@*/ - sprintf(errmsg, /* known to fit */ - _("Bad response (%d), expected %d"), rcode, code); - /*@+bufferoverflowhigh@*/ + sl_snprintf(errmsg, sizeof(errmsg), + _("Bad response (%d), expected %d"), rcode, code); + sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_NET, errmsg, _("sh_mail_wait"), @@ -1883,4 +1885,5 @@ int ret, length, status; mx * result; + size_t len; typedef union @@ -2065,6 +2068,7 @@ */ result[count].pref = pref; - result[count].address = SH_ALLOC (strlen (expanded) + 1); - strcpy (result[count].address, expanded); /* known to fit */ + len = strlen (expanded) + 1; + result[count].address = SH_ALLOC (len); + sl_strlcpy (result[count].address, expanded, len); } while (ret > 0 && comp_dn < eom && count); @@ -2101,5 +2105,6 @@ mx * result; dnsrep * retval; - char errmsg[128]; + char errmsg[128]; + size_t len; SL_ENTER(_("return_mx")); @@ -2128,4 +2133,5 @@ _("get_mx")); #else + /* flawfinder: ignore *//* test code only */ strcpy (errmsg, /* known to fit */ _("No MX record for domain ")); @@ -2155,6 +2161,7 @@ result->pref = 0; /*@-type@*/ - result->address = SH_ALLOC (strlen (host->h_name) + 1); - strcpy (result->address, host->h_name); /* known to fit */ + len = strlen (host->h_name) + 1; + result->address = SH_ALLOC (len); + sl_strlcpy (result->address, host->h_name, len); /*@+type@*/ SL_RETURN (retval, _("return_mx")); Index: trunk/src/sh_mem.c =================================================================== --- trunk/src/sh_mem.c (revision 21) +++ trunk/src/sh_mem.c (revision 22) @@ -39,5 +39,5 @@ #include "sh_mem.h" -extern int safe_logger (int signal, int method, pid_t thepid); +extern int safe_logger (int signal, int method, char * details); #undef FIL__ @@ -228,5 +228,5 @@ { eblock = 1; - (void) safe_logger (0, 0, getpid()); + (void) safe_logger (0, 0, NULL); /* sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_E_MMEM, @@ -320,5 +320,5 @@ { eblock = 1; - (void) safe_logger(0, 0, getpid()); + (void) safe_logger(0, 0, NULL); /* sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_E_MMEM, @@ -456,5 +456,5 @@ { eblock = 1; - (void) safe_logger(0, 0, getpid()); + (void) safe_logger(0, 0, NULL); /* sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_E_MMEM); Index: trunk/src/sh_prelink.c =================================================================== --- trunk/src/sh_prelink.c (revision 21) +++ trunk/src/sh_prelink.c (revision 22) @@ -38,5 +38,5 @@ static char * prelink_hash = NULL; -int sh_prelink_set_path (char * str) +int sh_prelink_set_path (const char * str) { size_t len; @@ -55,5 +55,5 @@ } -int sh_prelink_set_hash (char * str) +int sh_prelink_set_hash (const char * str) { size_t len; @@ -245,6 +245,7 @@ sl_read_timeout_prep (task.pipeTI); - strcpy(file_hash, /* known to fit */ - sh_tiger_generic_hash (path, TIGER_FD, 0, alert_timeout)); + sl_strlcpy(file_hash, + sh_tiger_generic_hash (path, TIGER_FD, 0, alert_timeout), + KEY_LEN+1); /* restore old signal handler Index: trunk/src/sh_prelude.c =================================================================== --- trunk/src/sh_prelude.c (revision 21) +++ trunk/src/sh_prelude.c (revision 22) @@ -133,7 +133,10 @@ } -static int set_prelude_severity_int (char * str, int prelude_sev) -{ - char * p = strtok (str, ", \t"); +static int set_prelude_severity_int (const char * str, int prelude_sev) +{ + char * p; + char * dup = strdup (str); + + p = strtok (dup, ", \t"); if (p) { @@ -160,20 +163,21 @@ } while (p); } + free(dup); return 0; } -int sh_prelude_map_info (char * str) +int sh_prelude_map_info (const char * str) { return (set_prelude_severity_int(str,(int)IDMEF_IMPACT_SEVERITY_INFO)); } -int sh_prelude_map_low (char * str) +int sh_prelude_map_low (const char * str) { return (set_prelude_severity_int(str,(int)IDMEF_IMPACT_SEVERITY_LOW)); } -int sh_prelude_map_medium (char * str) +int sh_prelude_map_medium (const char * str) { return (set_prelude_severity_int(str,(int)IDMEF_IMPACT_SEVERITY_MEDIUM)); } -int sh_prelude_map_high (char * str) +int sh_prelude_map_high (const char * str) { return (set_prelude_severity_int(str,(int)IDMEF_IMPACT_SEVERITY_HIGH)); @@ -300,4 +304,5 @@ } +/* flawfinder: ignore *//* is part of name, not access() */ static void get_access_info(idmef_file_access_t *access, char * mode, int pos, int mpos) { @@ -308,4 +313,5 @@ do { if ( mode[pos] == 'r' ) { + /* flawfinder: ignore *//* is part of name, not access() */ ret = idmef_file_access_new_permission(access, &str, -1); if ( ret < 0 ) @@ -315,4 +321,5 @@ } else if ( mode[pos] == 'w' ) { + /* flawfinder: ignore *//* is part of name, not access() */ ret = idmef_file_access_new_permission(access, &str, -1); if ( ret < 0 ) @@ -322,4 +329,5 @@ } else if ( mode[pos] == 'x' || mode[pos] == 's' || mode[pos] == 't') { + /* flawfinder: ignore *//* is part of name, not access() */ ret = idmef_file_access_new_permission(access, &str, -1); if ( ret < 0 ) @@ -340,4 +348,5 @@ if ( got == 0 ) { + /* flawfinder: ignore *//* is part of name, not access() */ ret = idmef_file_access_new_permission(access, &str, -1); if ( ret < 0 ) @@ -360,5 +369,5 @@ prelude_string_t *str; idmef_checksum_t *checksum; - idmef_file_access_t *access; + idmef_file_access_t *access; /* flawfinder: ignore */ idmef_user_id_t *userid; const char *suffix = (category == IDMEF_FILE_CATEGORY_CURRENT) ? "_new" : "_old"; @@ -459,8 +468,10 @@ mode = get_value(msg, _("mode"), suffix); if ( mode ) { + /* flawfinder: ignore *//* is part of name, not access() */ ret = idmef_file_new_file_access(file, &access, -1); if ( ret < 0 ) return; + /* flawfinder: ignore *//* is part of name, not access() */ ret = idmef_file_access_new_user_id(access, &userid); if ( ret < 0 ) @@ -468,4 +479,5 @@ idmef_user_id_set_type(userid, IDMEF_USER_ID_TYPE_OTHER_PRIVS); + /* flawfinder: ignore *//* is part of name, not access() */ get_access_info ( access, mode, 7, 9 ); } @@ -475,8 +487,10 @@ struct passwd *pw; + /* flawfinder: ignore *//* is part of name, not access() */ ret = idmef_file_new_file_access(file, &access, 0); if ( ret < 0 ) return; + /* flawfinder: ignore *//* is part of name, not access() */ ret = idmef_file_access_new_user_id(access, &userid); if ( ret < 0 ) @@ -497,4 +511,5 @@ if ( mode ) { + /* flawfinder: ignore *//* is part of name, not access() */ get_access_info ( access, mode, 1, 3 ); } @@ -505,8 +520,10 @@ struct group *gr; + /* flawfinder: ignore *//* is part of name, not access() */ ret = idmef_file_new_file_access(file, &access, -1); if ( ret < 0 ) return; + /* flawfinder: ignore *//* is part of name, not access() */ ret = idmef_file_access_new_user_id(access, &userid); if ( ret < 0 ) @@ -527,5 +544,5 @@ if ( mode ) { - get_access_info ( access, mode, 4, 6 ); + get_access_info ( access, mode, 4, 6 ); /* flawfinder: ignore */ } } @@ -890,5 +907,5 @@ -int sh_prelude_set_profile(char *arg) +int sh_prelude_set_profile(const char *arg) { if ( profile ) { Index: trunk/src/sh_readconf.c =================================================================== --- trunk/src/sh_readconf.c (revision 21) +++ trunk/src/sh_readconf.c (revision 22) @@ -52,5 +52,5 @@ #endif -extern int set_reverse_lookup (char * c); +extern int set_reverse_lookup (const char * c); #undef FIL__ @@ -282,6 +282,7 @@ /* The system type, release, and machine. */ - sprintf(myident, _("%s:%s:%s"), /* known to fit */ - sh.host.system, sh.host.release, sh.host.machine); + sl_snprintf(myident, sizeof(myident), _("%s:%s:%s"), + sh.host.system, /* flawfinder: ignore */ + sh.host.release, sh.host.machine); @@ -580,5 +581,5 @@ } -int sh_readconf_set_path (char * which, char * what) +int sh_readconf_set_path (char * which, const char * what) { int len; @@ -621,15 +622,15 @@ } -int sh_readconf_set_database_path (char * what) +int sh_readconf_set_database_path (const char * what) { return (sh_readconf_set_path(sh.data.path, what)); } -int sh_readconf_set_logfile_path (char * what) +int sh_readconf_set_logfile_path (const char * what) { return (sh_readconf_set_path(sh.srvlog.name, what)); } -int sh_readconf_set_lockfile_path (char * what) +int sh_readconf_set_lockfile_path (const char * what) { return( sh_readconf_set_path(sh.srvlog.alt, what)); @@ -645,5 +646,5 @@ -int sh_readconf_setTime (char * str, ShTimerItem what) +int sh_readconf_setTime (const char * str, ShTimerItem what) { unsigned long i = atoi (str); @@ -674,15 +675,15 @@ } -int sh_readconf_setMailtime (char * c) +int sh_readconf_setMailtime (const char * c) { return sh_readconf_setTime (c, SET_MAILTIME); } -int sh_readconf_setFiletime (char * c) +int sh_readconf_setFiletime (const char * c) { return sh_readconf_setTime (c, SET_FILETIME); } -int sh_readconf_set_nice (char * c) +int sh_readconf_set_nice (const char * c) { long val; @@ -704,5 +705,5 @@ #ifdef FANCY_LIBCAP -int sh_readconf_setCaps(char * c) +int sh_readconf_setCaps(const char * c) { int i; @@ -718,79 +719,17 @@ ShSectionType section; ShSectionType alt_section; - int (*func)(char * opt); + int (*func)(const char * opt); } cfg_options; #if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) -extern int sh_set_schedule_one(char * str); -extern int sh_set_schedule_two(char * str); +extern int sh_set_schedule_one(const char * str); +extern int sh_set_schedule_two(const char * str); #endif #if defined (SH_WITH_SERVER) -extern int sh_socket_use (char * c); -extern int sh_socket_uid (char * c); -extern int sh_socket_password (char * c); -#endif - -/* Yes, this isn't very elegant ;) - */ -#if defined(WITH_EXTERNAL) -int sh_error_set_external_wrap (char * str) { - return sh_error_set_external ((const char *) str); -} -#endif -#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) -int sh_files_setrecursion_wrap (char * str) { - return sh_files_setrecursion ((const char *) str); -} -int sh_util_setchecksum_wrap (char * str) { - return sh_util_setchecksum ((const char *) str); -} -#endif -int sh_util_setlooptime_wrap (char * str) { - return sh_util_setlooptime ((const char *) str); -} -#ifdef SH_WITH_MAIL -int sh_error_setseverity_wrap (char * str) { - return sh_error_setseverity ((const char *) str); -} -#endif -int sh_calls_set_bind_addr_wrap (char * str) { - return sh_calls_set_bind_addr ((const char *) str); -} -int sh_unix_setdeamon_wrap (char * str) { - return sh_unix_setdeamon ((const char *) str); -} -int sh_error_setprint_wrap (char * str) { - return