- Timestamp:
- Dec 19, 2006, 10:01:59 PM (18 years ago)
- Location:
- trunk/src
- Files:
-
- 12 edited
-
cutest_sh_hash.c (modified) (1 diff)
-
cutest_sh_utils.c (modified) (5 diffs)
-
sh_database.c (modified) (9 diffs)
-
sh_getopt.c (modified) (4 diffs)
-
sh_hash.c (modified) (5 diffs)
-
sh_portcheck.c (modified) (2 diffs)
-
sh_processcheck.c (modified) (1 diff)
-
sh_tiger0.c (modified) (2 diffs)
-
sh_unix.c (modified) (6 diffs)
-
sh_utils.c (modified) (10 diffs)
-
slib.c (modified) (9 diffs)
-
trustfile.c (modified) (6 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/cutest_sh_hash.c
r33 r76 63 63 64 64 65 void Test_csv_escape_ok (CuTest *tc) { 66 #if defined(SH_WITH_CLIENT) || defined(SH_STANDALONE) 65 67 68 extern char * csv_escape(const char * str); 69 70 char test0[80]; 71 char expec[80]; 72 char *ret; 73 74 strcpy(test0, "foobar"); 75 strcpy(expec, "\"foobar\""); 76 ret = csv_escape(test0); 77 CuAssertStrEquals(tc, expec, ret); 78 79 strcpy(test0, "\"foobar\""); 80 strcpy(expec, "\"\"\"foobar\"\"\""); 81 ret = csv_escape(test0); 82 CuAssertStrEquals(tc, expec, ret); 83 84 strcpy(test0, "foo,bar"); 85 strcpy(expec, "\"foo,bar\""); 86 ret = csv_escape(test0); 87 CuAssertStrEquals(tc, expec, ret); 88 89 strcpy(test0, "foob,\"a\"r"); 90 strcpy(expec, "\"foob,\"\"a\"\"r\""); 91 ret = csv_escape(test0); 92 CuAssertStrEquals(tc, expec, ret); 93 94 strcpy(test0, "\",\"foobar\",\""); 95 strcpy(expec, "\"\"\",\"\"foobar\"\",\"\"\""); 96 ret = csv_escape(test0); 97 CuAssertStrEquals(tc, expec, ret); 98 99 strcpy(test0, ""); 100 strcpy(expec, ""); 101 ret = csv_escape(test0); 102 CuAssertStrEquals(tc, expec, ret); 103 104 strcpy(test0, "a"); 105 strcpy(expec, "\"a\""); 106 ret = csv_escape(test0); 107 CuAssertStrEquals(tc, expec, ret); 108 109 strcpy(test0, "foo\"bar"); 110 strcpy(expec, "\"foo\"\"bar\""); 111 ret = csv_escape(test0); 112 CuAssertStrEquals(tc, expec, ret); 113 114 #else 115 (void) tc; /* fix compiler warning */ 116 #endif 117 return; 118 } 119 120 121 -
trunk/src/cutest_sh_utils.c
r68 r76 6 6 #include "samhain.h" 7 7 #include "sh_utils.h" 8 9 void Test_sl_strlcpy (CuTest *tc) { 10 int ret; 11 char out[] = "aaaaaa"; 12 char in[] = "bbb"; 13 14 ret = sl_strlcpy (NULL, NULL, 0); 15 CuAssertIntEquals(tc, ret, SL_ENONE); 16 17 ret = sl_strlcpy (NULL, in, 0); 18 CuAssertIntEquals(tc, ret, SL_ENULL); 19 20 ret = sl_strlcpy (out, NULL, 0); 21 CuAssertIntEquals(tc, ret, SL_ENONE); 22 23 ret = sl_strlcpy (out, in, 0); 24 CuAssertIntEquals(tc, ret, SL_ENONE); 25 26 ret = sl_strlcpy (out, NULL, 7); 27 CuAssertIntEquals(tc, ret, SL_ENONE); 28 CuAssertStrEquals(tc, "", out); 29 30 out[0] = 'a'; 31 ret = sl_strlcpy (out, in, 4); 32 CuAssertIntEquals(tc, ret, SL_ENONE); 33 CuAssertStrEquals(tc, "bbb", out); 34 CuAssertStrEquals(tc, "aa", &out[4]); 35 36 return; 37 } 38 39 void Test_sl_strlcat (CuTest *tc) { 40 int ret; 41 char out[16] = "aaaaaa"; 42 char in[16] = "bbb"; 43 44 ret = sl_strlcat (NULL, NULL, 0); 45 CuAssertIntEquals(tc, ret, SL_ENONE); 46 47 ret = sl_strlcat (NULL, in, 0); 48 CuAssertIntEquals(tc, ret, SL_ENONE); 49 50 ret = sl_strlcat (out, NULL, 0); 51 CuAssertIntEquals(tc, ret, SL_ENONE); 52 53 ret = sl_strlcat (out, in, 0); 54 CuAssertIntEquals(tc, ret, SL_ENONE); 55 56 ret = sl_strlcat (out, NULL, sizeof(out)); 57 CuAssertIntEquals(tc, ret, SL_ENONE); 58 CuAssertStrEquals(tc, "aaaaaa", out); 59 60 ret = sl_strlcat (out, in, 7); 61 CuAssertIntEquals(tc, ret, SL_ETRUNC); 62 CuAssertStrEquals(tc, "aaaaaa", out); 63 64 ret = sl_strlcat (out, in, 8); 65 CuAssertIntEquals(tc, ret, SL_ETRUNC); 66 CuAssertStrEquals(tc, "aaaaaab", out); 67 68 ret = sl_strlcat (out, in, sizeof(out)); 69 CuAssertIntEquals(tc, ret, SL_ENONE); 70 CuAssertStrEquals(tc, "aaaaaabbbb", out); 71 72 CuAssertStrEquals(tc, "bbb", in); 73 74 return; 75 } 8 76 9 77 void Test_sh_util_acl_compact (CuTest *tc) { … … 238 306 CuAssertIntEquals(tc, ret, S_FALSE); 239 307 308 /* switch on utf8 checking for sh_util_obscurename() */ 309 310 ret = sh_util_obscure_utf8("Y"); 311 CuAssertIntEquals(tc, ret, 0); 240 312 241 313 ret = sh_util_obscure_ok ("0x01,0x02,0x03"); … … 244 316 ret = sh_util_valid_utf8 (input); 245 317 CuAssertIntEquals(tc, ret, S_TRUE); 318 ret = sh_util_obscurename (0, (char *)input, S_FALSE /* no log message */); 319 CuAssertIntEquals(tc, ret, 0); 246 320 247 321 input[0] = '\t'; 248 322 ret = sh_util_valid_utf8 (input); 249 323 CuAssertIntEquals(tc, ret, S_FALSE); 324 ret = sh_util_obscurename (0, (char *)input, S_FALSE /* no log message */); 325 CuAssertIntEquals(tc, ret, -1); 250 326 251 327 input[0] = 0x01; 252 328 ret = sh_util_valid_utf8 (input); 253 329 CuAssertIntEquals(tc, ret, S_TRUE); 330 ret = sh_util_obscurename (0, (char *)input, S_FALSE /* no log message */); 331 CuAssertIntEquals(tc, ret, 0); 254 332 255 333 input[0] = 0x02; 256 334 ret = sh_util_valid_utf8 (input); 257 335 CuAssertIntEquals(tc, ret, S_TRUE); 336 ret = sh_util_obscurename (0, (char *)input, S_FALSE /* no log message */); 337 CuAssertIntEquals(tc, ret, 0); 258 338 259 339 input[0] = 0x03; 260 340 ret = sh_util_valid_utf8 (input); 261 341 CuAssertIntEquals(tc, ret, S_TRUE); 342 ret = sh_util_obscurename (0, (char *)input, S_FALSE /* no log message */); 343 CuAssertIntEquals(tc, ret, 0); 262 344 263 345 input[0] = 0x04; 264 346 ret = sh_util_valid_utf8 (input); 265 347 CuAssertIntEquals(tc, ret, S_FALSE); 348 ret = sh_util_obscurename (0, (char *)input, S_FALSE /* no log message */); 349 CuAssertIntEquals(tc, ret, -1); 350 351 input[0] = 'f'; 352 ret = sh_util_valid_utf8 (input); 353 CuAssertIntEquals(tc, ret, S_TRUE); 354 