March 2006 - 389-commits - Fedora Mailing-Lists

[Fedora-directory-commits] adminserver/lib/libsi18n getlang.c, 1.4, 1.5 getstrprop.c, 1.3, 1.4 makstrdb.c, 1.3, 1.4 propset.c, 1.3, 1.4 txtfile.c, 1.3, 1.4

by Doctor Conrad

Author: rmeggins Update of /cvs/dirsec/adminserver/lib/libsi18n In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28761/adminserver/lib/libsi18n Modified Files: getlang.c getstrprop.c makstrdb.c propset.c txtfile.c Log Message: Bug(s) fixed: 186280 Bug Description: adminserver: Close potential security vulnerabilities in CGI code Reviewed by: Rob, Pete, Nathan, Noriko (Thanks!) Fix Description: Most of this just involves making sure that we use PR_snprintf/PL_strncpyz/PL_strcatn where able, or just making sure we use snprintf/strncpy/strncat correctly and null terminate the buffers. I also got rid of some dead code, unused variables, and the like. There are a few cases that are more complex that I have specified below. In some cases I had to change the function signature to add a size parameter in cases where the function was copying to a given char * and the size was assumed (in most cases this was safe but it's still dangerous). Platforms tested: Fedora Core 5 Flag Day: no Doc impact: no Index: getlang.c =================================================================== RCS file: /cvs/dirsec/adminserver/lib/libsi18n/getlang.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- getlang.c 18 Aug 2005 19:20:24 -0000 1.4 +++ getlang.c 31 Mar 2006 22:58:34 -0000 1.5 @@ -75,16 +75,22 @@ { switch(type) { case CLIENT_LANGUAGE: - if (language) - strcpy(client_language, language); + if (language) { + strncpy(client_language, language, sizeof(client_language)); + client_language[sizeof(client_language)-1] = 0; + } break; case ADMIN_LANGUAGE: - if (language) - strcpy(admin_language, language); + if (language) { + strncpy(admin_language, language, sizeof(admin_language)); + admin_language[sizeof(admin_language)-1] = 0; + } break; case DEFAULT_LANGUAGE: - if (language) - strcpy(default_language, language); + if (language) { + strncpy(default_language, language, sizeof(default_language)); + default_language[sizeof(default_language)-1] = 0; + } break; } return ; @@ -125,7 +131,7 @@ NSAPI_PUBLIC int -GetFileForLanguage(char* filePath,char* language,char* existingFilePath) +GetFileForLanguage(char* filePath,char* language,char* existingFilePath,size_t existingSize) { /* Input: filePath,language * filePath is of the form "/xxx/xxx/$$LANGDIR/xxx/xxx/filename" @@ -212,7 +218,8 @@ /* Try: /path/language/filename.ext */ if (pattern) { - strcpy(existingFilePath,filePath); + strncpy(existingFilePath,filePath, existingSize); + existingFilePath[existingSize-1] = 0; strReplace(existingFilePath,"$$LANGDIR",acceptLanguageList[iLang]); if (stat(existingFilePath,&info)==0) { @@ -228,14 +235,16 @@ /* Try: /path/filename_language.ext */ { - strcpy(existingFilePath,filePath); + strncpy(existingFilePath,filePath, existingSize); + existingFilePath[existingSize-1] = 0; strReplace(existingFilePath,"$$LANGDIR/",emptyString); pDot = strrchr(existingFilePath,'.'); pSlash = strrchr(existingFilePath,'/'); if (pSlash>=pDot) { pDot = strchr(existingFilePath,'\0'); } - sprintf(lang_modifier,"%c%s",LANG_DELIMIT,acceptLanguageList[iLang]); + snprintf(lang_modifier,sizeof(lang_modifier),"%c%s",LANG_DELIMIT,acceptLanguageList[iLang]); + lang_modifier[sizeof(lang_modifier)-1] = 0; strReplace(pDot,emptyString,lang_modifier); if (stat(existingFilePath,&info)==0) { Index: getstrprop.c =================================================================== RCS file: /cvs/dirsec/adminserver/lib/libsi18n/getstrprop.c,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- getstrprop.c 18 Aug 2005 19:20:24 -0000 1.3 +++ getstrprop.c 31 Mar 2006 22:58:34 -0000 1.4 @@ -154,7 +154,6 @@ #if 0 #include "base/crit.h" #include "base/systhr.h" -static char pathDB[100] = "\0"; static int Initialized = 0; #ifdef XP_UNIX Index: makstrdb.c =================================================================== RCS file: /cvs/dirsec/adminserver/lib/libsi18n/makstrdb.c,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- makstrdb.c 18 Aug 2005 19:20:24 -0000 1.3 +++ makstrdb.c 31 Mar 2006 22:58:34 -0000 1.4 @@ -117,7 +117,6 @@ char* cptr; RESOURCE_TABLE* table; NSRESHANDLE hresdb; - char DBTlibraryName[128]; /* Creating database */ hresdb = NSResCreateTable(DATABASE_NAME, NULL); Index: propset.c =================================================================== RCS file: /cvs/dirsec/adminserver/lib/libsi18n/propset.c,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- propset.c 18 Aug 2005 19:20:24 -0000 1.3 +++ propset.c 31 Mar 2006 22:58:34 -0000 1.4 @@ -117,7 +117,7 @@ char *filepath; char *p, *q; int n; - char linebuf[1000]; + char linebuf[FILE_BUFFER_SIZE+1]; int st; st = PropertiesLanguageStatus(propset, language); Index: txtfile.c =================================================================== RCS file: /cvs/dirsec/adminserver/lib/libsi18n/txtfile.c,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- txtfile.c 18 Aug 2005 19:20:24 -0000 1.3 +++ txtfile.c 31 Mar 2006 22:58:34 -0000 1.4 @@ -25,16 +25,6 @@ #include "txtfile.h" - - -#if 0 -char fileBuffer[FILE_BUFFER_SIZE + 1]; -char *fbCurrent; -int fbSize; -int fbStatus; -#endif - - TEXTFILE * OpenTextFile(char *filename, int access) { TEXTFILE *txtfile;