sh_error_setprint ((const char *) str); -} -int sh_error_setlog_wrap (char * str) { - return sh_error_setlog ((const char *) str); -} -int sh_error_set_syslog_wrap (char * str) { - return sh_error_set_syslog ((const char *) str); -} -#ifdef HAVE_LIBPRELUDE -int sh_error_set_prelude_wrap (char * str) { - return sh_error_set_prelude ((const char *) str); -} -#endif -#ifdef SH_WITH_CLIENT -int sh_error_setexport_wrap (char * str) { - return sh_error_setexport ((const char *) str); -} -#endif -#ifdef SH_WITH_SERVER -int sh_forward_set_strip_wrap (char * str) { - return sh_forward_set_strip ((const char *) str); -} -int sh_unix_set_chroot_wrap (char * str) { - return sh_unix_set_chroot ((const char *) str); -} -#endif -#if defined(WITH_DATABASE) -int sh_error_set_database_wrap (char * str) { - return sh_error_set_database ((const char *) str); -} -#endif - +extern int sh_socket_use (const char * c); +extern int sh_socket_uid (const char * c); +extern int sh_socket_password (const char * c); +#endif + cfg_options ext_table[] = { #if defined(WITH_EXTERNAL) @@ -818,5 +757,5 @@ sh_ext_add_or }, { N_("externalseverity"),SH_SECTION_LOG, SH_SECTION_EXTERNAL, - sh_error_set_external_wrap }, + sh_error_set_external }, { N_("externalclass"), SH_SECTION_LOG, SH_SECTION_EXTERNAL, sh_error_external_mask }, @@ -845,4 +784,5 @@ set_enter_wrapper }, #endif + #if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) @@ -902,7 +842,7 @@ sh_util_obscure_ok }, { N_("setrecursionlevel"), SH_SECTION_MISC, SH_SECTION_NONE, - sh_files_setrecursion_wrap }, + sh_files_setrecursion }, { N_("checksumtest"), SH_SECTION_MISC, SH_SECTION_NONE, - sh_util_setchecksum_wrap }, + sh_util_setchecksum }, { N_("reportonlyonce"), SH_SECTION_MISC, SH_SECTION_NONE, sh_files_reportonce }, @@ -961,4 +901,5 @@ { N_("setprelinkchecksum"), SH_SECTION_MISC, SH_SECTION_NONE, sh_prelink_set_hash }, + /* client or standalone */ @@ -977,9 +918,9 @@ sh_socket_password }, { N_("setstripdomain"), SH_SECTION_SRV, SH_SECTION_MISC, - sh_forward_set_strip_wrap }, + sh_forward_set_strip }, { N_("useseparatelogs"), SH_SECTION_SRV, SH_SECTION_MISC, set_flag_sep_log }, { N_("setchrootdir"), SH_SECTION_SRV, SH_SECTION_MISC, - sh_unix_set_chroot_wrap }, + sh_unix_set_chroot }, { N_("setclienttimelimit"), SH_SECTION_SRV, SH_SECTION_MISC, sh_forward_set_time_limit }, @@ -1002,5 +943,5 @@ #ifdef SH_WITH_CLIENT { N_("exportseverity"), SH_SECTION_LOG, SH_SECTION_NONE, - sh_error_setexport_wrap }, + sh_error_setexport }, { N_("exportclass"), SH_SECTION_LOG, SH_SECTION_NONE, sh_error_export_mask }, @@ -1011,9 +952,9 @@ sh_readconf_setFiletime }, { N_("setlooptime"), SH_SECTION_MISC, SH_SECTION_NONE, - sh_util_setlooptime_wrap }, + sh_util_setlooptime }, #ifdef SH_WITH_MAIL { N_("mailseverity"), SH_SECTION_LOG, SH_SECTION_NONE, - sh_error_setseverity_wrap }, + sh_error_setseverity }, { N_("mailclass"), SH_SECTION_LOG, SH_SECTION_NONE, sh_error_mail_mask }, @@ -1040,7 +981,7 @@ #endif { N_("setbindaddress"), SH_SECTION_MISC, SH_SECTION_NONE, - sh_calls_set_bind_addr_wrap }, + sh_calls_set_bind_addr }, { N_("daemon"), SH_SECTION_MISC, SH_SECTION_NONE, - sh_unix_setdeamon_wrap }, + sh_unix_setdeamon }, { N_("samhainpath"), SH_SECTION_MISC, SH_SECTION_NONE, sh_unix_self_hash }, @@ -1051,20 +992,20 @@ { N_("printseverity"), SH_SECTION_LOG, SH_SECTION_NONE, - sh_error_setprint_wrap }, + sh_error_setprint }, { N_("printclass"), SH_SECTION_LOG, SH_SECTION_NONE, sh_error_print_mask }, { N_("logseverity"), SH_SECTION_LOG, SH_SECTION_NONE, - sh_error_setlog_wrap }, + sh_error_setlog }, { N_("logclass"), SH_SECTION_LOG, SH_SECTION_NONE, sh_error_log_mask }, { N_("syslogseverity"), SH_SECTION_LOG, SH_SECTION_NONE, - sh_error_set_syslog_wrap }, + sh_error_set_syslog }, { N_("syslogclass"), SH_SECTION_LOG, SH_SECTION_NONE, sh_error_syslog_mask }, #ifdef HAVE_LIBPRELUDE { N_("preludeseverity"), SH_SECTION_LOG, SH_SECTION_NONE, - sh_error_set_prelude_wrap }, + sh_error_set_prelude }, { N_("preludeclass"), SH_SECTION_LOG, SH_SECTION_NONE, sh_error_prelude_mask }, Index: trunk/src/sh_schedule.c =================================================================== --- trunk/src/sh_schedule.c (revision 21) +++ trunk/src/sh_schedule.c (revision 22) @@ -53,4 +53,5 @@ #endif +#include "samhain.h" #include "sh_mem.h" @@ -318,14 +319,16 @@ char * copy; int i = 0; + size_t len; if (!ssched || !isched) return -1; + len = strlen(ssched)+1; #ifdef TESTONLY - copy = malloc(strlen(ssched)+1); /* testonly code */ -#else - copy = SH_ALLOC(strlen(ssched)+1); -#endif - strcpy(copy, ssched); /* known to fit */ + copy = malloc(len); /* testonly code */ +#else + copy = SH_ALLOC(len); +#endif + sl_strlcpy(copy, ssched, len); p = strtok(copy, " \t"); /* parse crontab-style schedule */ Index: trunk/src/sh_socket.c =================================================================== --- trunk/src/sh_socket.c (revision 21) +++ trunk/src/sh_socket.c (revision 22) @@ -244,5 +244,5 @@ } -int sh_socket_use (char * c) +int sh_socket_use (const char * c) { return sh_util_flagval(c, &sh_socket_flaguse); @@ -289,5 +289,5 @@ #endif -int sh_socket_uid (char * c) +int sh_socket_uid (const char * c) { uid_t