ret = sh_util_obscurename (0, (char *)input, S_FALSE /* no log message */); 355 CuAssertIntEquals(tc, ret, 0); 356 357 input[5] = ' '; 358 ret = sh_util_valid_utf8 (input); 359 CuAssertIntEquals(tc, ret, S_FALSE); 360 ret = sh_util_obscurename (0, (char *)input, S_FALSE /* no log message */); 361 CuAssertIntEquals(tc, ret, -1); 362 363 input[5] = 'r'; input[3] = ' '; 364 ret = sh_util_valid_utf8 (input); 365 CuAssertIntEquals(tc, ret, S_TRUE); 366 ret = sh_util_obscurename (0, (char *)input, S_FALSE /* no log message */); 367 CuAssertIntEquals(tc, ret, 0); 266 368 267 369 … … 277 379 char input[16] = "foobar"; 278 380 381 /* switch off utf8 checking for sh_util_obscurename() */ 382 383 ret = sh_util_obscure_utf8("N"); 384 CuAssertIntEquals(tc, ret, 0); 385 279 386 ret = sh_util_obscure_ok ("0xA1,0xA2,0xA3"); 280 387 CuAssertIntEquals(tc, ret, 0); … … 303 410 CuAssertIntEquals(tc, ret, -1); 304 411 412 input[0] = 'f'; 413 ret = sh_util_obscurename (0, input, S_FALSE /* no log message */); 414 CuAssertIntEquals(tc, ret, 0); 415 416 input[5] = ' '; 417 ret = sh_util_obscurename (0, input, S_FALSE /* no log message */); 418 CuAssertIntEquals(tc, ret, -1); 419 420 input[5] = 'r'; input[3] = ' '; 421 ret = sh_util_obscurename (0, input, S_FALSE /* no log message */); 422 CuAssertIntEquals(tc, ret, 0); 305 423 #else 306 424 CuAssertIntEquals(tc, ret, 0); -
trunk/src/sh_database.c
r68 r76 1197 1197 long len; 1198 1198 1199 if (!end || !val || !size) 1200 return end; 1201 1202 if (val[0] == '\0') 1203 { 1204 return end; 1205 } 1206 else 1207 { 1208 if (*size > 1) 1199 if (!((end == NULL) || (val == NULL) || (size == NULL))) 1200 { 1201 if (val[0] != '\0') 1209 1202 { 1210 *end = ','; ++end; (*size) -= 1; 1211 if (flag == 1) { *end = '\''; ++end; (*size) -= 1; } 1212 *end = '\0'; 1203 if (*size > 1) 1204 { 1205 *end = ','; ++end; (*size) -= 1; 1206 if (flag == 1) { *end = '\''; ++end; (*size) -= 1; } 1207 *end = '\0'; 1208 } 1209 len = (long) strlen(val); 1210 if ((long) *size > (len+1)) 1211 { 1212 (void) sl_strlcat(end, val, (size_t) *size); 1213 end += len; (*size) -= len; 1214 if (flag == 1) { *end = '\''; ++end; (*size) -= 1; } 1215 *end = '\0'; 1216 } 1213 1217 } 1214 len = (long) strlen(val); 1215 if ((long) *size > (len+1)) 1216 { 1217 (void) sl_strlcat(end, val, (size_t) *size); 1218 end += len; (*size) -= len; 1219 if (flag == 1) { *end = '\''; ++end; (*size) -= 1; } 1220 *end = '\0'; 1221 } 1222 } 1223 1218 } 1219 1224 1220 return end; 1225 1221 } … … 1250 1246 char md5out[33]; 1251 1247 int cnt; 1248 1249 size_t len_val; 1250 size_t len_col; 1252 1251 1253 1252 SL_ENTER(_("sh_database_entry")); … … 1331 1330 /*@+type@*/ 1332 1331 1333 size = (int) (SH_QUERY_MAX - strlen(values)); 1334 end = values + strlen(values); 1335 c_size = 1023 - (int) strlen(columns); /* sizeof(colums) == 1024 */ 1336 c_end = columns + strlen(columns); 1332 len_val = strlen(values); 1333 size = (int) (SH_QUERY_MAX - len_val); 1334 end = values + len_val; 1335 1336 len_col = strlen(columns); 1337 c_size = 1023 - (int) len_col; /* sizeof(colums) == 1024 */ 1338 c_end = columns + len_col; 1337 1339 1338 1340 i = 4; … … 1354 1356 if (p != end) 1355 1357 { 1356 /* 1357 * 'host' is a reserved word in SQL 1358 */ 1359 if (attr_tab[i].val == SH_SLOT_HOST) 1360 c_end = null_or_val (c_end, _("fromhost"), &c_size,0); 1361 /* 1362 * 'group' is a reserved word in SQL 1363 */ 1364 else if (attr_tab[i].val == SH_SLOT_GROUP) 1365 c_end = null_or_val (c_end, _("grp"), &c_size,0); 1358 if ((attr_tab[i].val != SH_SLOT_HOST) && 1359 (attr_tab[i].val != SH_SLOT_GROUP)) 1360 { 1361 c_end = null_or_val (c_end, attr_tab[i].attr, &c_size,0); 1362 } 1366 1363 else 1367 c_end = null_or_val (c_end, attr_tab[i].attr, &c_size,0); 1364 { 1365 /* 1366 * 'host' is a reserved word in SQL 1367 */ 1368 if (attr_tab[i].val == SH_SLOT_HOST) 1369 c_end = null_or_val (c_end, _("fromhost"), &c_size,0); 1370 /* 1371 * 'group' is a reserved word in SQL 1372 */ 1373 else /* if (attr_tab[i].val == SH_SLOT_GROUP) */ 1374 c_end = null_or_val (c_end, _("grp"), &c_size,0); 1375 } 1368 1376 } 1369 1377 /*@-type@*//* byte* versus char[..] */ … … 1523 1531 unsigned char * p = (unsigned char *) p_in; 1524 1532 1525 while (*p != '\0')1526 { 1527 if (*p == '\\')1533 if (*p != '\0') 1534 { 1535 do 1528 1536 { 1529 escp = (escp == 1) ? 0 : 1; 1530 } 1531 else if ((*p == '\'' || *p == '\"') && escp == 0) 1532 { 1533 retv = S_FALSE; 1534 } 1535 else if (*p > 0x7F) 1536 { 1537 retv = S_FALSE; 1538 } 1539 else 1540 { 1541 escp = 0; 1542 } 1543 ++p; 1544 } 1545 if (escp == 1) 1546 retv = S_FALSE; 1547 return retv; 1537 if (*p <= 0x7F) 1538 { 1539 if (escp == 0) 1540 { 1541 if (!((*p == '\'') || (*p == '\"') || (*p != '\\'))) 1542 /* do nothing */; 1543 else if (*p == '\\') escp = 1; 1544 else retv = S_FALSE; /* (*p == '\'' || *p == '\"') */ 1545 } 1546 else /* escp == 1 */ 1547 { 1548 escp = 0; 1549 } 1550 } 1551 else /* *p > 0x7F */ 1552 { 1553 retv = S_FALSE; 1554 } 1555 1556 ++p; 1557 1558 } 1559 while (*p != '\0'); 1560 } 1561 1562 if (escp == 0) 1563 return retv; 1564 else 1565 return S_FALSE; 1548 1566 } 1549 1567 … … 1580 1598 SL_RETURN (NULL, _("sh_database_parse")); 1581 1599 1582 while (( p != NULL) && (*p != '\0') && (*p != '>'))1600 while ((*p != '\0') && (*p != '>')) 1583 1601 { 1584 1602 if (p[0] == 'l' && p[1] == 'o' && p[2] == 'g' && … … 1631 1649 /* non-whitespace 1632 1650 */ 1633 i = 0;1634 1651 for (i=0; i < 64; ++i) 1635 1652 { 1636 key_str[i] = p[i]; 1637 if (p[i] == '=') 1653 if (p[i] != '=') 1654 { 1655 key_str[i] = p[i]; 1656 } 1657 else 1638 1658 { 1639 1659 