17 years, 5 months

1
0
0 / 0

[Fedora-directory-commits] adminserver/lib/libadmin admconf.c, 1.5, 1.6 form_get.c, 1.5, 1.6 referer.c, 1.5, 1.6 template.c, 1.6, 1.7 util.c, 1.6, 1.7

by Doctor Conrad

Author: rmeggins Update of /cvs/dirsec/adminserver/lib/libadmin In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28761/adminserver/lib/libadmin Modified Files: admconf.c form_get.c referer.c template.c util.c Log Message: Bug(s) fixed: 186280 Bug Description: adminserver: Close potential security vulnerabilities in CGI code Reviewed by: Rob, Pete, Nathan, Noriko (Thanks!) Fix Description: Most of this just involves making sure that we use PR_snprintf/PL_strncpyz/PL_strcatn where able, or just making sure we use snprintf/strncpy/strncat correctly and null terminate the buffers. I also got rid of some dead code, unused variables, and the like. There are a few cases that are more complex that I have specified below. In some cases I had to change the function signature to add a size parameter in cases where the function was copying to a given char * and the size was assumed (in most cases this was safe but it's still dangerous). Platforms tested: Fedora Core 5 Flag Day: no Doc impact: no Index: admconf.c =================================================================== RCS file: /cvs/dirsec/adminserver/lib/libadmin/admconf.c,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- admconf.c 18 Aug 2005 19:20:01 -0000 1.5 +++ admconf.c 31 Mar 2006 22:58:29 -0000 1.6 @@ -93,7 +93,7 @@ if (getenv("HTTP_REFERER")) strcpy(scratch, getenv("HTTP_REFERER")); else /* next sprintf is the 'else' part */ #endif - sprintf(scratch, "%s%s", getenv("SERVER_URL"), getenv("SCRIPT_NAME")); + PR_snprintf(scratch, sizeof(scratch), "%s%s", getenv("SERVER_URL"), getenv("SCRIPT_NAME")); config[2] = STRDUP(scratch); config[3] = STRDUP(CONFIG3_DEF); config[4] = STRDUP(CONFIG4_DEF); @@ -133,7 +133,7 @@ if(!fgets(scratch, 1024, f)) - sprintf(scratch, "%s", CONFIG1_DEF); + PR_snprintf(scratch, sizeof(scratch), "%s", CONFIG1_DEF); else scratch[strlen(scratch)-1] = '\0'; config[1] = STRDUP(scratch); @@ -145,19 +145,19 @@ config[2] = STRDUP(scratch); if(!fgets(scratch, 1024, f)) - sprintf(scratch, "%s", CONFIG3_DEF); + PR_snprintf(scratch, sizeof(scratch), "%s", CONFIG3_DEF); else scratch[strlen(scratch)-1] = '\0'; config[3] = STRDUP(scratch); if(!fgets(scratch, 1024, f)) - sprintf(scratch, "%s", CONFIG4_DEF); + PR_snprintf(scratch, sizeof(scratch), "%s", CONFIG4_DEF); else scratch[strlen(scratch)-1] = '\0'; config[4] = STRDUP(scratch); if(!fgets(scratch, 1024, f)) - sprintf(scratch, "%s", CONFIG5_DEF); + PR_snprintf(scratch, sizeof(scratch), "%s", CONFIG5_DEF); else scratch[strlen(scratch)-1] = '\0'; {int n=0, x=0; for(x=0; scratch[x]; x++) if(scratch[x]==':') n++; Index: form_get.c =================================================================== RCS file: /cvs/dirsec/adminserver/lib/libadmin/form_get.c,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- form_get.c 18 Aug 2005 19:20:01 -0000 1.5 +++ form_get.c 31 Mar 2006 22:58:29 -0000 1.6 @@ -79,7 +79,7 @@ PR_snprintf(filePattern, sizeof(filePattern), "%s%s%s", HTML_DIR, "$$LANGDIR/", filename); - GetFileForLanguage(filePattern,language,line); + GetFileForLanguage(filePattern,language,line,sizeof(line)); if(!