[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Fw: bad snprintf in net/dctc
- To: ports@openbsd.org
- Subject: Fw: bad snprintf in net/dctc
- From: Anil Madhavapeddy <anil@recoil.org>
- Date: Sat, 30 Aug 2003 22:14:19 +0100
- Content-Disposition: inline
- User-Agent: Mutt/1.4.1i
Anyone got any comments on this patch?
----- Forwarded message from Anil Madhavapeddy <anil@recoil.org> -----
From: Anil Madhavapeddy <anil@recoil.org>
Date: Fri, 29 Aug 2003 16:56:08 +0100
To: naddy@openbsd.org, nino@openbsd.org
Subject: bad snprintf in net/dctc
looks like we introduced this with the snprintf security patches to
the port. this changes the sizeof(pointer) to a length argument.
Index: patches/patch-src_db_c
===================================================================
RCS file: /cvs/ports/net/dctc/patches/patch-src_db_c,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 patch-src_db_c
--- patches/patch-src_db_c 31 Jan 2002 12:21:54 -0000 1.1.1.1
+++ patches/patch-src_db_c 29 Aug 2003 15:53:06 -0000
@@ -1,6 +1,6 @@
$OpenBSD: patch-src_db_c,v 1.1.1.1 2002/01/31 12:21:54 naddy Exp $
---- src/db.c.orig Sat Jan 26 09:05:21 2002
-+++ src/db.c Mon Jan 28 12:12:27 2002
+--- src/db.c.orig 2002-01-26 03:05:21.000000000 -0500
++++ src/db.c 2003-08-29 11:47:53.000000000 -0400
@@ -45,7 +45,7 @@
/* list of shared directories */
/******************************/
@@ -56,14 +56,15 @@
if(shared_dirs!=NULL)
{
- for(i=0;i<shared_dirs->len;i++)
-+ lvl = 0;
-+ li = shared_dirs;
-+ while( li != NULL )
- {
+- {
- int lvl=0;
- add_initial_dir_to_ls(&ls_format,&lvl,g_ptr_array_index(shared_dirs,i));
-
- new_shared=rebuild_dir_database(new_shared,&sod,g_ptr_array_index(shared_dirs,i),&ls_format,lvl);
++ lvl = 0;
++ li = shared_dirs;
++ while( li != NULL )
++ {
+ nextdir = li->data;
+ if(prevdir)
+ nextdir = get_level_for_next_dir(prevdir, nextdir, &lvl );
@@ -151,3 +152,12 @@
}
}
G_UNLOCK(shared_dirs);
+@@ -743,7 +777,7 @@ static void send_a_db_result(int output_
+ else
+ {
+ char strmd5[512];
+- md5tostr(md5sum,strmd5);
++ md5tostr(md5sum,strmd5,sizeof strmd5);
+ g_string_sprintfa(str,"$SR %s %s\005%lu.%s %d/%d\005%s (%s)",
+ nickname,adapted->str,de->filesize,strmd5,
+ (dl_on?free_dl_slot:0), ttl_dl_slot,
Index: patches/patch-src_keyboard_c
===================================================================
RCS file: /cvs/ports/net/dctc/patches/patch-src_keyboard_c,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 patch-src_keyboard_c
--- patches/patch-src_keyboard_c 31 Jan 2002 12:21:54 -0000 1.1.1.1
+++ patches/patch-src_keyboard_c 29 Aug 2003 15:53:06 -0000
@@ -1,6 +1,6 @@
$OpenBSD: patch-src_keyboard_c,v 1.1.1.1 2002/01/31 12:21:54 naddy Exp $
---- src/keyboard.c.orig Wed Jan 23 15:06:08 2002
-+++ src/keyboard.c Mon Jan 28 16:57:20 2002
+--- src/keyboard.c.orig 2002-01-23 09:06:08.000000000 -0500
++++ src/keyboard.c 2003-08-29 11:47:24.000000000 -0400
@@ -32,6 +32,7 @@
#include <sys/socket.h>
#include <sys/param.h>
@@ -27,6 +27,24 @@