key_str[i] = '\0'; … … 1653 1673 { 1654 1674 q = strchr(&p[j+2], '"'); 1655 if (!q) 1656 { 1657 SL_RETURN(NULL, _("sh_database_parse")); 1658 } 1659 else 1675 if (q) 1660 1676 { 1661 1677 *q = '\0'; 1662 1678 1663 if (S_FALSE == is_escaped(&p[j+2])) { 1679 if (S_TRUE == is_escaped(&p[j+2])) { 1680 1681 if (res->val == 1) 1682 (void) sl_strlcpy(db_entry->sev, &p[j+2], 1683 (size_t)res->size); 1684 else if (res->val == 2) 1685 { 1686 z = strchr(&p[j+2], 'T'); 1687 if (z) *z = ' '; 1688 (void) sl_strlcpy(db_entry->time, &p[j+2], 20); 1689 } 1690 else if (res->val == 3) 1691 (void) sl_strlcpy(db_entry->host, &p[j+2], 1692 (size_t) res->size); 1693 else if (res->val == 4) 1694 (void) sl_strlcpy(db_entry->msg, &p[j+2], 1695 (size_t) res->size); 1696 else if (res->size != 0) 1697 { 1698 (void) sl_strlcpy( (((char *)(db_entry))+ res->off), 1699 &p[j+2], 1700 (size_t) res->size); 1701 } 1702 else if (res->val >= START_SEC_LONGS) 1703 { 1704 db_entry->long_data[res->val-START_SEC_LONGS] 1705 = atol(&p[j+2]); 1706 } 1707 1708 *q = '"'; 1709 p = q; 1710 ++p; 1711 1712 goto parse; 1713 } 1714 else { /* S_FALSE == is_escaped(&p[j+2]) */ 1664 1715 sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN, 1665 1716 _("Message not properly escaped"), … … 1667 1718 SL_RETURN(NULL, _("sh_database_parse")); 1668 1719 } 1669 1670 if (res->val == 1) 1671 (void) sl_strlcpy(db_entry->sev, &p[j+2], 1672 (size_t)res->size); 1673 else if (res->val == 2) 1674 { 1675 z = strchr(&p[j+2], 'T'); 1676 if (z) *z = ' '; 1677 (void) sl_strlcpy(db_entry->time, &p[j+2], 20); 1678 } 1679 else if (res->val == 3) 1680 (void) sl_strlcpy(db_entry->host, &p[j+2], 1681 (size_t) res->size); 1682 else if (res->val == 4) 1683 (void) sl_strlcpy(db_entry->msg, &p[j+2], 1684 (size_t) res->size); 1685 else if (res->size != 0) 1686 { 1687 (void) sl_strlcpy( (((char *)(db_entry))+ res->off), 1688 &p[j+2], 1689 (size_t) res->size); 1690 } 1691 else if (res->val >= START_SEC_LONGS) 1692 { 1693 db_entry->long_data[res->val-START_SEC_LONGS] 1694 = atol(&p[j+2]); 1695 } 1696 1697 *q = '"'; 1698 p = q; 1699 ++p; 1700 1701 goto parse; 1720 } 1721 else /* q == NULL */ 1722 { 1723 SL_RETURN(NULL, _("sh_database_parse")); 1702 1724 } 1703 1725 } -
trunk/src/sh_getopt.c
r42 r76 65 65 #endif 66 66 static int sh_getopt_copyright (const char * dummy); 67 static int sh_getopt_version (const char * dummy); 67 68 68 69 static opttable_t op_table[] = { … … 265 266 HAS_ARG_NO, 266 267 sh_getopt_usage }, 268 { N_("version"), 269 'v', 270 N_("Show version and compiled-in options"), 271 HAS_ARG_NO, 272 sh_getopt_version }, 267 273 #if defined(HAVE_LIBPRELUDE) && defined(HAVE_LIBPRELUDE_9) 268 274 /* need to skip over these */ … … 301 307 }; 302 308 309 310 static void sh_getopt_print_log_facilities () 311 { 312 fputs (_("Compiled-in log facilities:"), stdout); 313 314 #ifndef DEFAULT_CONSOLE 315 printf (_(" console (/dev/console)")); 316 #else 317 if (0 == strcmp (DEFAULT_CONSOLE, _("NULL"))) 318 printf (_(" console (/dev/console)")); 319 else 320 printf (_(" console (%s)"), DEFAULT_CONSOLE); 321 #endif 322 fputs (_(", syslog"), stdout); 323 printf (_(", logfile (%s)"), DEFAULT_ERRFILE); 324 325 #if defined(WITH_EXTERNAL) 326 fputs (_(", external program"), stdout); 327 #endif 328 329 #if defined(WITH_MESSAGE_QUEUE) 330 fputs (_(", message queue"), stdout); 331 #endif 332 333 #if defined(WITH_DATABASE) 334 fputs (_(", database"), stdout); 335 #ifdef WITH_ODBC 336 fputs (_(" (odbc)"), stdout); 337 #endif 338 #ifdef WITH_ORACLE 339 fputs (_(" (Oracle)"), stdout); 340 #endif 341 #ifdef WITH_POSTGRES 342 fputs (_(" (PostgreSQL)"), stdout); 343 #endif 344 #ifdef WITH_MYSQL 345 fputs (_(" (MySQL)"), stdout); 346 #endif 347 #endif 348 349 #if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER) 350 fputs (_(", server"), stdout); 351 #endif 352 353 #if defined(SH_WITH_MAIL) 354 fputs (_(", email"), stdout); 355 #endif 356 357 #ifdef HAVE_LIBPRELUDE 358 #ifdef HAVE_LIBPRELUDE_8 359 fputs (_(", prelude (0.8)"), stdout); 360 #else 361 fputs (_(", prelude (0.9+)"), stdout); 362 #endif 363 #endif 364 365 fputc ('\n', stdout); 366 return; 367 } 368 369 static void sh_getopt_print_options () 370 { 371 int num = 0; 372 373 374 #if defined(SH_STANDALONE) 375 if (num > 0) fputc ('\n', stdout); 376 fputs (_("Standalone executable"), stdout); ++num; 377 #endif 378 #if defined(SH_WITH_CLIENT) 379 if (num > 0) fputc ('\n', stdout); 380 printf (_("Client executable (port %d)"), SH_DEFAULT_PORT); ++num; 381 #endif 382 #if defined(SH_WITH_CLIENT) 383 if (num > 0) fputc ('\n', stdout); 384 printf (_("Server executable (port %d, user %s)"), 385 SH_DEFAULT_PORT, DEFAULT_IDENT); 386 ++num; 387 #endif 388 389 fputs (_(", compiled-in options:"), stdout); 390 391 #if defined(HAVE_EGD_RANDOM) 392 if (num > 0) fputc ('\n', stdout); 393 printf (_(" use entropy gathering daemon (%s)"), EGD_SOCKET_NAME); ++num; 394 #endif 395 #if defined(HAVE_UNIX_RANDOM) 396 if (num > 0) fputc ('\n', stdout); 397 fputs (_(" use unix entropy gatherer"), stdout); ++num; 398 #endif 399 #if defined(HAVE_URANDOM) 400 if (num > 0) fputc ('\n', stdout); 401 printf (_(" use entropy device (%s)"), NAME_OF_DEV_RANDOM); ++num; 402 #endif 403 404 #ifdef WITH_GPG 405 if (num > 0) fputc ('\n', stdout); 406 printf (_(" GnuPG signatures (%s)"), DEFAULT_GPG_PATH); ++num; 407 #ifdef HAVE_GPG_CHECKSUM 408 if (num > 0) fputc ('\n', stdout); 409 printf (_(" -- GnuPG checksum: %s"), GPG_HASH); ++num; 410 #endif 411 #ifdef USE_FINGERPRINT 412 if (num > 0) fputc ('\n', stdout); 413 printf (_(" -- Key fingerprint: %s"), SH_GPG_FP); ++num; 414 #endif 415 #endif 416 417 #if defined(SL_DEBUG) 418 if (num > 0) fputc ('\n', stdout); 419 fputs (_(" debug build"), stdout); ++num; 420 #endif 421 #if defined(SCREW_IT_UP) 422 if (num > 0) fputc ('\n', stdout); 423 fputs (_(" anti-debugger"), stdout); ++num; 424 #endif 425 #if defined(SH_USE_XML) 426 if (num > 0) fputc ('\n', stdout); 427 fputs (_(" xml log format"), stdout); ++num; 428 #endif 429 #if defined(HAVE_NTIME) 430 if (num > 0) fputc ('\n', stdout); 431 fputs (_(" use time server"), stdout); ++num; 432 #endif 433 434 #if defined(SH_WITH_CLIENT) || defined(SH_STANDALONE) 435 #if defined(USE_XATTR) 436 if (num > 0) fputc ('\n', stdout); 437 fputs (_(" check SELinux attributes"), stdout); ++num; 438 #endif 439 #if defined(USE_ACL) 440 if (num > 0) fputc ('\n', stdout); 441 fputs (_(" check Posix ACLs"), stdout); ++num; 442 #endif 443 #if defined(RELOAD_DATABASE) 444 if (num > 0) fputc ('\n', stdout); 445 fputs (_(" fetch database on reload"), stdout); ++num; 446 #endif 447 #endif 448 449 #if defined(SH_WITH_SERVER) 450 451 #if !defined(HAVE_GETPEEREID) && !defined(SO_PEERCRED) && !defined(HAVE_STRUCT_CMSGCRED) && !defined(HAVE_STRUCT_FCRED) && !(defined(HAVE_STRUCT_SOCKCRED) && defined(LOCAL_CREDS)) 452 if (num > 0) fputc ('\n', stdout); 453 fputs (_(" command socket authentication: use SetSocketPassword"), stdout); 454 ++num; 455 #else 456 if (num > 0) fputc ('\n', stdout); 457 fputs (_(" command socket authentication: use SetSocketAllowUID"), stdout); 458 ++num; 459 #endif 460 461 #if defined(SH_USE_LIBWRAP) 462 if (num > 0) fputc ('\n', stdout); 463 fputs (_(" support tcp wrapper"), stdout); ++num; 464 #endif 465 #if defined(INET_SYSLOG) 466 if (num > 0) fputc ('\n', stdout); 467 fputs (_(" support listening on 514/udp (syslog)"), stdout); ++num; 468 #endif 469 #endif 470 471 if (num == 0) 472 fputs (_(" none"), stdout); 473 fputc ('\n', stdout); 474 return; 475 } 476 477 static void sh_getopt_print_modules () 478 { 479 #if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) 480 int num = 0; 481 482 fputs (_("Compiled-in modules:"), stdout); 483 #ifdef SH_USE_UTMP 484 if (num > 0) fputc (',', stdout); 485 fputs (_(" login/logout"), stdout); ++num; 486 #endif 487 #ifdef SH_USE_MOUNTS 488 if (num > 0) fputc (',', stdout); 489 fputs (_(" mount options"), stdout); ++num; 490 #endif 491 #ifdef SH_USE_USERFILES 492 if (num > 0) fputc (',', stdout); 493 fputs (_(" userfiles"), stdout); ++num; 494 #endif 495 #ifdef SH_USE_KERN 496 if (num > 0) fputc (',', stdout); 497 fputs (_(" kernel"), stdout); ++num; 498 #endif 499 #ifdef SH_USE_SUIDCHK 500 if (num > 0) fputc (',', stdout); 501 fputs (_(" suid"), stdout); ++num; 502 #endif 503 #ifdef SH_USE_PROCESSCHECK 504 if (num > 0) fputc (',', stdout); 505 fputs (_(" processes"), stdout); ++num; 506 #endif 507 #ifdef SH_USE_PORTCHECK 508 if (num > 0) fputc (',', stdout); 509 fputs (_(" ports"), stdout); ++num; 510 #endif 511 if (num == 0) 512 fputs (_(" none"), stdout); 513 fputc ('\n', stdout); 514 #endif 515 return; 516 } 517 518 static int sh_getopt_version (const char * dummy) 519 { 520 (void) dummy; 521 fprintf (stdout, 522 _("This is samhain (%s), "\ 523 "(c) 1999-2006 Rainer Wichmann (http://la-samhna.de).\n"), 524 VERSION); 525 fprintf (stdout, _("This software comes with ABSOLUTELY NO WARRANTY. ")); 526 fprintf (stdout, _("Use at own risk.\n\n")); 527 528 sh_getopt_print_log_facilities (); 529 sh_getopt_print_modules (); 530 sh_getopt_print_options (); 531 532 _exit (EXIT_SUCCESS); 533 /*@notreached@*/ 534 return 0; /* make compilers happy */ 535 } 303 536 static int sh_getopt_copyright (const char * dummy) 304 537 { 305 538 fprintf (stdout, 306 _("Copyright (C) 1999-200 5Rainer Wichmann"\539 _("Copyright (C) 1999-2006 Rainer Wichmann"\ 307 540 " (http://la-samhna.de).\n\n")); 308 541 … … 378 611 fprintf (stdout, 379 612 _("This is samhain (%s), "\ 380 "(c) 1999-200 5Rainer Wichmann (http://la-samhna.de).\n"),613 "(c) 1999-2006 Rainer Wichmann (http://la-samhna.de).\n"), 381 614 VERSION); 382 615 fprintf (stdout, _("This software comes with ABSOLUTELY NO WARRANTY. ")); -
trunk/src/sh_hash.c
r68 r76 1460 1460 if (sh.flag.update == S_FALSE) 1461 1461 { 1462 if (pushdata_stdout == S_FALSE) 1463 { 1464 pushdata_fd = -1; 1465 if ( SL_ISERROR(pushdata_fd = sl_open_write(file_path('D', 'W'), SL_YESPRIV))) { 1466 SH_FREE(fullpath); 1467 SH_FREE(linkpath); 1468 sh_error_handle((-1), FIL__, __LINE__, pushdata_fd, MSG_E_ACCESS, 1469 geteuid(), file_path('D', 'W')); 1470 SL_RET0(_("sh_hash_pushdata")); 1471 } 1472 if ( SL_ISERROR(status = sl_forward(pushdata_fd))) { 1473 SH_FREE(fullpath); 1474 SH_FREE(linkpath); 1475 sh_error_handle((-1), FIL__, __LINE__, status, MSG_E_SUBGPATH, 1476 _("Fast forward failed"), _("sh_hash_pushdata"), 1477 file_path('D', 'W')); 1478 SL_RET0(_("sh_hash_pushdata")); 1479 } 1462 if (pushdata_stdout == S_FALSE && pushdata_fd == -1) 1463 { 1464 if ( SL_ISERROR(pushdata_fd = sl_open_write(file_path('D', 'W'), SL_YESPRIV))) 1465 { 1466 SH_FREE(fullpath); 1467 SH_FREE(linkpath); 1468 sh_error_handle((-1), FIL__, __LINE__, pushdata_fd, MSG_E_ACCESS, 1469 geteuid(), file_path('D', 'W')); 1470 SL_RET0(_("sh_hash_pushdata")); 1471 } 1472 if ( SL_ISERROR(status = sl_forward(pushdata_fd))) 1473 { 1474 SH_FREE(fullpath); 1475 SH_FREE(linkpath); 1476 sh_error_handle((-1), FIL__, __LINE__, status, MSG_E_SUBGPATH, 1477 _("Fast forward failed"), _("sh_hash_pushdata"), 1478 file_path('D', 'W')); 1479 SL_RET0(_("sh_hash_pushdata")); 1480 } 1480 1481 } 1481 1482 } … … 1726 1727 { 1727 1728 sl_write (pushdata_fd, &p, sizeof(sh_filestore_t)); 1728 