Changes in trunk/src/sh_unix.c [20:30]

File:

• trunk/src/sh_unix.c (modified) (37 diffs)

trunk/src/sh_unix.c

@@ -127 +127 @@
 unsigned long mask_USER0        = MASK_USER_;
 unsigned long mask_USER1        = MASK_USER_;
+unsigned long mask_USER2        = MASK_USER_;
+unsigned long mask_USER3        = MASK_USER_;
+unsigned long mask_USER4        = MASK_USER_;
 unsigned long mask_ALLIGNORE    = MASK_ALLIGNORE_;
 unsigned long mask_ATTRIBUTES   = MASK_ATTRIBUTES_;
@@ -142 +145 @@
   mask_USER0        = MASK_USER_;
   mask_USER1        = MASK_USER_;
+  mask_USER2        = MASK_USER_;
+  mask_USER3        = MASK_USER_;
+  mask_USER4        = MASK_USER_;
   mask_ALLIGNORE    = MASK_ALLIGNORE_;
   mask_ATTRIBUTES   = MASK_ATTRIBUTES_;
@@ -307 +313 @@
     *p = '0' + (u % 10);
     u /= 10;
-  } while (u);
-  if (iisneg == 1) {
+  } while (u && (p != str));
+  if ((iisneg == 1) && (p != str)) {
     --p;
     *p = '-';
@@ -323 +329 @@
 extern int OnlyStderr; 
 
-int safe_logger (int signal, int method, pid_t thepid)
+int safe_logger (int signal, int method, char * details)
 {
   int i = 0;
@@ -331 +337 @@
   char  str[128];
   char  * p;
-
+  
   char l0[64], l1[64], l2[64], l3[64];
   char a0[32], a1[32], a2[32];
   char e0[128];
   char msg[128];
-
+  
   char * locations[] = { NULL, NULL, NULL, NULL, NULL };
   char * envp[]      = { NULL, NULL };
   char * argp[]      = { NULL, NULL, NULL, NULL, NULL };
-
+  
+  pid_t  thepid = getpid();
+  
   if ((sh.flag.isdaemon == S_FALSE) || (OnlyStderr == S_TRUE))
     method = 1;
-
+  
   /* seems that solaris cc needs this way of initializing ...
    */
@@ -350 +358 @@
   locations[2] = l2;
   locations[3] = l3;
-
+  
   envp[0] = e0;
-
+  
   argp[0] = a0;
   argp[1] = a1;
   argp[2] = a2;
-
-  strcpy (l0, _("/usr/bin/logger"));                   /* known to fit  */
-  strcpy (l1, _("/usr/sbin/logger"));                  /* known to fit  */
-  strcpy (l2, _("/usr/ucb/logger"));                   /* known to fit  */
-  strcpy (l3, _("/bin/logger"));                       /* known to fit  */
-
-  strcpy (a0, _("logger"));                            /* known to fit  */
-  strcpy (a1, _("-p"));                                /* known to fit  */
-  strcpy (a2, _("daemon.alert"));                      /* known to fit  */
-
-  strcpy (e0,                                          /* known to fit  */
-          _("PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/ucb:/usr/local/bin"));
-
+  
   sl_strlcpy(msg, _("samhain["), 128);
   p = safe_itoa((int) thepid, str, 128);
@@ -375 +371 @@
   if (signal == 0)
     {
-      sl_strlcat(msg, _("]: out of memory"), 128);
+      if (details == NULL) {
+        sl_strlcat(msg, _("]: out of memory"), 128);
+      } else {
+        sl_strlcat(msg, _("]: "), 128);
+        sl_strlcat(msg, details, 128);
+      }
     }
   else 
@@ -393 +394 @@
     return 0;
   }
+
+  sl_strlcpy (l0, _("/usr/bin/logger"), 64);
+  sl_strlcpy (l1, _("/usr/sbin/logger"), 64);
+  sl_strlcpy (l2, _("/usr/ucb/logger"), 64);
+  sl_strlcpy (l3, _("/bin/logger"), 64);
+
+  sl_strlcpy (a0, _("logger"), 32);
+  sl_strlcpy (a1, _("-p"), 32);
+  sl_strlcpy (a2, _("daemon.alert"), 32);
+
+  sl_strlcpy (e0,
+              _("PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/ucb:/usr/local/bin"),
+              128);
+
   while (locations[i] != NULL) {
     status = stat(locations[i], &buf);
@@ -414 +429 @@
 }
 