(f = fopen(line, "r"))) { report_error(FILE_ERROR, line, "Could not open the HTML file. " "Perhaps the permissions have changed or someone " Index: referer.c =================================================================== RCS file: /cvs/dirsec/adminserver/lib/libadmin/referer.c,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- referer.c 18 Aug 2005 19:20:01 -0000 1.5 +++ referer.c 31 Mar 2006 22:58:29 -0000 1.6 @@ -131,9 +131,14 @@ NSAPI_PUBLIC void redirect_to_script(char *script) { char urlbuf[BIG_LINE]; - + char *ptr; PR_snprintf(urlbuf, sizeof(urlbuf), "%s%s", getenv("SERVER_URL"), getenv("SCRIPT_NAME")); - strcpy(strrchr(urlbuf, '/') + 1, script); + if (ptr = strrchr(urlbuf, '/')) { + int maxsize = sizeof(urlbuf)-((ptr-urlbuf)+2); /* one for the '/' and one for the '0' */ + PL_strncpyz(ptr + 1, script, maxsize); + } else { + PR_snprintf(urlbuf, sizeof(urlbuf), "%s/%s", getenv("SERVER_URL"), script); + } printf("Location: %s\n\n", urlbuf); } Index: template.c =================================================================== RCS file: /cvs/dirsec/adminserver/lib/libadmin/template.c,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- template.c 9 Sep 2005 19:04:01 -0000 1.6 +++ template.c 31 Mar 2006 22:58:29 -0000 1.7 @@ -397,7 +397,7 @@ /* * URL changed to add new "mapfile" parameter for 5.0 help system - Adam */ - util_snprintf( line, BIG_LINE, + util_snprintf( line, sizeof(line), "window.open('%s/manual/help/help?helpdir=admin&token=%s', '" INFO_IDX_NAME"_%s', " HELP_WIN_OPTIONS");", @@ -427,7 +427,7 @@ char outline[BIG_LINE]; if(verify) { - util_snprintf(line, BIG_LINE, "<SCRIPT language="MOCHA_NAME">\n" + util_snprintf(line, sizeof(line), "<SCRIPT language="MOCHA_NAME">\n" "function verify(form) {\n" " if(confirm('Do you really want to %s?'))\n" " form.submit();\n" @@ -439,14 +439,14 @@ output("<center><table border=2 width=100%%><tr>"); if(!verify) { - util_snprintf(outline, BIG_LINE, "%s%s%s%s%s", + util_snprintf(outline, sizeof(outline), "%s%s%s%s%s", "<td width=33%% align=center>", "<input type=submit value=\"", XP_GetAdminStr(DBT_ok_), "\">", "</td>\n"); } else { - util_snprintf(outline, BIG_LINE, "%s%s%s%s%s%s", + util_snprintf(outline, sizeof(outline), "%s%s%s%s%s%s", "<td width=33%% align=center>", "<input type=button value=\"", XP_GetAdminStr(DBT_ok_), @@ -455,14 +455,14 @@ "</td>\n"); } output(outline); - util_snprintf(outline, BIG_LINE, "%s%s%s%s", + util_snprintf(outline, sizeof(outline), "%s%s%s%s", "<td width=34%% align=center>", "<input type=reset value=\"", XP_GetAdminStr(DBT_reset_), "\"></td>\n"); output(outline); - util_snprintf(line, BIG_LINE, "<td width=33%% align=center>%s</td>\n", + util_snprintf(line, sizeof(line), "<td width=33%% align=center>%s</td>\n", _get_help_button( vars[0] )); output(line); @@ -502,7 +502,7 @@ /* * URL changed to add new "mapfile" parameter for 5.0 help system - Adam */ - util_snprintf( line, BIG_LINE, + util_snprintf( line, sizeof(line), "<A HREF=\"javascript:" "if ( top.helpwin ) {" " top.helpwin.focus();" @@ -624,7 +624,7 @@ } else isvar = 0; else - if(isvar != -1) { + if((isvar != -1) && (isvar < sizeof(scratch))) { scratch[isvar++] = *string; scratch[isvar] = '\0'; } Index: util.c =================================================================== RCS file: /cvs/dirsec/adminserver/lib/libadmin/util.c,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- util.c 18 Aug 2005 19:20:01 -0000 1.6 +++ util.c 31 Mar 2006 22:58:29 -0000 1.7 @@ -193,7 +193,7 @@ char *slash = NULL; if (dir) - strcpy (path, dir); + PL_strncpyz (path, dir, sizeof(path)); else return 0; @@ -982,8 +982,8 @@ } else { if (inet_addr(candidate) != -1) { - strcpy(work, candidate); - strcat(work, " 255.255.255.255"); + PL_strncpyz(work, candidate, sizeof(work)); + PL_strcatn(work, sizeof(work), " 255.255.255.255"); result = strdup(work); } }