sl_write_line (pushdata_fd, fullpath,sl_strlen(fullpath));1729 sl_write_line (pushdata_fd, linkpath,sl_strlen(linkpath));1729 sl_write_line_fast (pushdata_fd, fullpath, sl_strlen(fullpath)); 1730 sl_write_line_fast (pushdata_fd, linkpath, sl_strlen(linkpath)); 1730 1731 if (attr_string) 1731 sl_write_line (pushdata_fd, attr_string,sl_strlen(attr_string));1732 sl_write_line_fast (pushdata_fd, attr_string, sl_strlen(attr_string)); 1732 1733 } else { 1733 1734 fwrite (&p, sizeof(sh_filestore_t), 1, stdout); … … 1742 1743 if ((sh.flag.update != S_TRUE) && (pushdata_stdout == S_FALSE)) 1743 1744 { 1744 sl_close (pushdata_fd); 1745 pushdata_fd = -1; 1745 if (sh.flag.checkSum != SH_CHECK_INIT || (buf == NULL && fileHash == NULL)) 1746 { 1747 sl_close (pushdata_fd); 1748 pushdata_fd = -1; 1749 } 1746 1750 } 1747 1751 … … 3413 3417 return 0; 3414 3418 } 3419 3420 /* Always quote the string, except if it is empty. Qoute quotes by 3421 * doubling them. 3422 */ 3423 char * csv_escape(const char * str) 3424 { 3425 const char * p = str; 3426 const char * q; 3427 3428 size_t size = 0; 3429 size_t flag_quote = 0; 3430 int flag_comma = 0; 3431 char * new; 3432 char * pnew; 3433 3434 if (p) 3435 { 3436 3437 while (*p) 3438 { 3439 if (*p == ',') 3440 flag_comma = 1; 3441 else if (*p == '"') 3442 ++flag_quote; 3443 3444 ++size; ++p; 3445 } 3446 3447 if (sl_ok_adds(size, flag_quote)) 3448 size += flag_quote; /* double each quote */ 3449 else 3450 return NULL; 3451 3452 if (sl_ok_adds(size, 3)) 3453 size += 3; /* two quotes and terminating null */ 3454 else 3455 return NULL; 3456 3457 new = SH_ALLOC(size); 3458 3459 if (flag_quote != 0) 3460 { 3461 new[0] = '"'; 3462 pnew = &new[1]; 3463 q = str; 3464 while (*q) 3465 { 3466 *pnew = *q; 3467 if (*pnew == '"') 3468 { 3469 ++pnew; *pnew = '"'; 3470 } 3471 ++pnew; ++q; 3472 } 3473 *pnew = '"'; ++pnew; 3474 *pnew = '\0'; 3475 } 3476 else 3477 { 3478 if (size > 3) 3479 { 3480 new[0] = '"'; 3481 sl_strlcpy (&new[1], str, size-1); 3482 new[size-2] = '"'; 3483 new[size-1] = '\0'; 3484 } 3485 else 3486 { 3487 new[0] = '\0'; 3488 } 3489 } 3490 3491 return new; 3492 } 3493 return NULL; 3494 } 3495 3496 3415 3497 3416 3498 void sh_hash_list_db_entry_full_detail (sh_file_t * p) 3417 3499 { 3418 3500 char * tmp; 3501 char * esc; 3419 3502 char str[81]; 3420 size_t i;3421 3503 3422 3504 if (ListWithDelimiter == S_TRUE) … … 3464 3546 3465 3547 tmp = sh_util_safe_name(p->fullpath); 3466 printf( _(" %s"), tmp); 3548 if (ListWithDelimiter != S_TRUE) 3549 { 3550 printf( _(" %s"), tmp); 3551 } 3552 else 3553 { 3554 esc = csv_escape(tmp); 3555 printf( _(" %s,"), (esc != NULL) ? esc : _("(null)")); 3556 if (esc) 3557 SH_FREE(esc); 3558 } 3467 3559 SH_FREE(tmp); 3468 if (ListWithDelimiter == S_TRUE)3469 putchar(',');3470 3560 3471 3561 if ('l' == p->theFile.c_mode[0]) 3472 3562 { 3473 3563 tmp = sh_util_safe_name(p->linkpath); 3474 if (ListWithDelimiter == S_TRUE) 3475 printf(_(" %s"), tmp); 3564 if (ListWithDelimiter != S_TRUE) 3565 { 3566 printf(_(" -> %s"), tmp); 3567 } 3476 3568 else 3477 printf(_(" -> %s"), tmp); 3569 { 3570 esc = csv_escape(tmp); 3571 printf( _(" %s,"), (esc != NULL) ? esc : _("(null)")); 3572 if (esc) 3573 SH_FREE(esc); 3574 } 3478 3575 SH_FREE(tmp); 3479 3576 } 3480 if (ListWithDelimiter == S_TRUE)3481 putchar(',');3482 3577 3483 3578 if (p->attr_string) 3484 3579 { 3485 3580 tmp = sh_util_safe_name(p->attr_string); 3486 if (ListWithDelimiter == S_TRUE) { 3487 for (i = 0; i < strlen(tmp); ++i) 3488 if (tmp[i] == ',') tmp[i] = ';'; 3489 } 3581 if (ListWithDelimiter != S_TRUE) 3582 { 3583 printf(_(" %s"), tmp); 3584 } 3585 else 3586 { 3587 esc = csv_escape(tmp); 3588 printf( _(" %s"), (esc != NULL) ? esc : _("(null)")); 3589 if (esc) 3590 SH_FREE(esc); 3591 } 3490 3592 printf(_(" %s"), tmp); 3491 3593 SH_FREE(tmp); -
trunk/src/sh_portcheck.c
r75 r76 40 40 #include <unistd.h> 41 41 42 #define PORTCHK_VERSION "1.0" 43 44 #if defined(TEST_ONLY) || (defined(SH_USE_PORTCHECK) && (defined (SH_WITH_CLIENT) || defined (SH_STANDALONE))) 45 46 42 47 #define PORTMAP 43 48 #include <rpc/rpc.h> … … 48 53 #include <rpc/pmap_prot.h> 49 54 #include <netdb.h> 50 51 #define PORTCHK_VERSION "1.0"52 53 #if defined(TEST_ONLY) || (defined(SH_USE_PORTCHECK) && (defined (SH_WITH_CLIENT) || defined (SH_STANDALONE)))54 55 55 56 56 /* -
trunk/src/sh_processcheck.c
r73 r76 591 591 } 592 592 593 /* FIXME: add open, statvfs, sched_getaffinity 594 */ 593 595 static short sh_processes_check (pid_t pid, short res) 594 596 { -
trunk/src/sh_tiger0.c
r46 r76 331 331 sh.statistics.bytes_hashed += 64; 332 332 ++nblocks; ncount = 0; 333 for (i = 0; i < 56; i += 4) 334 { 335 bbuf[i] = (sh_byte) '\0'; 336 bbuf[i+1] = (sh_byte) '\0'; 337 bbuf[i+2] = (sh_byte) '\0'; 338 bbuf[i+3] = (sh_byte) '\0'; 339 } 340 /* memset(bbuf, 0, 56 ); */ 333 sl_memset(bbuf, 0, 56 ); 341 334 } 342 335 … … 361 354 #endif 362 355 363 for (i = 0; i < 64; i += 4) 364 { 365 bbuf[i] = (sh_byte) '\0'; 366 bbuf[i+1] = (sh_byte) '\0'; 367 bbuf[i+2] = (sh_byte) '\0'; 368 bbuf[i+3] = (sh_byte) '\0'; 369 } 370 371 bptr = buffer; 372 373 memcpy(bptr, bbuf, 64); bptr += 64; 374 memcpy(bptr, bbuf, 64); bptr += 64; 375 memcpy(bptr, buffer, 128); bptr += 128; 376 memcpy(bptr, buffer, 256); bptr += 256; 377 memcpy(bptr, buffer, 512); bptr += 512; 378 memcpy(bptr, buffer, 1024); bptr += 1024; 379 memcpy(bptr, buffer, 2048); bptr += 2048; 380 memcpy(bptr, buffer, 4096); bptr += 4096; 381 memcpy(bptr, buffer, 8192); bptr += 8192; 382 memcpy(bptr, buffer,16384); 356 sl_memset (bbuf, '\0', sizeof(bbuf)); 357 sl_memset (buffer, '\0', sizeof(buffer)); 383 358 384 359 if (what == TIGER_FILE) -