+void safe_fatal (int signal, int method, char * details, 
+                char * file, int line)
+{
+  char msg[128];
+  char str[128];
+  char * p;
+  p = safe_itoa((int) line, str, 128);
+  sl_strlcpy(msg, _("FATAL: "), 128);
+  sl_strlcat(msg, file, 128);
+  sl_strlcat(msg, ": ", 128);
+  if (p && (*p)) {
+    sl_strlcat(msg, p   , 128);
+    sl_strlcat(msg, ": ", 128);
+  }
+  sl_strlcat(msg, details, 128);
+  safe_logger (signal, method, msg);
+  _exit(EXIT_FAILURE);
+}
 
 extern char sh_sig_msg[64];
@@ -451 +484 @@
         {
           chdir ("/");
-          safe_logger (mysignal, 0, getpid());
+          safe_logger (mysignal, 0, NULL);
         }
       _exit(mysignal);
@@ -504 +537 @@
     memset (skey, '\0', sizeof(sh_key_t));
   if (immediate_exit_fast < 2)
-    safe_logger (mysignal, 0, getpid());
+    safe_logger (mysignal, 0, NULL);
   _exit(mysignal);
 #else
@@ -518 +551 @@
       close_ipc ();
 #endif
-      safe_logger (mysignal, 0, getpid());
+      safe_logger (mysignal, 0, NULL);
       chdir ("/");
       raise(SIGFPE);
@@ -819 +852 @@
 /* checksum the own binary
  */
-int sh_unix_self_hash (char * c)
+int sh_unix_self_hash (const char * c)
 {
   char message[512];
@@ -891 +924 @@
 
 /* added    Tue Feb 22 10:36:44 NFT 2000 Rainer Wichmann            */
-static int tf_add_trusted_user_int(char * c)
+static int tf_add_trusted_user_int(const char * c)
 {
   register struct passwd *          w;
@@ -919 +952 @@
 }
 
-int tf_add_trusted_user(char * c)
+int tf_add_trusted_user(const char * c)
 {
   int    i;
@@ -1229 +1262 @@
   char ** env1;
   int   envlen = 0;
+  size_t len;
 
   SL_ENTER(_("sh_unix_copyenv"));
@@ -1248 +1282 @@
   envlen = 0;
 
-  while (env0 != NULL && env0[envlen] != NULL) { 
-    env1[envlen] = malloc (strlen(env0[envlen]) + 1); /* only once */
+  while (env0 != NULL && env0[envlen] != NULL) {
+    len = strlen(env0[envlen]) + 1;
+    env1[envlen] = malloc (len); /* only once */
     if (env1[envlen] == NULL)
       {
@@ -1255 +1290 @@
         SL_RET0(_("sh_unix_copyenv"));
       }
-    strcpy(env1[envlen], env0[envlen]);                /* known to fit  */
+    sl_strlcpy(env1[envlen], env0[envlen], len);
     ++envlen;
   }
@@ -1416 +1451 @@
 #include <arpa/inet.h>
 
+char * sh_unix_h_name (struct hostent * host_entry)
+{
+        char ** p;
+        if (strchr(host_entry->h_name, '.')) {
+                return host_entry->h_name;
+        } else {
+                for (p = host_entry->h_aliases; *p; ++p) {
+                        if (strchr(*p, '.'))
+                                return *p;
+                }
+        }
+        return host_entry->h_name;
+}
+
 /* uname() on FreeBSD is broken, because the 'nodename' buf is too small
  * to hold a valid (leftmost) domain label.
@@ -1435 +1484 @@
 
   (void) uname (&buf);
-
+  /* flawfinder: ignore */ /* ff bug, ff sees system() */
   sl_strlcpy (sh.host.system,  buf.sysname, SH_MINIBUF);
   sl_strlcpy (sh.host.release, buf.release, SH_MINIBUF);
@@ -1486 +1535 @@
   else
     {
-      sl_strlcpy (sh.host.name, he1->h_name, SH_PATHBUF);
+      sl_strlcpy (sh.host.name, sh_unix_h_name(he1), SH_PATHBUF);
     }
   
@@ -1534 +1583 @@
   if (he1 != NULL)
     {
-      sl_strlcpy (sh.host.name, he1->h_name, SH_PATHBUF);
+      sl_strlcpy (sh.host.name, sh_unix_h_name(he1), SH_PATHBUF);
     }
   else
@@ -1639 +1688 @@
           aud_exit(FIL__, __LINE__, EXIT_FAILURE);
         }
+      /* flawfinder: ignore */
       return (chroot(chroot_dir));
     }
@@ -1923 +1973 @@
 }
 
-int sh_unix_settimeserver (char * address)
+int sh_unix_settimeserver (const char * address)
 {
 
@@ -2096 +2146 @@
 /* whether to use localtime for file timesatams in logs
  */
-int sh_unix_uselocaltime (char * c)
+int sh_unix_uselocaltime (const char * c)
 {
   int i;
@@ -2732 +2782 @@
 }
 