send_dc_line(sck,"$ConnectToMe",fields[2],tmp,NULL);
disp_msg(DEBUG_MSG,"","/XDL in $ConnectToMe",NULL);
}
+@@ -603,7 +604,7 @@ static void keyb_do_csearch(const char *
+ if(!md5sum_of_file(pattern,md5sum))
+ {
+ char txt_md[3*MD5SUMLEN+1];
+- md5tostr(md5sum,txt_md);
++ md5tostr(md5sum,txt_md,sizeof txt_md);
+ g_string_sprintfa(query,".%s",txt_md);
+
+ /* add a tos entry for this search */
+@@ -618,7 +619,7 @@ static void keyb_do_csearch(const char *
+ if(!md5sum_of_file(pattern,md5sum))
+ {
+ char txt_md[3*MD5SUMLEN+1];
+- md5tostr(md5sum,txt_md);
++ md5tostr(md5sum,txt_md,sizeof txt_md);
+ g_string_sprintfa(query,".%s",txt_md);
+
+ /* add a tos entry for this search */
@@ -903,7 +904,7 @@ static void keyb_do_xfer(const char *cmd
if(nw==NULL)
continue;
Index: patches/patch-src_md_c
===================================================================
RCS file: /cvs/ports/net/dctc/patches/patch-src_md_c,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 patch-src_md_c
--- patches/patch-src_md_c 31 Jan 2002 12:21:54 -0000 1.1.1.1
+++ patches/patch-src_md_c 29 Aug 2003 15:53:06 -0000
@@ -1,12 +1,19 @@
$OpenBSD: patch-src_md_c,v 1.1.1.1 2002/01/31 12:21:54 naddy Exp $
---- src/md.c.orig Mon Jan 28 17:00:06 2002
-+++ src/md.c Mon Jan 28 17:00:51 2002
-@@ -222,7 +222,7 @@ void md5tostr(const unsigned char md5sum
+--- src/md.c.orig 2002-01-05 03:47:34.000000000 -0500
++++ src/md.c 2003-08-29 11:46:55.000000000 -0400
+@@ -216,13 +216,13 @@ void md5_process_block (const void *buff
+ /****************************************************/
+ /* convert the given md5sum into a printable string */
+ /****************************************************/
+-void md5tostr(const unsigned char md5sum[MD5SUMLEN],char str[3*MD5SUMLEN+1])
++void md5tostr(const unsigned char md5sum[MD5SUMLEN],char str[3*MD5SUMLEN+1], size_t len)
+ {
+ int i;
for(i=0;i<MD5SUMLEN;i++)
{
unsigned int v=md5sum[i];
- sprintf(str+3*i,"%1u%1u%1u",v/100,(v%100)/10,v%10);
-+ snprintf(str+3*i,sizeof(str),"%1u%1u%1u",v/100,(v%100)/10,v%10);
++ snprintf(str+3*i,len,"%1u%1u%1u",v/100,(v%100)/10,v%10);
}
}
Index: patches/patch-src_md_h
===================================================================
RCS file: patches/patch-src_md_h
diff -N patches/patch-src_md_h
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_md_h 29 Aug 2003 15:53:06 -0000
@@ -0,0 +1,12 @@
+$OpenBSD$
+--- src/md.h.orig 2003-08-29 11:48:07.000000000 -0400
++++ src/md.h 2003-08-29 11:48:19.000000000 -0400
+@@ -22,7 +22,7 @@ void md5_process_block (const void *buff
+ /****************************************************/
+ /* convert the given md5sum into a printable string */
+ /****************************************************/
+-void md5tostr(const unsigned char md5sum[MD5SUMLEN],char str[3*MD5SUMLEN+1]);
++void md5tostr(const unsigned char md5sum[MD5SUMLEN],char str[3*MD5SUMLEN+1], size_t len);
+
+ /****************************************/
+ /* convert the given string into md5sum */