Index: trunk/docs/Changelog =================================================================== --- trunk/docs/Changelog (revision 380) +++ trunk/docs/Changelog (revision 381) @@ -1,3 +1,5 @@ 3.0.1: + * fix an uninitialized variable in the suidcheck code (problem + reports by T- Luettgert and Kai) * fix a bug in the port check with --disable-ipv6 (reported by C. Westlake) * fix potential deadlock in sh_files.c (reported by S. Mirolo) Index: trunk/include/sh_unix.h =================================================================== --- trunk/include/sh_unix.h (revision 380) +++ trunk/include/sh_unix.h (revision 381) @@ -99,4 +99,6 @@ #define MODI_AUDIT_ENABLED(a) (((a)&(1 << 15))!=0) +#define MODI_INIT 0xDA000000UL +#define MODI_INITIALIZED(a) (((a) & 0xFF000000UL) == MODI_INIT) #define SH_TXT_MAX 9200 @@ -120,5 +122,5 @@ extern unsigned long mask_USER3; extern unsigned long mask_USER4; -/* like READONLY, but without MTM,CTM,SIZ,INO, abd with PREL) +/* like READONLY, but without MTM,CTM,SIZ,INO, and with PREL) */ #define MASK_PRELINK_ (MASK_ATTRIBUTES_|MODI_HLN|MODI_LNK|MODI_CHK|MODI_PREL) Index: trunk/src/sh_files.c =================================================================== --- trunk/src/sh_files.c (revision 380) +++ trunk/src/sh_files.c (revision 381) @@ -697,4 +697,6 @@ SL_ENTER(_("sh_files_parse_mask")); + myword[0] = '\0'; + if (str == NULL) { @@ -705,6 +707,8 @@ while (i < l) { + if (str[i] == '\0') break; + if (str[i] == ' ' || str[i] == '\t' || str[i] == ',') { @@ -716,13 +720,16 @@ { act = +1; ++i; - continue; + myword[0] = '\0'; + goto getword; } else if (str[i] == '-') { act = -1; ++i; - continue; + myword[0] = '\0'; + goto getword; } else /* a word */ { + getword: k = 0; while (k < 63 && str[i] != ' ' && str[i] != '\t' && str[i] != ',' @@ -733,52 +740,63 @@ myword[k] = '\0'; + if (sl_strlen(myword) == 0) + { + SL_RETURN ( (-1), _("sh_files_parse_mask")); + } + /* checksum */ - if (0 == strncmp(myword, _("CHK"), 3)) + if (0 == strcmp(myword, _("CHK"))) sh_files_set_mask (mask, MODI_CHK, act); /* link */ - if (0 == strncmp(myword, _("LNK"), 3)) + else if (0 == strcmp(myword, _("LNK"))) sh_files_set_mask (mask, MODI_LNK, act); /* inode */ - if (0 == strncmp(myword, _("RDEV"), 3)) + else if (0 == strcmp(myword, _("RDEV"))) sh_files_set_mask (mask, MODI_RDEV, act); /* inode */ - if (0 == strncmp(myword, _("INO"), 3)) + else if (0 == strcmp(myword, _("INO"))) sh_files_set_mask (mask, MODI_INO, act); /* user */ - if (0 == strncmp(myword, _("USR"), 3)) + else if (0 == strcmp(myword, _("USR"))) sh_files_set_mask (mask, MODI_USR, act); /* group */ - if (0 == strncmp(myword, _("GRP"), 3)) + else if (0 == strcmp(myword, _("GRP"))) sh_files_set_mask (mask, MODI_GRP, act); /* mtime */ - if (0 == strncmp(myword, _("MTM"), 3)) + else if (0 == strcmp(myword, _("MTM"))) sh_files_set_mask (mask, MODI_MTM, act); /* ctime */ - if (0 == strncmp(myword, _("CTM"), 3)) + else if (0 == strcmp(myword, _("CTM"))) sh_files_set_mask (mask, MODI_CTM, act); /* atime */ - if (0 == strncmp(myword, _("ATM"), 3)) + else if (0 == strcmp(myword, _("ATM"))) sh_files_set_mask (mask, MODI_ATM, act); /* size */ - if (0 == strncmp(myword, _("SIZ"), 3)) + else if (0 == strcmp(myword, _("SIZ"))) sh_files_set_mask (mask, MODI_SIZ, act); /* file mode */ - if (0 == strncmp(myword, _("MOD"), 3)) + else if (0 == strcmp(myword, _("MOD"))) sh_files_set_mask (mask, MODI_MOD, act); /* hardlinks */ - if (0 == strncmp(myword, _("HLN"), 3)) + else if (0 == strcmp(myword, _("HLN"))) sh_files_set_mask (mask, MODI_HLN, act); /* size may grow */ - if (0 == strncmp(myword, _("GROW"), 3)) + else if (0 == strcmp(myword, _("SGROW"))) sh_files_set_mask (mask, MODI_SGROW, act); /* use prelink */ - if (0 == strncmp(myword, _("PRE"), 3)) + else if (0 == strcmp(myword, _("PRE"))) sh_files_set_mask (mask, MODI_PREL, act); /* get content */ - if (0 == strncmp(myword, _("TXT"), 3)) + else if (0 == strcmp(myword, _("TXT"))) sh_files_set_mask (mask, MODI_TXT, act); /* get content */ - if (0 == strncmp(myword, _("AUDIT"), 3)) + else if (0 == strcmp(myword, _("AUDIT"))) sh_files_set_mask (mask, MODI_AUDIT, act); + else + { + SL_RETURN ( (-1), _("sh_files_parse_mask")); + } + act = 0; + myword[0] = '\0'; } } @@ -840,27 +858,27 @@ { case SH_LEVEL_READONLY: - return (unsigned long) mask_READONLY; + return (unsigned long) (mask_READONLY | MODI_INIT); case SH_LEVEL_ATTRIBUTES: - return (unsigned long) mask_ATTRIBUTES; + return (unsigned long) (mask_ATTRIBUTES | MODI_INIT); case SH_LEVEL_LOGFILES: - return (unsigned long) mask_LOGFILES; + return (unsigned long) (mask_LOGFILES | MODI_INIT); case SH_LEVEL_LOGGROW: - return (unsigned long) mask_LOGGROW; + return (unsigned long) (mask_LOGGROW | MODI_INIT); case SH_LEVEL_ALLIGNORE: - return (unsigned long) mask_ALLIGNORE; + return (unsigned long) (mask_ALLIGNORE | MODI_INIT); case SH_LEVEL_NOIGNORE: - return (unsigned long) mask_NOIGNORE; + return (unsigned long) (mask_NOIGNORE | MODI_INIT); case SH_LEVEL_USER0: - return (unsigned long) mask_USER0; + return (unsigned long) (mask_USER0 | MODI_INIT); case SH_LEVEL_USER1: - return (unsigned long) mask_USER1; + return (unsigned long) (mask_USER1 | MODI_INIT); case SH_LEVEL_USER2: - return (unsigned long) mask_USER2; + return (unsigned long) (mask_USER2 | MODI_INIT); case SH_LEVEL_USER3: - return (unsigned long) mask_USER3; + return (unsigned long) (mask_USER3 | MODI_INIT); case SH_LEVEL_USER4: - return (unsigned long) mask_USER4; + return (unsigned long) (mask_USER4 | MODI_INIT); case SH_LEVEL_PRELINK: - return (unsigned long) mask_PRELINK; + return (unsigned long) (mask_PRELINK | MODI_INIT); default: return (unsigned long) 0; @@ -907,5 +925,5 @@ #endif -int sh_files_push_file_int (int class, const char * str_s, size_t len) +int sh_files_push_file_int (int class, const char * str_s, size_t len, unsigned long check_mask) { dirstack_t * new_item_ptr; @@ -923,5 +941,5 @@ new_item_ptr->name = fileName; new_item_ptr->class = class; - new_item_ptr->check_mask = sh_files_maskof(class); + new_item_ptr->check_mask = check_mask; new_item_ptr->rdepth = 0; new_item_ptr->checked = S_FALSE; @@ -982,5 +1000,5 @@ } -int sh_files_push_dir_int (int class, char * tail, size_t len, int rdepth); +int sh_files_push_dir_int (int class, char * tail, size_t len, int rdepth, unsigned long check_mask); #ifdef HAVE_GLOB_H @@ -1005,5 +1023,5 @@ int count = 0; - volatile unsigned long check_mask = check_mask_in; + volatile unsigned long check_mask = (flag == 