17 years, 5 months

1
0
0 / 0

[Fedora-directory-commits] adminserver/lib/ldaputil/utest stubs.c, 1.3, 1.4

by Doctor Conrad

Author: rmeggins Update of /cvs/dirsec/adminserver/lib/ldaputil/utest In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28761/adminserver/lib/ldaputil/utest Modified Files: stubs.c Log Message: Bug(s) fixed: 186280 Bug Description: adminserver: Close potential security vulnerabilities in CGI code Reviewed by: Rob, Pete, Nathan, Noriko (Thanks!) Fix Description: Most of this just involves making sure that we use PR_snprintf/PL_strncpyz/PL_strcatn where able, or just making sure we use snprintf/strncpy/strncat correctly and null terminate the buffers. I also got rid of some dead code, unused variables, and the like. There are a few cases that are more complex that I have specified below. In some cases I had to change the function signature to add a size parameter in cases where the function was copying to a given char * and the size was assumed (in most cases this was safe but it's still dangerous). Platforms tested: Fedora Core 5 Flag Day: no Doc impact: no Index: stubs.c =================================================================== RCS file: /cvs/dirsec/adminserver/lib/ldaputil/utest/stubs.c,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- stubs.c 18 Aug 2005 19:19:34 -0000 1.3 +++ stubs.c 31 Mar 2006 22:58:28 -0000 1.4 @@ -87,8 +87,8 @@ if (!val) return LDAPU_ERR_OUT_OF_MEMORY; ptr = val; - sprintf(attr_eq1, "%s =", attr); - sprintf(attr_eq2, "%s=", attr); + PR_snprintf(attr_eq1, sizeof(attr_eq1), "%s =", attr); + PR_snprintf(attr_eq2, sizeof(attr_eq2), "%s=", attr); while(cert_dn && ((dnptr = strstr(cert_dn, attr_eq1)) ||