val = (uid_t) strtol (c, (char **)NULL, 10); @@ -301,5 +301,5 @@ } -int sh_socket_password (char * c) +int sh_socket_password (const char * c) { #if defined(NEED_PASSWORD_AUTH) @@ -378,5 +378,5 @@ name.sun_family = AF_FILE; - strcpy (name.sun_path, sh_sockname); + sl_strlcpy (name.sun_path, sh_sockname, sizeof(name.sun_path)); size = (offsetof (struct sockaddr_un, sun_path) @@ -878,7 +878,7 @@ new = SH_ALLOC(sizeof(struct socket_cmd)); - strcpy (new->cmd, in->cmd); - strcpy (new->clt, in->clt); - strcpy (new->cti, sh_unix_time(0)); + sl_strlcpy (new->cmd, in->cmd, sizeof(new->cmd)); + sl_strlcpy (new->clt, in->clt, sizeof(new->clt)); + sl_strlcpy (new->cti, sh_unix_time(0), sizeof(new->cti)); new->next = cmdlist; cmdlist = new; @@ -896,7 +896,7 @@ if (0 == sl_strcmp(new->clt, client_name)) { - strcpy (new->cmd, in->cmd); - strcpy (new->clt, in->clt); - strcpy (new->cti, sh_unix_time(0)); + sl_strlcpy (new->cmd, in->cmd, sizeof(new->cmd)); + sl_strlcpy (new->clt, in->clt, sizeof(new->clt)); + sl_strlcpy (new->cti, sh_unix_time(0), sizeof(new->cti)); return; } @@ -905,7 +905,7 @@ new = SH_ALLOC(sizeof(struct socket_cmd)); - strcpy (new->cmd, in->cmd); - strcpy (new->clt, in->clt); - strcpy (new->cti, sh_unix_time(0)); + sl_strlcpy (new->cmd, in->cmd, sizeof(new->cmd)); + sl_strlcpy (new->clt, in->clt, sizeof(new->clt)); + sl_strlcpy (new->cti, sh_unix_time(0), sizeof(new->cti)); new->next = runlist; runlist = new; Index: trunk/src/sh_srp.c =================================================================== --- trunk/src/sh_srp.c (revision 21) +++ trunk/src/sh_srp.c (revision 22) @@ -121,5 +121,5 @@ } siz_str_internal = size; - strcpy (get_str_internal, str); /* known to fit */ + sl_strlcpy (get_str_internal, str, siz_str_internal); for (i = 0; i < (size-1); ++i) if (get_str_internal[i] >= 'a' && get_str_internal[i] <= 'f' ) Index: trunk/src/sh_static.c =================================================================== --- trunk/src/sh_static.c (revision 21) +++ trunk/src/sh_static.c (revision 22) @@ -59,4 +59,6 @@ #endif +extern int sl_strlcpy(char * dst, /*@null@*/const char * src, size_t siz); +extern int sl_strlcat(char * dst, /*@null@*/const char * src, size_t siz); @@ -884,4 +886,5 @@ #ifdef DEBUG +/* flawfinder: ignore *//* definition of debug macro */ #define DPRINTF(X,args...) fprintf(stderr, X, ##args) #else @@ -1194,10 +1197,10 @@ goto fail; - strncpy(lookup,name,MAXDNAME); + sl_strlcpy(lookup,name,MAXDNAME); BIGLOCK; if (variant < __searchdomains && strchr(lookup, '.') == NULL) { - strncat(lookup,".", MAXDNAME); - strncat(lookup,__searchdomain[variant], MAXDNAME); + sl_strlcat(lookup,".", MAXDNAME); + sl_strlcat(lookup,__searchdomain[variant], MAXDNAME); } BIGUNLOCK; Index: trunk/src/sh_suidchk.c =================================================================== --- trunk/src/sh_suidchk.c (revision 21) +++ trunk/src/sh_suidchk.c (revision 22) @@ -415,7 +415,12 @@ long sl_status = SL_ENONE; struct stat fileInfo; + struct stat fileInfo_F; + int file_d; file_type theFile; char fileHash[2*(KEY_LEN + 1)]; + + mode_t umask_old; + int cperm_status; SL_ENTER(_("sh_suidchk_check_internal")); @@ -666,4 +671,6 @@ break; case SH_Q_CHANGEPERM: + cperm_status = 0; + file_d = -1; if (retry_lstat(FIL__, __LINE__, tmpcat, &fileInfo) == -1) { @@ -677,6 +684,8 @@ tmp ); SH_FREE(msg); + cperm_status = -1; } - else + + if (cperm_status == 0) { if (0 != (caperr = sl_get_cap_qdel())) @@ -686,11 +695,73 @@ sh_error_message (caperr), _("sl_get_cap_qdel")); + cperm_status = -1; } - - if ((fileInfo.st_mode & S_ISUID) > 0) - fileInfo.st_mode -= S_ISUID; - if ((fileInfo.st_mode & S_ISGID) > 0) - fileInfo.st_mode -= S_ISGID; - if (chmod(tmpcat, fileInfo.st_mode) == -1) + } + + if (cperm_status == 0) + { + file_d = aud_open (FIL__, __LINE__, SL_YESPRIV, + tmpcat, O_RDONLY, 0); + if (-1 == file_d) + { + status = errno; + msg = SH_ALLOC(SH_BUFSIZE); + (void) sl_snprintf(msg, SH_BUFSIZE, _("I/O error. errno = %ld"), status); + sh_error_handle (ShSuidchkSeverity, + FIL__, __LINE__, + status, + MSG_SUID_QREPORT, msg, + tmp ); + SH_FREE(msg); + cperm_status = -1; + } + } + + if (cperm_status == 0) + { + if (retry_fstat(FIL__, __LINE__, file_d, &fileInfo_F) == -1) + { + status = errno; + msg = SH_ALLOC(SH_BUFSIZE); + (void) sl_snprintf(msg, SH_BUFSIZE, + _("I/O error. errno = %ld"), status); + sh_error_handle (ShSuidchkSeverity, + FIL__, __LINE__, + status, + MSG_SUID_QREPORT, msg, + tmp ); + SH_FREE(msg); + cperm_status = -1; + } + } + + if (cperm_status == 0) + { + if (fileInfo_F.st_ino != fileInfo.st_ino || + fileInfo_F.st_dev != fileInfo.st_dev || + fileInfo_F.st_mode != fileInfo.st_mode) + { + status = errno; + msg = SH_ALLOC(SH_BUFSIZE); + (void) sl_snprintf(msg, SH_BUFSIZE, + _("Race detected. errno = %ld"), status); + sh_error_handle (ShSuidchkSeverity, + FIL__, __LINE__, + status, + MSG_SUID_QREPORT, msg, + tmp ); + SH_FREE(msg); + cperm_status = -1; + } + } + + if ((fileInfo.st_mode & S_ISUID) > 0) + fileInfo.st_mode -= S_ISUID; + if ((fileInfo.st_mode & S_ISGID) > 0) + fileInfo.st_mode -= S_ISGID; + + if (cperm_status == 0) + { + if (fchmod(file_d, fileInfo.st_mode) == -1) { status = errno; @@ -713,10 +784,33 @@ tmp ); } - if (0 != (caperr = sl_drop_cap_qdel())) + } + + if (0 != (caperr = sl_drop_cap_qdel())) + { + sh_error_handle((-1), FIL__, __LINE__, + caperr, MSG_E_SUBGEN, + sh_error_message (caperr), + _("sl_drop_cap_qdel")); + } + + if (file_d != -1) + { + do { + status = close (file_d); + } while (status == -1 && errno == EINTR); + + if (-1 == status) { - sh_error_handle((-1), FIL__, __LINE__, - caperr, MSG_E_SUBGEN, - sh_error_message (caperr), - _("sl_drop_cap_qdel")); + status = errno; + msg = SH_ALLOC(SH_BUFSIZE); + (void) sl_snprintf(msg, SH_BUFSIZE, + _("I/O error. errno = %ld"), status); + sh_error_handle (ShSuidchkSeverity, + FIL__, __LINE__, + status, + MSG_SUID_QREPORT, msg, + tmp ); + SH_FREE(msg); + cperm_status = -1; } } @@ -725,9 +819,9 @@ dir = SH_ALLOC(PATH_MAX+1); (void) sl_strlcpy (dir, DEFAULT_QDIR, PATH_MAX+1); - if (access (dir, F_OK) != 0) + if (retry_stat (FIL__, __LINE__, dir, &fileInfo) != 0) { status = errno; msg = SH_ALLOC(SH_BUFSIZE); - (void) sl_snprintf(msg, SH_BUFSIZE, _("Problem quarantining file. File NOT quarantined. errno = %ld (access)"), status); + (void) sl_snprintf(msg, SH_BUFSIZE, _("Problem quarantining file. File NOT quarantined. errno = %ld (stat)"), status); sh_error_handle (ShSuidchkSeverity, FIL__, __LINE__, @@ -815,4 +909,8 @@ DEFAULT_QDIR, basename(theFile.fullpath)); + /* + * avoid chmod by setting umask + */ + umask_old = umask (0077); filePtr = fopen (filetmp, "w+"); /*@-usedef@*/ @@ -828,4 +926,5 @@ } /*@+usedef@*/ + umask (umask_old); sh_error_handle (ShSuidchkSeverity, @@ -834,15 +933,4 @@ _("Quarantine method applied"), tmp ); - if (chmod(filetmp, S_IRUSR | S_IWUSR) == -1) - { - status = errno; - msg = SH_ALLOC(SH_BUFSIZE); - (void) sl_snprintf(msg, SH_BUFSIZE, _("Problem setting permissions on quarantined file. errno = %ld"), status); - sh_error_handle (ShSuidchkSeverity, - FIL__,__LINE__, - status, MSG_SUID_QREPORT, - msg, tmp ); - SH_FREE(msg); - } } SH_FREE(filetmp); @@ -976,5 +1064,9 @@ FileLimTotal = 0; +#ifdef SH_SUIDTESTDIR + status = sh_suidchk_check_internal (SH_SUIDTESTDIR); +#else status = sh_suidchk_check_internal ("/"); +#endif sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_SUID_SUMMARY, @@ -1169,4 +1261,5 @@ long val; int ret = 0; + struct stat buf; SL_ENTER(_("sh_suidchk_set_qmethod")); @@ -1190,5 +1283,5 @@ break; case SH_Q_MOVE: - if (access (DEFAULT_QDIR, F_OK) != 0) + if (retry_stat (FIL__, __LINE__, DEFAULT_QDIR, &buf) != 0) { if (mkdir (DEFAULT_QDIR, 0750) == -1) Index: trunk/src/sh_tiger0.c =================================================================== --- trunk/src/sh_tiger0.c (revision 21) +++ trunk/src/sh_tiger0.c (revision 22) @@ -1392,5 +1392,5 @@ } -int sh_tiger_hashtype (char * c) +int sh_tiger_hashtype (const char * c) { SL_ENTER( _("sh_tiger_hashtype")); @@ -1460,26 +1460,26 @@ if (res != NULL) { - /*@-bufferoverflowhigh -formatconst@*/ #if defined(TIGER_64_BIT) - sprintf(out, /* known to fit */ - MYFORMAT, - (sh_word32)(res[0]>>32), - (sh_word32)(res[0]), - (sh_word32)(res[1]>>32), - (sh_word32)(res[1]), - (sh_word32)(res[2]>>32), - (sh_word32)(res[2]) ); + sl_snprintf(out, + sizeof(out), + MYFORMAT, + (sh_word32)(res[0]>>32), + (sh_word32)(res[0]), + (sh_word32)(res[1]>>32), + (sh_word32)(res[1]), + (sh_word32)(res[2]>>32), + (sh_word32)(res[2]) ); #else - sprintf(out, /* known to fit */ - MYFORMAT, - (sh_word32)(res[1]), - (sh_word32)(res[0]), - (sh_word32)(res[3]), - (sh_word32)(res[2]), - (sh_word32)(res[5]), - (sh_word32)(res[4]) ); -#endif - /*@+bufferoverflowhigh@*/ - out[KEY_LEN] = '\0'; + sl_snprintf(out, + sizeof(out), + MYFORMAT, + (sh_word32)(res[1]), + (sh_word32)(res[0]), + (sh_word32)(res[3]), + (sh_word32)(res[2]), + (sh_word32)(res[5]), + (sh_word32)(res[4]) ); +#endif + out[sizeof(out)-1] = '\0'; SL_RETURN( out, _("sh_tiger_hash_internal")); @@ -1507,33 +1507,32 @@ if (res != NULL) { - /*@-bufferoverflowhigh -formatconst@*/ #if defined(TIGER_64_BIT) - sprintf(outhash, /* known to fit */ - GPGFORMAT, - (sh_word32)(res[0]>>32), - (sh_word32)(res[0]), - (sh_word32)(res[1]>>32), - (sh_word32)(res[1]), - (sh_word32)(res[2]>>32), - (sh_word32)(res[2]) ); + sl_snprintf(outhash, + sizeof(outhash), + GPGFORMAT, + (sh_word32)(res[0]>>32), + (sh_word32)(res[0]), + (sh_word32)(res[1]>>32), + (sh_word32)(res[1]), + (sh_word32)(res[2]>>32), + (sh_word32)(res[2]) ); #else - sprintf(outhash, /* known to fit */ - GPGFORMAT, - (sh_word32)(res[1]), - (sh_word32)(res[0]), - (sh_word32)(res[3]), - (sh_word32)(res[2]), - (sh_word32)(res[5]), - (sh_word32)(res[4]) ); -#endif - /*@+bufferoverflowhigh@*/ - outhash[48 + 6] = '\0'; + sl_snprintf(outhash, + sizeof(outhash), + GPGFORMAT, + (sh_word32)(res[1]), + (sh_word32)(res[0]), + (sh_word32)(res[3]), + (sh_word32)(res[2]), + (sh_word32)(res[5]), + (sh_word32)(res[4]) ); +#endif + outhash[sizeof(outhash)-1] = '\0'; } else { - /*@-bufferoverflowhigh@*/ - sprintf(outhash, /* known to fit */ - _("00000000 00000000 00000000 00000000 00000000 00000000")); - /*@+bufferoverflowhigh@*/ + sl_strlcpy(outhash, + _("00000000 00000000 00000000 00000000 00000000 00000000"), + sizeof(outhash)); } Index: trunk/src/sh_tools.c =================================================================== --- trunk/src/sh_tools.c (revision 21) +++ trunk/src/sh_tools.c (revision 22) @@ -441,5 +441,5 @@ int DoReverseLookup = S_TRUE; -int set_reverse_lookup (char * c) +int set_reverse_lookup (const char * c) { return sh_util_flagval(c, &DoReverseLookup); @@ -462,4 +462,5 @@ int retval; + size_t len; sin_cache * check_cache = conn_cache; @@ -535,8 +536,8 @@ else { - host_name = SH_ALLOC(sl_strlen(host_entry->h_name) + 1); - if (sl_strlen(host_entry->h_name) > 0) - strcpy(host_name, /* known to fit */ - host_entry->h_name); + len = sl_strlen(host_entry->h_name) + 1; + host_name = SH_ALLOC(len); + if (len > 1) + sl_strlcpy(host_name, host_entry->h_name, len); else host_name[0] = '\0'; @@ -714,4 +715,6 @@ */ new_act.sa_handler = SIG_IGN; + sigemptyset( &new_act.sa_mask ); /* set an empty mask */ + new_act.sa_flags = 0; /* init sa_flags */ sigaction (SIGPIPE, &new_act, &old_act); Index: trunk/src/sh_unix.c =================================================================== --- trunk/src/sh_unix.c (revision 21) +++ trunk/src/sh_unix.c (revision 22) @@ -307,6 +307,6 @@ *p = '0' + (u % 10); u /= 10; - } while (u); - if (iisneg == 1) { + } while (u && (p != str)); + if ((iisneg == 1) && (p != str)) { --p; *p = '-'; @@ -323,5 +323,5 @@ extern int OnlyStderr; -int safe_logger (int signal, int method, pid_t thepid) +int safe_logger (int signal, int method, char * details) { int i = 0; @@ -331,17 +331,19 @@ char str[128]; char * p; - + char l0[64], l1[64], l2[64], l3[64]; char a0[32], a1[32], a2[32]; char e0[128]; char msg[128]; - + char * locations[] = { NULL, NULL, NULL, NULL, NULL }; char * envp[] = { NULL, NULL }; char * argp[] = { NULL, NULL, NULL, NULL, NULL }; - + + pid_t thepid = getpid(); + if ((sh.flag.isdaemon == S_FALSE) || (OnlyStderr == S_TRUE)) method = 1; - + /* seems that solaris cc needs this way of initializing ... */ @@ -350,23 +352,11 @@ locations[2] = l2; locations[3] = l3; - + envp[0] = e0; - + argp[0] = a0; argp[1] = a1; argp[2] = a2; - - strcpy (l0, _("/usr/bin/logger")); /* known to fit */ - strcpy (l1, _("/usr/sbin/logger")); /* known to fit */ - strcpy (l2, _("/usr/ucb/logger")); /* known to fit */ - strcpy (l3, _("/bin/logger")); /* known to fit */ - - strcpy (a0, _("logger")); /* known to fit */ - strcpy (a1, _("-p")); /* known to fit */ - strcpy (a2, _("daemon.alert")); /* known to fit */ - - strcpy (e0, /* known to fit */ - _("PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/ucb:/usr/local/bin")); - + sl_strlcpy(msg, _("samhain["), 128); p = safe_itoa((int) thepid, str, 128); @@ -375,5 +365,10 @@ if (signal == 0) { - sl_strlcat(msg, _("]: out of memory"), 128); + if (details == NULL) { + sl_strlcat(msg, _("]: out of memory"), 128); + } else { + sl_strlcat(msg, _("]: "), 128); + sl_strlcat(msg, details, 128); + } } else @@ -393,4 +388,18 @@ return 0; } + + sl_strlcpy (l0, _("/usr/bin/logger"), 64); + sl_strlcpy (l1, _("/usr/sbin/logger"), 64); + sl_strlcpy (l2, _("/usr/ucb/logger"), 64); + sl_strlcpy (l3, _("/bin/logger"), 64); + + sl_strlcpy (a0, _("logger"), 32); + sl_strlcpy (a1, _("-p"), 32); + sl_strlcpy (a2, _("daemon.alert"), 32); + + sl_strlcpy (e0, + _("PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/ucb:/usr/local/bin"), + 128); + while (locations[i] != NULL) { status = stat(locations[i], &buf); @@ -414,4 +423,22 @@ } +int safe_fatal (int signal, int method, char * details, + char * file, int line) +{ + char msg[128]; + char str[128]; + char * p; + p = safe_itoa((int) line, str, 128); + sl_strlcpy(msg, _("FATAL: "), 128); + sl_strlcat(msg, file, 128); + sl_strlcat(msg, ": ", 128); + if (p && (*p)) { + sl_strlcat(msg, p , 128); + sl_strlcat(msg, ": ", 128); + } + sl_strlcat(msg, details, 128); + safe_logger (signal, method, msg); + _exit(EXIT_FAILURE); +} extern char sh_sig_msg[64]; @@ -451,5 +478,5 @@ { chdir ("/"); - safe_logger (mysignal, 0, getpid()); + safe_logger (mysignal, 0, NULL); } _exit(mysignal); @@ -504,5 +531,5 @@ memset (skey, '\0', sizeof(sh_key_t)); if (immediate_exit_fast < 2) - safe_logger (mysignal, 0, getpid()); + safe_logger (mysignal, 0, NULL); _exit(mysignal); #else @@ -518,5 +545,5 @@ close_ipc (); #endif - safe_logger (mysignal, 0, getpid()); + safe_logger (mysignal, 0, NULL); chdir ("/"); raise(SIGFPE); @@ -819,5 +846,5 @@ /* checksum the own binary */ -int sh_unix_self_hash (char * c) +int sh_unix_self_hash (const char * c) { char message[512]; @@ -891,5 +918,5 @@ /* added Tue Feb 22 10:36:44 NFT 2000 Rainer Wichmann */ -static int tf_add_trusted_user_int(char * c) +static int tf_add_trusted_user_int(const char * c) { register struct passwd * w; @@ -919,5 +946,5 @@ } -int tf_add_trusted_user(char * c) +int tf_add_trusted_user(const char * c) { int i; @@ -1229,4 +1256,5 @@ char ** env1; int envlen = 0; + size_t len; SL_ENTER(_("sh_unix_copyenv")); @@ -1248,6 +1276,7 @@ envlen = 0; - while (env0 != NULL && env0[envlen] != NULL) { - env1[envlen] = malloc (strlen(env0[envlen]) + 1); /* only once */ + while (env0 != NULL && env0[envlen] != NULL) { + len = strlen(env0[envlen]) + 1; + env1[envlen] = malloc (len); /* only once */ if (env1[envlen] == NULL) { @@ -1255,5 +1284,5 @@ SL_RET0(_("sh_unix_copyenv")); } - strcpy(env1[envlen], env0[envlen]); /* known to fit */ + sl_strlcpy(env1[envlen], env0[envlen], len); ++envlen; } @@ -1435,5 +1464,5 @@ (void) uname (&buf); - + /* flawfinder: ignore */ /* ff bug, ff sees system() */ sl_strlcpy (sh.host.system, buf.sysname, SH_MINIBUF); sl_strlcpy (sh.host.release, buf.release, SH_MINIBUF); @@ -1639,4 +1668,5 @@ aud_exit(FIL__, __LINE__, EXIT_FAILURE); } + /* flawfinder: ignore */ return (chroot(chroot_dir)); } @@ -1923,5 +1953,5 @@ } -int sh_unix_settimeserver (char * address) +int sh_unix_settimeserver (const char * address) { @@ -2096,5 +2126,5 @@ /* whether to use localtime for file timesatams in logs */ -int sh_unix_uselocaltime (char * c) +int sh_unix_uselocaltime (const char * c) { int i; @@ -2732,5 +2762,5 @@ } -int sh_unix_set_io_limit (char * c) +int sh_unix_set_io_limit (const char * c) { long val; @@ -2772,7 +2802,8 @@ if (tmpFile.size < fbuf->st_size) { - strcpy(fileHash, /* known to fit */ - sh_tiger_generic_hash (filename, TIGER_FD, tmpFile.size, - alert_timeout)); + sl_strlcpy(fileHash, + sh_tiger_generic_hash (filename, TIGER_FD, tmpFile.size, + alert_timeout), + KEY_LEN+1); /* return */ @@ -2781,6 +2812,7 @@ out: - strcpy(fileHash, /* known to fit */ - _("000000000000000000000000000000000000000000000000")); + sl_strlcpy(fileHash, + _("000000000000000000000000000000000000000000000000"), + KEY_LEN+1); SL_RETURN( -1, _("sh_unix_checksum_size")); } @@ -2903,6 +2935,7 @@ { if (fileHash != NULL) - strcpy(fileHash, /* known to fit */ - _("000000000000000000000000000000000000000000000000")); + sl_strlcpy(fileHash, + _("000000000000000000000000000000000000000000000000"), + KEY_LEN+1); } @@ -2920,6 +2953,7 @@ if ((theFile->check_mask & MODI_CHK) == 0) { - strcpy(fileHash, /* known to fit */ - _("000000000000000000000000000000000000000000000000")); + sl_strlcpy(fileHash, + _("000000000000000000000000000000000000000000000000"), + KEY_LEN+1); } else if ((theFile->check_mask & MODI_PREL) != 0 && @@ -2929,13 +2963,16 @@ if (0 != sh_prelink_run (theFile->fullpath, fileHash, alert_timeout)) - strcpy(fileHash, /* known to fit */ - _("000000000000000000000000000000000000000000000000")); + sl_strlcpy(fileHash, + _("000000000000000000000000000000000000000000000000"), + KEY_LEN+1); } else { tiger_fd = rval_open; - strcpy(fileHash, /* known to fit */ - sh_tiger_generic_hash (theFile->fullpath, TIGER_FD, 0, - alert_timeout)); + sl_strlcpy(fileHash, + sh_tiger_generic_hash (theFile->fullpath, + TIGER_FD, 0, + alert_timeout), + KEY_LEN+1); if ((theFile->check_mask & MODI_SGROW) != 0) { @@ -2960,6 +2997,7 @@ if ((theFile->check_mask & MODI_CHK) == 0) { - strcpy(fileHash, /* known to fit */ - _("000000000000000000000000000000000000000000000000")); + sl_strlcpy(fileHash, + _("000000000000000000000000000000000000000000000000"), + KEY_LEN+1); } else if (policy == SH_LEVEL_PRELINK && @@ -2969,6 +3007,7 @@ if (0 != sh_prelink_run (theFile->fullpath, fileHash, alert_timeout)) - strcpy(fileHash, /* known to fit */ - _("000000000000000000000000000000000000000000000000")); + sl_strlcpy(fileHash, + _("000000000000000000000000000000000000000000000000"), + KEY_LEN+1); } else @@ -3145,4 +3184,5 @@ linknamebuf = SH_ALLOC(PATH_MAX); + /* flawfinder: ignore */ linksize = readlink (theFile->fullpath, linknamebuf, PATH_MAX-1); @@ -3160,4 +3200,6 @@ SH_FREE(tmp2); SH_FREE(linknamebuf); + theFile->linkpath[0] = '-'; + theFile->linkpath[1] = '\0'; SL_RETURN((-1),_("sh_unix_getinfo")); } Index: trunk/src/sh_utils.c =================================================================== --- trunk/src/sh_utils.c (revision 21) +++ trunk/src/sh_utils.c (revision 22) @@ -189,5 +189,5 @@ } -int sh_util_hidesetup(char * c) +int sh_util_hidesetup(const char * c) { int i; @@ -646,5 +646,5 @@ static int sigtype = TYPE_HMAC; -int sh_util_sigtype (char * c) +int sh_util_sigtype (const char * c) { SL_ENTER(_("sh_util_sigtype")); @@ -957,5 +957,5 @@ char * key; char * path; - char * outpath; + char * outpath = NULL; unsigned char * image = NULL; long s = 0; @@ -963,5 +963,5 @@ long ii, k = 0; UINT32 * h1; - char * new; + char * new = NULL; if (0 != sl_is_suid()) @@ -999,4 +999,5 @@ fprintf(stderr, _("ERROR: no path to executable given\n Argument must be 'key@path'\n")); + free(new); _exit (EXIT_FAILURE); /*@notreached@*/ @@ -1005,11 +1006,11 @@ else path = &new[j]; + + len = strlen(path) + 1 + 4; /*@-usedef@*/ - if (NULL == (outpath = malloc(strlen(path) + 1 + 4))) + if (NULL == (outpath = malloc(len))) goto bail_mem; /*@-usedef@*/ - /*@-bufferoverflowhigh@*/ - sprintf (outpath, _("%s.out"), path); /* known to fit */ - /*@+bufferoverflowhigh@*/ + sl_snprintf (outpath, len, _("%s.out"), path); fp = sl_open_read(path, SL_NOPRIV); @@ -1018,4 +1019,5 @@ fprintf(stderr, _("ERROR: cannot open %s for read (errnum = %ld)\n"), path, fp); + free(new); free (outpath); _exit (EXIT_FAILURE); /*@notreached@*/ @@ -1028,4 +1030,5 @@ fprintf(stderr, _("ERROR: cannot open %s (errnum = %ld)\n"), outpath, fout); + free(new); free (outpath); _exit (EXIT_FAILURE); /*@notreached@*/ @@ -1068,4 +1071,5 @@ (void) sl_close (fout); printf(_("new