trunk/src/sh_unix.c
r68 r76 3551 3551 SL_ENTER(_("sh_unix_test_and_lock")); 3552 3552 3553 if (filename != NULL)3554 {3555 status = retry_lstat (FIL__, __LINE__, filename, &buf);3556 3557 /* no logfile to lock3558 */3559 if (status < 0)3560 SL_RETURN((-1),_("sh_unix_test_and_lock"));3561 }3562 3563 3553 status = retry_lstat (FIL__, __LINE__, lockfile, &buf); 3564 3554 … … 3573 3563 sh.flag.islocked = GOOD; 3574 3564 SL_RETURN((0),_("sh_unix_test_and_lock")); 3565 } 3566 else 3567 { 3568 sh_error_handle ((-1), FIL__, __LINE__, status, 3569 MSG_E_SUBGEN, 3570 (filename == NULL) ? _("Cannot create PID file") : _("Cannot create lock file"), 3571 _("sh_unix_test_and_lock")); 3572 SL_RETURN((-1),_("sh_unix_test_and_lock")); 3575 3573 } 3576 3574 } … … 3590 3588 else 3591 3589 { 3592 3593 3594 3595 3590 sh_error_handle ((-1), FIL__, __LINE__, status, 3591 MSG_E_SUBGEN, 3592 (filename == NULL) ? _("Cannot create PID file") : _("Cannot create lock file"), 3593 _("sh_unix_test_and_lock")); 3596 3594 SL_RETURN((-1),_("sh_unix_test_and_lock")); 3597 3595 } … … 3617 3615 /* read the PID in the lock file 3618 3616 */ 3619 status = sh_unix_getline (fd, line_in, sizeof(line_in)); 3617 status = sl_read (fd, line_in, sizeof(line_in)); 3618 line_in[sizeof(line_in)-1] = '\0'; 3620 3619 3621 3620 /* convert to numeric … … 3797 3796 int sh_unix_lock (char * lockfile, char * flag) 3798 3797 { 3799 struct stat buf;3800 int status;3801 3798 int filed; 3802 3799 int errnum; … … 3805 3802 extern int get_the_fd (SL_TICKET ticket); 3806 3803 3807 3808 status = retry_lstat (FIL__, __LINE__, lockfile, &buf);3809 3810 3804 SL_ENTER(_("sh_unix_lock")); 3811 3805 3812 if (0 == status)3813 {3814 if (flag != NULL)3815 sh.flag.islocked = BAD;3816 SL_RETURN((-1),_("sh_unix_lock"));3817 }3818 3819 3806 sprintf (myPid, "%ld\n", (long) getpid()); /* known to fit */ 3820 3807 3821 fd = sl_open_ write (lockfile, SL_YESPRIV);3808 fd = sl_open_safe_rdwr (lockfile, SL_YESPRIV); /* fails if file exists */ 3822 3809 3823 3810 if (!SL_ISERROR(fd)) -
trunk/src/sh_utils.c
r68 r76 268 268 return out; 269 269 } 270 270 271 272 char * sh_util_strdup_l (const char * str, size_t len) 273 { 274 char * p = NULL; 275 276 SL_ENTER(_("sh_util_strdup_l")); 277 278 SH_VALIDATE_NE(str, NULL); 279 SH_VALIDATE_NE(len, 0); 280 281 if (sl_ok_adds (len, 1)) 282 { 283 p = SH_ALLOC (len + 1); 284 (void) sl_strlcpy (p, str, len+1); 285 } 286 else 287 { 288 safe_fatal(_("integer overflow in sh_util_strdup_l"), FIL__, __LINE__); 289 } 290 SL_RETURN( p, _("sh_util_strdup_l")); 291 } 292 271 293 char * sh_util_strdup (const char * str) 272 294 { … … 1413 1435 1414 1436 static unsigned char sh_obscure_index[256]; 1437 static int sh_obscure_no_check = S_FALSE; 1415 1438 1416 1439 int sh_util_valid_utf8 (const unsigned char * str) 1417 1440 { 1441 const int sh_val_utf8_1 = 1; 1442 const int sh_val_utf8_2 = 2; 1443 const int sh_val_utf8_3 = 3; 1444 const int sh_val_utf8_4 = 4; 1445 1418 1446 size_t len = strlen((char *)str); 1419 1447 size_t l = 0; 1420 unsigned char c; 1448 int typ = 0; 1449 unsigned char c = '\0'; 1450 unsigned char c2[2] = { 0x00, 0x00 }; 1451 unsigned char c3[3] = { 0x00, 0x00, 0x00 }; 1452 1421 1453 1422 1454 #define SH_VAL_UTF8_1 ((c != '\0') && ((c & 0x80) == 0x00)) … … 1425 1457 #define SH_VAL_UTF8_4 ((c != '\0') && ((c & 0xF8) == 0xF0)) /* 1111 0xxx */ 1426 1458 #define SH_VAL_UTF8_N ((c != '\0') && ((c & 0xC0) == 0x80)) /* 10xx xxxx */ 1427 #define SH_VAL_BAD ((c == '"') || (c == '\t') || (c == '\b') || (c == '\f') || (c == '\n') || \ 1459 #define SH_VAL_BAD ((c == '"') || (c == '\t') || (c == '\b') || \ 1460 (c == '\f') || (c == '\n') || \ 1428 1461 (c == '\r') || (c == '\v') || iscntrl((int) c) || \ 1429 1462 (c != ' ' && !isgraph ((int) c))) … … 1435 1468 if (SH_VAL_UTF8_1) 1436 1469 { 1437 if (SH_VAL_BAD && (sh_obscure_index[c] != 1)) return S_FALSE; 1438 ++l; continue; /* ASCII character */ 1470 if (!(SH_VAL_BAD && (sh_obscure_index[c] != 1))) 1471 { 1472 typ = sh_val_utf8_1; 1473 ++l; continue; 1474 } 1475 else 1476 { 1477 return S_FALSE; 1478 } 1439 1479 } 1440 1480 else if (SH_VAL_UTF8_2) 1441 1481 { 1442 if ((c & 0x3e) == 0x00) 1443 return S_FALSE; /* overlong 2-byte seq. */ 1444 ++l; if (l == len) return S_FALSE; c = str[l]; 1445 if(!SH_VAL_UTF8_N) return S_FALSE; 1446 ++l; continue; 1447 1482 typ = sh_val_utf8_2; 1483 c2[0] = c; 1484 if ((c & 0x3e) != 0x00) /* !(overlong 2-byte seq.) */ 1485 { 1486 ++l; 1487 if (l != len) { 1488 c = str[l]; 1489 if(SH_VAL_UTF8_N) { 1490 c2[1] = c; 1491 ++l; continue; 1492 } 1493 else { 1494 return S_FALSE; 1495 } 1496 } 1497 else { 1498 return S_FALSE; 1499 } 1500 } 1501 else 1502 { 1503 return S_FALSE; /* overlong 2-byte seq. */ 1504 } 1448 1505 } 1449 1506 else if (SH_VAL_UTF8_3) 1450 1507 { 1508 typ = sh_val_utf8_3; 1509 c3[0] = c; 1451 1510 ++l; if (l == len) return S_FALSE; c = str[l]; 1452 1511 if(!SH_VAL_UTF8_N) return S_FALSE; 1453 1512 if (((str[l-1] & 0x1F) == 0x00) && ((c & 0x60) == 0x00)) 1454 1513 return S_FALSE; /* overlong 3-byte seq. */ 1514 c3[1] = c; 1455 1515 ++l; if (l == len) return S_FALSE; c = str[l]; 1456 1516 if(!SH_VAL_UTF8_N) return S_FALSE; 1517 c3[2] = c; 1457 1518 ++l; continue; 1458 1519 } 1459 1520 else if (SH_VAL_UTF8_4) 1460 1521 { 1522 typ = sh_val_utf8_4; 1461 1523 ++l; if (l == len) return S_FALSE; c = str[l]; 1462 1524 if(!SH_VAL_UTF8_N) return S_FALSE; … … 1471 1533 return S_FALSE; 1472 1534 } 1473 return S_TRUE; 1535 1536 /* last character is invisible (space or else) 1537 */ 1538 if (typ == sh_val_utf8_1) 1539 { 1540 if (c != ' ') 