17 years, 5 months

1
0
0 / 0

[Fedora-directory-commits] adminserver/lib/ldaputil certmap.c, 1.4, 1.5 init.c, 1.4, 1.5

by Doctor Conrad

Author: rmeggins Update of /cvs/dirsec/adminserver/lib/ldaputil In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28761/adminserver/lib/ldaputil Modified Files: certmap.c init.c Log Message: Bug(s) fixed: 186280 Bug Description: adminserver: Close potential security vulnerabilities in CGI code Reviewed by: Rob, Pete, Nathan, Noriko (Thanks!) Fix Description: Most of this just involves making sure that we use PR_snprintf/PL_strncpyz/PL_strcatn where able, or just making sure we use snprintf/strncpy/strncat correctly and null terminate the buffers. I also got rid of some dead code, unused variables, and the like. There are a few cases that are more complex that I have specified below. In some cases I had to change the function signature to add a size parameter in cases where the function was copying to a given char * and the size was assumed (in most cases this was safe but it's still dangerous). Platforms tested: Fedora Core 5 Flag Day: no Doc impact: no Index: certmap.c =================================================================== RCS file: /cvs/dirsec/adminserver/lib/ldaputil/certmap.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- certmap.c 18 Aug 2005 19:18:50 -0000 1.4 +++ certmap.c 31 Mar 2006 22:58:23 -0000 1.5 @@ -1096,7 +1096,7 @@ vallen = ava->value.len - lenLen; rv = CERT_RFC1485_EscapeAndQuote(buf, - BIG_LINE, + sizeof(buf), (char*) ava->value.data + lenLen, vallen); @@ -1195,12 +1195,12 @@ const char *tagName = certmap_secoid_to_name(tag); if (PresentInComps(certmap_info->dncomps, tag)) { - rv = AddToLdapDN(ldapdn, BIG_LINE, &dnlen, tagName, ava); + rv = AddToLdapDN(ldapdn, sizeof(ldapdn), &dnlen, tagName, ava); if (rv != LDAPU_SUCCESS) return rv; } if (PresentInComps(certmap_info->filtercomps, tag)) { - rv = AddToFilter(filter, BIG_LINE, &flen, tagName, ava); + rv = AddToFilter(filter, sizeof(filter), &flen, tagName, ava); if (rv != LDAPU_SUCCESS) return rv; numfavas++; } Index: init.c =================================================================== RCS file: /cvs/dirsec/adminserver/lib/ldaputil/init.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- init.c 18 Aug 2005 19:18:50 -0000 1.4 +++ init.c 31 Mar 2006 22:58:23 -0000 1.5 @@ -66,7 +66,7 @@ if(is_lib) { char path[1024]; - sprintf(path, "%s%c%s", dir, FILE_PATHSEP, libname); + PR_snprintf(path, sizeof(path), "%s%c%s", dir, FILE_PATHSEP, libname); lib = PR_LoadLibrary(path); if (!lib) rv = LDAPU_ERR_UNABLE_TO_LOAD_PLUGIN; } @@ -99,7 +99,7 @@ if (serv_root && *serv_root) { /* Load common libraries */ - sprintf(dir, "%s%clib%c%s", serv_root, FILE_PATHSEP, + PR_snprintf(dir, sizeof(dir), "%s%clib%c%s", serv_root, FILE_PATHSEP, FILE_PATHSEP, "common"); rv = load_server_libs(dir); @@ -107,7 +107,7 @@ if (serv_type && *serv_type) { /* Load server type specific libraries */ - sprintf(dir, "%s%clib%c%s", serv_root, FILE_PATHSEP, + PR_snprintf(dir, sizeof(dir), "%s%clib%c%s", serv_root, FILE_PATHSEP, FILE_PATHSEP, serv_type); rv = load_server_libs(dir); @@ -115,7 +115,7 @@ if (serv_id && *serv_id) { /* Load server instance specific libraries */ - sprintf(dir, "%s%clib%c%s", serv_root, FILE_PATHSEP, + PR_snprintf(dir, sizeof(dir), "%s%clib%c%s", serv_root, FILE_PATHSEP, FILE_PATHSEP, serv_id); rv = load_server_libs(dir);