file %s written\n"), outpath); + free(new); free (outpath); free(image); _exit (EXIT_SUCCESS); /*@notreached@*/ @@ -1076,4 +1080,5 @@ fprintf(stderr, _("ERROR: old key not found\n")); + free(new); free (outpath); free(image); _exit (EXIT_FAILURE); /*@notreached@*/ @@ -1084,4 +1089,7 @@ fprintf(stderr, _("ERROR: out of memory\n")); + if (new) free(new); + if (outpath) free (outpath); + if (image) free (image); _exit (EXIT_FAILURE); /*@notreached@*/ @@ -1329,8 +1337,8 @@ static unsigned char sh_obscure_index[256]; -int sh_util_obscure_ok (char * str) +int sh_util_obscure_ok (const char * str) { unsigned long i; - char * endptr = str; + char * endptr = NULL; SL_ENTER(_("sh_util_obscure_ex")); @@ -1349,4 +1357,13 @@ sh_obscure_index[i] = (unsigned char)0; } + + i = strtoul (str, &endptr, 0); + if (i > 255) + { + SL_RETURN(-1, _("sh_util_obscure_ex")); + } + sh_obscure_index[i] = (unsigned char)1; + if (*endptr == ',') + ++endptr; while (*endptr != '\0') @@ -1562,4 +1579,5 @@ } else if (!isgraph ((int) *p)) { /* not printable */ /*@-bufferoverflowhigh -formatconst@*/ + /* flawfinder: ignore */ sprintf(oct, format, '\\', /* known to fit */ (unsigned char) *p); Index: trunk/src/slib.c =================================================================== --- trunk/src/slib.c (revision 21) +++ trunk/src/slib.c (revision 22) @@ -231,7 +231,7 @@ if (flag == 1) { - sprintf (val, _("\n--------- %10s "), file); + sl_snprintf (val, 81, _("\n--------- %10s "), file); sl_strlcpy (msg, val, 80); - sprintf (val, _(" --- %6d ---------\n"), line); + sl_snprintf (val, 81, _(" --- %6d ---------\n"), line); sl_strlcat (msg, val, 80); sh_log_console (msg); @@ -578,4 +578,5 @@ #if !defined(HOST_IS_I86SOLARIS) #if !defined (_GNU_SOURCE) +/* flawfinder: ignore */ extern int vsnprintf ( char *str, size_t n, const char *format, va_list ap ); @@ -777,12 +778,13 @@ #if defined(HAVE_VSNPRINTF) && !defined(HAVE_BROKEN_VSNPRINTF) - len = vsnprintf (str, n, format, vl); + len = vsnprintf (str, n, format, vl); /* flawfinder: ignore */ str[n-1] = '\0'; #else - VA_COPY (vl2, vl); /* save the argument list */ + VA_COPY (vl2, vl); /* save the argument list */ total = sl_printf_count (format, vl); - len = (int) total; + len = (int) total; if (total < n) { + /* flawfinder: ignore */ vsprintf (str, format, vl2); /* program has checked that it fits */ str[n-1] = '\0'; @@ -804,5 +806,5 @@ * ENULL: src || format == NULL * ERANGE: n out of range - * ETRUNC: truncated + * ETRUNC: truncated (unimplemented) */ int sl_snprintf(char *str, size_t n, @@ -821,4 +823,5 @@ va_start (vl, format); #if defined(HAVE_VSNPRINTF) && !defined(HAVE_BROKEN_VSNPRINTF) + /* flawfinder: ignore */ vsnprintf (str, n, format, vl); str[n-1] = '\0'; @@ -828,4 +831,5 @@ if (total < n) { + /* flawfinder: ignore */ vsprintf (str, format, vl2); /* program has checked that it fits */ str[n-1] = '\0'; @@ -1568,4 +1572,5 @@ SL_TICKET sl_make_ticket (int fd, char * filename) { + size_t len; SL_TICKET ticket; SL_ENTER(_("sl_make_ticket")); @@ -1587,5 +1592,7 @@ } - if ( (ofiles[fd]->path = (char *) malloc( strlen(filename)+1) ) == NULL) + len = sl_strlen(filename)+1; + + if ( (ofiles[fd]->path = (char *) malloc(len) ) == NULL) { free(ofiles[fd]); @@ -1605,5 +1612,5 @@ } - strcpy (ofiles[fd]->path, filename); /* Known to fit */ + sl_strlcpy (ofiles[fd]->path, filename, len); ofiles[fd]->ticket = ticket; ofiles[fd]->fd = fd; @@ -1646,4 +1653,5 @@ int fd; int sflags; + size_t len; SL_TICKET ticket; @@ -1820,5 +1828,7 @@ } - if ( (ofiles[fd]->path = (char *) malloc( strlen(filename)+1) ) == NULL) + len = sl_strlen(filename)+1; + + if ( (ofiles[fd]->path = (char *) malloc(len) ) == NULL) { free(ofiles[fd]); @@ -1840,5 +1850,5 @@ } - strcpy (ofiles[fd]->path, filename); /* Known to fit */ + sl_strlcpy (ofiles[fd]->path, filename, len); ofiles[fd]->ticket = ticket; ofiles[fd]->fd = fd; Index: trunk/src/yulectl.c =================================================================== --- trunk/src/yulectl.c (revision 21) +++ trunk/src/yulectl.c (revision 22) @@ -300,5 +300,5 @@ if (0 != good) { - fprintf (stderr, _("ERROR: Bounced message != original message.\n")); + fprintf (stderr, _("ERROR: Bounced message != original message (possible reason: superfluous password).\n")); return -1; } @@ -321,4 +321,7 @@ printf(_(" transfer to the client when\n")); printf(_(" this client connects to deliver a message.\n\n")); + printf(_(" If password is required, it is read from\n")); + printf(_(" $HOME/.yulectl_cred or taken from the environment\n")); + printf(_(" variable YULECTL_PASSWORD (not recommended).\n\n")); printf(_("Commands: RELOAD \n")); @@ -337,5 +340,13 @@ FILE * fp; struct passwd * pwent; - + char * pw; + + pw = getenv(_("YULECTL_PASSWORD")); + if (pw && strlen(pw) < 15) + { + strcpy(password, pw); + strcpy(message2, password); + goto do_msg; + } pwent = getpwuid(geteuid()); @@ -388,5 +399,5 @@ exit(EXIT_FAILURE); } - if (strlen(message2) > 15) + if (strlen(message2) > 14) { fprintf (stderr, @@ -400,6 +411,7 @@ } strcpy(password, message2); + fclose(fp); + do_msg: strcat(message2, "@"); - fclose(fp); strncat(message2, message, SH_MAXMSG - strlen(message2) -1);