1541 return S_TRUE; 1542 else 1543 return S_FALSE; 1544 } 1545 else if (typ == sh_val_utf8_2) 1546 { 1547 if (c2[0] == 0xC2 && c2[1] == 0xA0) /* nbsp */ 1548 return S_FALSE; 1549 else 1550 return S_TRUE; 1551 } 1552 else if (typ == sh_val_utf8_3) 1553 { 1554 if (c3[0] == 0xE2) 1555 { 1556 if (c3[1] == 0x80 && c3[2] >= 0x80 && c3[2] <= 0x8F) 1557 return S_FALSE; /* various spaces, left-to-right, right-to-left */ 1558 else if (c3[1] == 0x80 && (c3[2] == 0xA8 || c3[2] == 0xA9 || 1559 c3[2] == 0xAD || c3[2] == 0xAF)) 1560 return S_FALSE; /* line sep, para sep, zw word joiner, nnbsp */ 1561 else if (c3[1] == 0x81 && (c3[2] == 0xA0 || c3[2] == 0xA1 || 1562 c3[2] == 0x9F)) 1563 return S_FALSE; /* word joiner, function app, math space */ 1564 else 1565 return S_TRUE; 1566 } 1567 else if (c3[0] == 0xE3 && c3[1] == 0x80 && c3[2] == 0x80) 1568 { 1569 return S_FALSE; /* ideographic space */ 1570 } 1571 else if (c3[0] == 0xEF && c3[1] == 0xBB && c3[2] == 0xBF) 1572 { 1573 return S_FALSE; /* zwnbsp */ 1574 } 1575 else 1576 { 1577 return S_TRUE; 1578 } 1579 } 1580 else 1581 { 1582 return S_TRUE; 1583 } 1474 1584 } 1475 1585 … … 1488 1598 sh_obscure_index[i] = (unsigned char)1; 1489 1599 } 1600 sh_obscure_no_check = S_TRUE; 1490 1601 SL_RETURN(0, _("sh_util_obscure_ok")); 1491 1602 } 1603 1604 sh_obscure_no_check = S_FALSE; 1492 1605 1493 1606 for (i = 0; i < 255; ++i) … … 1526 1639 SL_ENTER(_("sh_util_obscure_utf8")); 1527 1640 i = sh_util_flagval(c, &(sh_obscure_check_utf8)); 1528 1641 if (sh_obscure_check_utf8 == S_TRUE) 1642 sh_obscure_no_check = S_FALSE; 1529 1643 SL_RETURN(i, _("sh_util_obscure_utf8")); 1530 1644 } … … 1536 1650 char * safe; 1537 1651 unsigned int i; 1652 size_t len = 0; 1538 1653 1539 1654 SL_ENTER(_("sh_util_obscurename")); … … 1541 1656 ASSERT_RET((name != NULL), _("name != NULL"), (0)) 1542 1657 1543 if (sh_obscure_check_utf8 == S_TRUE) 1544 { 1545 if (S_FALSE == sh_util_valid_utf8(name)) 1546 { 1547 goto err; 1548 } 1549 SL_RETURN((0),_("sh_util_obscurename")); 1550 } 1551 1552 /* -- Check name. -- 1553 */ 1554 while (*name != '\0') 1555 { 1556 if ( (*name) > 0x7F || (*name) == '"' || (*name) == '\t' || 1557 (*name) == '\b' || (*name) == '\f' || 1558 (*name) == '\n' || (*name) == '\r' || 1559 (*name) == '\v' || iscntrl((int) *name) || 1560 ((*name) != ' ' && !isgraph ((int) *name)) ) 1561 { 1562 i = (unsigned char) *name; 1563 if (sh_obscure_index[i] != (unsigned char)1) 1658 if (sh_obscure_no_check == S_FALSE) 1659 { 1660 if (sh_obscure_check_utf8 != S_TRUE) 1661 { 1662 /* -- Check name. -- 1663 */ 1664 while (*name != '\0') 1665 { 1666 if ( (*name) > 0x7F || (*name) == '"' || (*name) == '\t' || 1667 (*name) == '\b' || (*name) == '\f' || 1668 (*name) == '\n' || (*name) == '\r' || 1669 (*name) == '\v' || iscntrl((int) *name) || 1670 ((*name) != ' ' && !isgraph ((int) *name)) ) 1671 { 1672 i = (unsigned char) *name; 1673 if (sh_obscure_index[i] != (unsigned char)1) 1674 { 1675 goto err; 1676 } 1677 } 1678 name++; ++len; 1679 } 1680 1681 /* Check for blank at end of name 1682 */ 1683 if ((len > 0) && (name_orig[len-1] == ' ')) 1564 1684 { 1565 1685 goto err; 1566 1686 } 1567 1687 } 1568 name++; 1569 } 1570 1688 else 1689 { 1690 if (S_FALSE == sh_util_valid_utf8(name)) 1691 { 1692 goto err; 1693 } 1694 SL_RETURN((0),_("sh_util_obscurename")); 1695 } 1696 } 1697 1571 1698 SL_RETURN((0),_("sh_util_obscurename")); 1572 1699 1573 1700 err: 1574 1701 1575 1702 if (flag == S_TRUE) 1576 1703 { … … 1822 1949 } 1823 1950 1824 char * sh_util_strconcat (const char * arg1, ...) 1951 char * sh_util_strconcat (const char * arg1, ...) 1825 1952 { 1826 1953 size_t length, l2; -
trunk/src/slib.c
r34 r76 48 48 #define FD_ZERO(p) memset((char *)(p), '\0', sizeof(*(p))) 49 49 #endif 50 51 #define SH_REAL_SET 50 52 51 53 #include "slib.h" … … 566 568 567 569 /* 568 * A memset that does not get optimized away 570 * Have memset in a different translation unit (i.e. this) to prevent 571 * it to get optimized away 569 572 */ 570 573 void *sl_memset(void *s, int c, size_t n) 571 574 { 572 volatile char *p = (char *) s; 573 574 if (s != NULL) 575 { 576 while (n--) 577 *p++ = c; 578 } 579 return s; 575 return memset(s, c,n); 580 576 } 581 577 … … 870 866 register const char * q; 871 867 872 if ( dst == NULL)873 return SL_ENONE;874 if (src == NULL || *src == '\0')875 return SL_ENONE; 876 877 if (siz > 0) { 878 879 /* How much free space do we have ? 880 */ 881 dst_end = strlen(dst); 882 dst_free = siz - dst_end - 1;883 884 p = &dst[dst_end]; 885 q = src; 886 887 while (dst_free > 0 && *q != '\0') 888 { 889 *p++ = *q++;890 --dst_free;891 } 892 893 /* NULL terminate dst. 894 */ 895 *p = '\0'; 896 897 if (*q != '\0') 898 899 900 868 if (!(dst == NULL || src == NULL || *src == '\0')) 869 { 870 if (siz > 0) 871 { 872 873 /* How much free space do we have ? 874 */ 875 dst_end = strlen(dst); 876 dst_free = siz - dst_end - 1; 877 878 p = &dst[dst_end]; 879 q = src; 880 881 while (dst_free > 0 && *q != '\0') 882 { 883 *p++ = *q++; 884 --dst_free; 885 } 886 887 /* NULL terminate dst. 888 */ 889 *p = '\0'; 890 891 if (*q == '\0') 892 return SL_ENONE; 893 else 894 return SL_ETRUNC; 895 } 896 } 901 897 return SL_ENONE; 902 898 } … … 917 913 /* SL_ENTER(_("sl_strlcpy")); */ 918 914 919 if (dst == NULL) 920 return SL_ENULL; 921 if (src == NULL) 922 { 915 if (!