17 years, 5 months

1
0
0 / 0

[Fedora-directory-commits] adminserver/lib/base util.cpp,1.4,1.5

by Doctor Conrad

Author: rmeggins Update of /cvs/dirsec/adminserver/lib/base In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28761/adminserver/lib/base Modified Files: util.cpp Log Message: Bug(s) fixed: 186280 Bug Description: adminserver: Close potential security vulnerabilities in CGI code Reviewed by: Rob, Pete, Nathan, Noriko (Thanks!) Fix Description: Most of this just involves making sure that we use PR_snprintf/PL_strncpyz/PL_strcatn where able, or just making sure we use snprintf/strncpy/strncat correctly and null terminate the buffers. I also got rid of some dead code, unused variables, and the like. There are a few cases that are more complex that I have specified below. In some cases I had to change the function signature to add a size parameter in cases where the function was copying to a given char * and the size was assumed (in most cases this was safe but it's still dangerous). Platforms tested: Fedora Core 5 Flag Day: no Doc impact: no Index: util.cpp =================================================================== RCS file: /cvs/dirsec/adminserver/lib/base/util.cpp,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- util.cpp 18 Aug 2005 19:18:27 -0000 1.4 +++ util.cpp 31 Mar 2006 22:58:22 -0000 1.5 @@ -327,7 +327,9 @@ /* Standard HTTP (RFC 850) starts with dd-mon-yy */ if(ims[2] == '-') { - sscanf(ims, "%s %d:%d:%d", t, &h, &m, &s); + /* Warning - hardcoded 128 is sizeof(t) - scanf is not security conscious */ + sscanf(ims, "%128s %d:%d:%d", t, &h, &m, &s); + t[sizeof(t)-1] = 0; if(strlen(t) < 6) return 0; t[2] = '\0'; @@ -340,12 +342,16 @@ } /* The ctime format starts with a month name */ else if(isalpha(*ims)) { - sscanf(ims,"%s %d %d:%d:%d %*s %d", t, &d, &h, &m, &s, &y); + /* Warning - hardcoded 128 is sizeof(t) - scanf is not security conscious */ + sscanf(ims,"%128s %d %d:%d:%d %*s %d", t, &d, &h, &m, &s, &y); + t[sizeof(t)-1] = 0; mnum = _mstr2num(t); } /* RFC 822 */ else { - sscanf(ims, "%d %s %d %d:%d:%d", &d, t, &y, &h, &m, &s); + /* Warning - hardcoded 128 is sizeof(t) - scanf is not security conscious */ + sscanf(ims, "%d %128s %d %d:%d:%d", &d, t, &y, &h, &m, &s); + t[sizeof(t)-1] = 0; mnum = _mstr2num(t); }

17 years, 5 months

1
0
0 / 0

[Fedora-directory-commits] adminserver/include i18n.h,1.4,1.5

by Doctor Conrad

Author: rmeggins Update of /cvs/dirsec/adminserver/include In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28761/adminserver/include Modified Files: i18n.h Log Message: Bug(s) fixed: 186280 Bug Description: adminserver: Close potential security vulnerabilities in CGI code Reviewed by: Rob, Pete, Nathan, Noriko (Thanks!) Fix Description: Most of this just involves making sure that we use PR_snprintf/PL_strncpyz/PL_strcatn where able, or just making sure we use snprintf/strncpy/strncat correctly and null terminate the buffers. I also got rid of some dead code, unused variables, and the like. There are a few cases that are more complex that I have specified below. In some cases I had to change the function signature to add a size parameter in cases where the function was copying to a given char * and the size was assumed (in most cases this was safe but it's still dangerous). Platforms tested: Fedora Core 5 Flag Day: no Doc impact: no Index: i18n.h =================================================================== RCS file: /cvs/dirsec/adminserver/include/i18n.h,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- i18n.h 18 Aug 2005 19:14:21 -0000 1.4 +++ i18n.h 31 Mar 2006 22:58:21 -0000 1.5 @@ -147,7 +147,7 @@ NSAPI_PUBLIC int -GetFileForLanguage(char* filepath,char* language,char* existingFilepath); +GetFileForLanguage(char* filepath,char* language,char* existingFilepath, size_t existingSize); /* Looks for a file in the appropriate language.