-int sh_unix_set_io_limit (char * c)
+int sh_unix_set_io_limit (const char * c)
 {
   long val;
@@ -2772 +2822 @@
   if (tmpFile.size < fbuf->st_size)
     {
-      strcpy(fileHash,                         /* known to fit */
-             sh_tiger_generic_hash (filename, TIGER_FD, tmpFile.size, 
-                                    alert_timeout));
+      sl_strlcpy(fileHash,
+                sh_tiger_generic_hash (filename, TIGER_FD, tmpFile.size, 
+                                       alert_timeout),
+                KEY_LEN+1);
 
       /* return */
@@ -2781 +2832 @@
 
  out:
-  strcpy(fileHash,                              /* known to fit */
-         _("000000000000000000000000000000000000000000000000"));
+  sl_strlcpy(fileHash,
+             _("000000000000000000000000000000000000000000000000"),
+             KEY_LEN+1);
   SL_RETURN( -1, _("sh_unix_checksum_size"));
 }
@@ -2903 +2955 @@
     {
       if (fileHash != NULL)
-        strcpy(fileHash,                              /* known to fit */
-               _("000000000000000000000000000000000000000000000000"));
+        sl_strlcpy(fileHash,
+                   _("000000000000000000000000000000000000000000000000"),
+                   KEY_LEN+1);
     }
   
@@ -2920 +2973 @@
           if ((theFile->check_mask & MODI_CHK) == 0)
             {
-              strcpy(fileHash,                         /* known to fit */
-                     _("000000000000000000000000000000000000000000000000"));
+              sl_strlcpy(fileHash,
+                         _("000000000000000000000000000000000000000000000000"),
+                         KEY_LEN+1);
             }
           else if ((theFile->check_mask & MODI_PREL) != 0 && 
@@ -2929 +2983 @@
               if (0 != sh_prelink_run (theFile->fullpath, 
                                        fileHash, alert_timeout))
-                strcpy(fileHash,                       /* known to fit */
-                       _("000000000000000000000000000000000000000000000000"));
+                sl_strlcpy(fileHash,
+                           _("000000000000000000000000000000000000000000000000"),
+                           KEY_LEN+1);
             }
           else
             {
               tiger_fd = rval_open;
-              strcpy(fileHash,                         /* known to fit */
-                     sh_tiger_generic_hash (theFile->fullpath, TIGER_FD, 0, 
-                                            alert_timeout));
+              sl_strlcpy(fileHash,
+                         sh_tiger_generic_hash (theFile->fullpath, 
+                                                TIGER_FD, 0, 
+                                                alert_timeout),
+                         KEY_LEN+1);
               if ((theFile->check_mask & MODI_SGROW) != 0)
                 {
@@ -2960 +3017 @@
           if ((theFile->check_mask & MODI_CHK) == 0)
             {
-              strcpy(fileHash,                         /* known to fit */
-                     _("000000000000000000000000000000000000000000000000"));
+              sl_strlcpy(fileHash,
+                         _("000000000000000000000000000000000000000000000000"),
+                         KEY_LEN+1);
             }
           else if (policy == SH_LEVEL_PRELINK &&
@@ -2969 +3027 @@
               if (0 != sh_prelink_run (theFile->fullpath, 
                                        fileHash, alert_timeout))
-                strcpy(fileHash,                       /* known to fit */
-                       _("000000000000000000000000000000000000000000000000"));
+                sl_strlcpy(fileHash,
+                           _("000000000000000000000000000000000000000000000000"),
+                           KEY_LEN+1);
             }
           else
@@ -3145 +3204 @@
       linknamebuf = SH_ALLOC(PATH_MAX);
 
+      /* flawfinder: ignore */
       linksize    = readlink (theFile->fullpath, linknamebuf, PATH_MAX-1);
 
@@ -3160 +3220 @@
           SH_FREE(tmp2);
           SH_FREE(linknamebuf);
+          theFile->linkpath[0] = '-';
+          theFile->linkpath[1] = '\0';
           SL_RETURN((-1),_("sh_unix_getinfo"));
         }
@@ -3982 +4044 @@
     {
 #ifdef WITH_TPT
-      sl_snprintf(str, 128, _("file: %s line: %d page: %d"), 
+      sl_snprintf(str, sizeof(str), _("file: %s line: %d page: %d"), 
                   page_list->file, page_list->line, i+1);
       sh_error_handle(SH_ERR_INFO, FIL__, __LINE__, i, MSG_E_SUBGEN,
@@ -3990 +4052 @@
       ++i;
     }
-  sl_snprintf(str, 128, _("%d pages locked"), i);
+  sl_snprintf(str, sizeof(str), _("%d pages locked"), i);
   sh_error_handle(SH_ERR_INFO, FIL__, __LINE__, i, MSG_E_SUBGEN,
                   str, _("sh_unix_count_mlock"));