((dst == NULL) || (src == NULL))) 916 { 917 if (siz > 0) { 918 /* copy siz-1 characters 919 */ 920 (void) strncpy(dst, src, siz-1); 921 922 /* NULL terminate 923 */ 924 dst[siz-1] = '\0'; 925 } 926 return SL_ENONE; 927 } 928 else if (src == NULL) 929 { 923 930 if (siz > 0) 924 931 dst[0] = '\0'; 925 932 return SL_ENONE; 926 933 } 927 928 929 if (siz > 0) { 930 /* copy siz-1 characters 931 */ 932 (void) strncpy(dst, src, siz-1); 933 934 /* NULL terminate 935 */ 936 dst[siz-1] = '\0'; 937 } 938 return SL_ENONE; 934 else 935 { 936 return SL_ENULL; 937 } 939 938 } 940 939 … … 1574 1573 } 1575 1574 1576 SL_TICKET sl_make_ticket (int fd, c har * filename)1575 SL_TICKET sl_make_ticket (int fd, const char * filename) 1577 1576 { 1578 1577 size_t len; … … 2376 2375 } 2377 2376 2377 int sl_write_line_fast (SL_TICKET ticket, void * msg, long nbytes) 2378 { 2379 int status; 2380 char * p = (char *) msg; 2381 2382 SL_ENTER(_("sl_write_line_fast")); 2383 2384 /* Here nbytes is strlen(msg), so p[nbytes] is the terminating '\0' 2385 * Overwrite the terminator, write out, then write back the terminator. 2386 */ 2387 p[nbytes] = '\n'; 2388 status = sl_write(ticket, msg, nbytes+1); 2389 p[nbytes] = '\0'; 2390 2391 SL_IRETURN(status, _("sl_write_line_fast")); 2392 } 2393 2378 2394 2379 2395 /* ---------------------------------------------------------------- … … 2389 2405 extern char tf_path[MAXFILENAME]; /* Error path for trust function. */ 2390 2406 extern uid_t tf_euid; /* Space for EUID of process. */ 2391 2392 2407 2393 2408 char * sl_error_string(int errorcode) … … 2490 2505 } 2491 2506 2507 #include "sh_mem.h" 2508 extern char * sh_util_strdup (const char * str); 2509 2510 struct sl_trustfile_store { 2511 char * filename; 2512 uid_t teuid; 2513 struct sl_trustfile_store * next; 2514 }; 2515 2516 static struct sl_trustfile_store * sl_trusted_files = NULL; 2517 2518 void sl_add_trusted_file(char * filename, uid_t teuid) 2519 { 2520 struct sl_trustfile_store *new = SH_ALLOC(sizeof(struct sl_trustfile_store)); 2521 2522 new->filename = sh_util_strdup (filename); 2523 new->teuid = teuid; 2524 new->next = sl_trusted_files; 2525 2526 sl_trusted_files = new; 2527 return; 2528 } 2529 2530 char * sl_check_trusted_file(char * filename, uid_t teuid) 2531 { 2532 struct sl_trustfile_store *new = sl_trusted_files; 2533 2534 while (new) 2535 { 2536 if ((new->teuid == teuid) && (0 == strcmp(new->filename, filename))) 2537 return filename; 2538 new = new->next; 2539 } 2540 2541 return NULL; 2542 } 2543 2544 void sl_clear_trusted_file(struct sl_trustfile_store * file) 2545 { 2546 if (file) 2547 { 2548 if (file->next != NULL) 2549 sl_clear_trusted_file(file->next); 2550 SH_FREE(file->filename); 2551 SH_FREE(file); 2552 } 2553 return; 2554 } 2555 2492 2556 int sl_trustfile_euid(char * filename, uid_t teuid) 2493 2557 { 2494 long status; 2558 long status; 2559 static time_t old = 0; 2560 static time_t now; 2561 2495 2562 SL_ENTER(_("sl_trustfile_euid")); 2496 2563 … … 2499 2566 SL_IRETURN(SL_EBADNAME, _("sl_trustfile_euid")); 2500 2567 2568 now = time(NULL); 2569 if (now < (old + 300)) 2570 { 2571 if (NULL != sl_check_trusted_file(filename, teuid)) 2572 { 2573 sl_strlcpy(tf_path, filename, sizeof(tf_path)); 2574 SL_IRETURN(SL_ENONE, _("sl_trustfile_euid")); 2575 } 2576 } 2577 else 2578 { 2579 sl_clear_trusted_file(sl_trusted_files); 2580 sl_trusted_files = NULL; 2581 old = now; 2582 } 2583 2501 2584 tf_euid = teuid; 2502 2585 status = sl_trustfile(filename, NULL, NULL); 2586 if (status == SL_ENONE) 2587 sl_add_trusted_file(filename, teuid); 2503 2588 SL_IRETURN(status, _("sl_trustfile_euid")); 2504 2589 } -
trunk/src/trustfile.c
r1 r76 687 687 if (retry_lstat(FIL__, __LINE__, fexp, &stbuf) < 0) 688 688 { 689 (void) strcpy(tf_path, fexp); /* known to fit */ 689 (void) strncpy(tf_path, fexp, sizeof(tf_path)); 690 tf_path[sizeof(tf_path)-1] = '\0'; 690 691 #ifdef TRUST_MAIN 691 692 fprintf(stderr, "---------------------------------------------\n"); 692 fprintf(stderr, "trustfile: ESTAT: stat(%s) failed, maybe the file does not exist\n",693 fexp);693 fprintf(stderr, "trustfile: ESTAT: stat(%s) failed,\n", fexp); 694 fprintf(stderr, "maybe the file does not exist\n"); 694 695 fprintf(stderr, "---------------------------------------------\n"); 695 696 #endif … … 781 782 /* yes -- error 782 783 */ 783 (void) strcpy(tf_path, fexp); /* known to fit */ 784 (void) strncpy(tf_path, fexp, sizeof(tf_path)); 785 tf_path[sizeof(tf_path)-1] = '\0'; 784 786 #ifdef TRUST_MAIN 785 787 fprintf(stderr, "---------------------------------------------\n"); … … 850 852 fprintf(stderr, "---------------------------------------------\n"); 851 853 #endif 852 (void) strcpy(tf_path, fexp); /* known to fit */ 854 (void) strncpy(tf_path, fexp, sizeof(tf_path)); 855 tf_path[sizeof(tf_path)-1] = '\0'; 856 853 857 tf_baduid = (uid_t) stbuf.st_uid; 854 858 SL_IRETURN(SL_EBADUID, _("sl_trustfile")); … … 887 891 fprintf(stderr, "---------------------------------------------\n"); 888 892 #endif 889 (void) strcpy(tf_path, fexp); /* known to fit */ 893 (void) strncpy(tf_path, fexp, sizeof(tf_path)); 894 tf_path[sizeof(tf_path)-1] = '\0'; 895 890 896 tf_badgid = (gid_t) stbuf.st_gid; 891 897 SL_IRETURN(SL_EBADGID, _("sl_trustfile")); … … 909 915 fprintf(stderr, "---------------------------------------------\n"); 910 916 #endif 911 (void) strcpy(tf_path, fexp); /* known to fit */ 917 (void) strncpy(tf_path, fexp, sizeof(tf_path)); 918 tf_path[sizeof(tf_path)-1] = '\0'; 919 912 920 SL_IRETURN(SL_EBADOTH, _("sl_trustfile")); 913 921 } … … 932 940 * yes, it can be trusted 933 941 */ 934 (void) strcpy(tf_path, fexp); /* known to fit */ 942 (void) strncpy(tf_path, fexp, sizeof(tf_path)); 943 tf_path[sizeof(tf_path)-1] = '\0'; 944 935 945 SL_IRETURN(SL_ENONE, _("sl_trustfile")); 936 946 }
Note:
See TracChangeset
for help on using the changeset viewer.