0) ? sh_files_maskof(class) : check_mask_in; SL_ENTER(_("sh_files_pushglob")); @@ -1028,5 +1046,5 @@ new_item_ptr->name = fileName; new_item_ptr->class = class; - new_item_ptr->check_mask = (flag == 0) ? sh_files_maskof(class) : check_mask; + new_item_ptr->check_mask = check_mask; new_item_ptr->rdepth = rdepth; new_item_ptr->type = type; @@ -1057,5 +1075,5 @@ { count += sh_files_push_file_int (class, pglob.gl_pathv[gloop], - sl_strlen(pglob.gl_pathv[gloop])); + sl_strlen(pglob.gl_pathv[gloop]), check_mask); } else @@ -1064,5 +1082,5 @@ count += sh_files_push_dir_int (class, pglob.gl_pathv[gloop], - sl_strlen(pglob.gl_pathv[gloop]), rdepth); + sl_strlen(pglob.gl_pathv[gloop]), rdepth, check_mask); } } @@ -1275,5 +1293,5 @@ if (0 == sh_files_has_metachar(p)) { - sh_files_push_file_int (class, p, len); + sh_files_push_file_int (class, p, len, sh_files_maskof(class)); } else @@ -1283,5 +1301,5 @@ #else - sh_files_push_file_int (class, p, len); + sh_files_push_file_int (class, p, len, sh_files_maskof(class)); #endif @@ -1534,5 +1552,5 @@ } -int sh_files_push_dir_int (int class, char * tail, size_t len, int rdepth) +int sh_files_push_dir_int (int class, char * tail, size_t len, int rdepth, unsigned long check_mask) { zAVLTree * tree; @@ -1550,5 +1568,5 @@ new_item_ptr->name = dirName; new_item_ptr->class = class; - new_item_ptr->check_mask = sh_files_maskof(class); + new_item_ptr->check_mask = check_mask; new_item_ptr->rdepth = rdepth; new_item_ptr->checked = S_FALSE; @@ -1600,6 +1618,5 @@ else { - unsigned long mask = sh_files_maskof(class); - if (MODI_AUDIT_ENABLED(mask)) + if (MODI_AUDIT_ENABLED(check_mask)) { sh_audit_mark(tail); @@ -1713,5 +1730,5 @@ if (0 == sh_files_has_metachar(tail)) { - sh_files_push_dir_int (class, tail, len, rdepth); + sh_files_push_dir_int (class, tail, len, rdepth, sh_files_maskof(class)); } else @@ -1720,5 +1737,5 @@ } #else - sh_files_push_dir_int (class, tail, len, rdepth); + sh_files_push_dir_int (class, tail, len, rdepth, sh_files_maskof(class)); #endif Index: trunk/src/sh_suidchk.c =================================================================== --- trunk/src/sh_suidchk.c (revision 380) +++ trunk/src/sh_suidchk.c (revision 381) @@ -1188,5 +1188,5 @@ int dummy; int class; - unsigned long check_mask; + unsigned long check_mask = 0; theFile = SH_ALLOC(sizeof(file_type)); Index: trunk/src/sh_unix.c =================================================================== --- trunk/src/sh_unix.c (revision 380) +++ trunk/src/sh_unix.c (revision 381) @@ -3643,4 +3643,15 @@ SL_ENTER(_("sh_unix_getinfo")); + if (!MODI_INITIALIZED(theFile->check_mask)) + { + tmp2 = sh_util_safe_name (theFile->fullpath); + SH_MUTEX_LOCK(mutex_thread_nolog); + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_E_SUBGPATH, + _("Uninitialized check mask"), _("sh_unix_getinfo"), + tmp2); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + SH_FREE(tmp2); + } + /* Take the address to keep gcc from putting it into a register. * Avoids the 'clobbered by longjmp' warning. @@ -3808,5 +3819,5 @@ sl_strlcpy(fileHash, SH_KEY_NULL, KEY_LEN+1); } - else if ((theFile->check_mask & MODI_PREL) != 0 && + else if ((theFile->check_mask & MODI_PREL) != 0 && S_TRUE == sh_prelink_iself(rval_open, fbuf.st_size, alert_timeout, theFile->fullpath))