17 years, 5 months

1
0
0 / 0

[Fedora-directory-commits] adminserver/admserv/user-forms/src enduser.c, 1.4, 1.5 index.c, 1.3, 1.4

by Doctor Conrad

Author: rmeggins Update of /cvs/dirsec/adminserver/admserv/user-forms/src In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28761/adminserver/admserv/user-forms/src Modified Files: enduser.c index.c Log Message: Bug(s) fixed: 186280 Bug Description: adminserver: Close potential security vulnerabilities in CGI code Reviewed by: Rob, Pete, Nathan, Noriko (Thanks!) Fix Description: Most of this just involves making sure that we use PR_snprintf/PL_strncpyz/PL_strcatn where able, or just making sure we use snprintf/strncpy/strncat correctly and null terminate the buffers. I also got rid of some dead code, unused variables, and the like. There are a few cases that are more complex that I have specified below. In some cases I had to change the function signature to add a size parameter in cases where the function was copying to a given char * and the size was assumed (in most cases this was safe but it's still dangerous). Platforms tested: Fedora Core 5 Flag Day: no Doc impact: no Index: enduser.c =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/user-forms/src/enduser.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- enduser.c 18 Aug 2005 19:10:57 -0000 1.4 +++ enduser.c 31 Mar 2006 22:58:21 -0000 1.5 @@ -138,11 +138,12 @@ BerElement *ber; if (getenv("HTTP_ACCEPT_LANGUAGE") != NULL) { - strcpy(langList, getenv("HTTP_ACCEPT_LANGUAGE")); + strncpy(langList, getenv("HTTP_ACCEPT_LANGUAGE"), sizeof(langList)); } else { strcpy(langList, "en"); } + langList[sizeof(langList)-1] = 0; /* Replace spaces with commas */ for(ptr=langList; *ptr=='\0'; ptr++) @@ -153,19 +154,22 @@ a = ldap_next_attribute(ld, e, ber)) { if (((ptr = strstr(a, ";lang-en")) != NULL) && (!enLangAttr)) { enLangAttr = 1; - strcpy(defaultEnLang, a); + strncpy(defaultEnLang, a, sizeof(defaultEnLang)); + defaultEnLang[sizeof(defaultEnLang)-1] = 0; } if ((ptr = strstr(a, ";lang-")) == NULL) { noLangAttr = 1; - strcpy(defaultNoLang, a); + strncpy(defaultNoLang, a, sizeof(defaultNoLang)); + defaultNoLang[sizeof(defaultNoLang)-1] = 0; continue; } else { ptr = ptr + strlen(";lang-"); if ((ptr2 = strchr(ptr, ';')) != NULL) *ptr2 = '\0'; - sprintf(langTag, "%s", ptr); + snprintf(langTag, sizeof(langTag), "%s", ptr); + langTag[sizeof(langTag)-1] = 0; if (strstr(langList, langTag)) { ldap_memfree(a); ldap_ber_free(ber, 0); @@ -397,12 +401,13 @@ return ldap_init(ldapHost, ldapPort); } -/* returns the searchDN underwhich to look for the endUserHtmlIndex programs */ -char *getSearchDN(AdmldapInfo ldapInfo) { +/* returns the searchDN underwhich to look for the endUserHtmlIndex programs in entrydn */ +void getSearchDN(AdmldapInfo ldapInfo, char *entrydn, size_t size) { char buf[1000]; int i, count = 0; - strcpy(buf, admldapGetSIEDN(ldapInfo)); + strncpy(buf, admldapGetSIEDN(ldapInfo), sizeof(buf)); + buf[sizeof(buf)-1] = 0; if (!buf) { report_err( DBT_errorBuildingLdapInfo_); exit(0); @@ -421,8 +426,9 @@ } /*Eliminate leading blanks */ while (buf[++i] == ' '); - sprintf(buf, "%s%c%s", DS_GLOBAL_PREF_RDN, ',', &buf[i]); - return buf; + snprintf(entrydn, size, "%s%c%s", DS_GLOBAL_PREF_RDN, ',', &buf[i]); + entrydn[size-1] = 0; + return; } catlist read_catlist_DS(void) @@ -460,8 +466,9 @@ /* binddn=(char*)malloc(sizeof(char)*100); */ /* strcpy(binddn,"uid=jwalker,ou=people,o=airius.com"); */ - sprintf(admconf, "%s%c%s%c%s", nsroot, FILE_PATHSEP, "admin-serv", + snprintf(admconf, sizeof(admconf), "%s%c%s%c%s", nsroot, FILE_PATHSEP, "admin-serv", FILE_PATHSEP, "config"); + admconf[sizeof(admconf)-1] = 0; ldapInfo = admldapBuildInfo(admconf, &rv); @@ -472,8 +479,10 @@ else { ldapHost = admldapGetHost(ldapInfo); ldapPort = admldapGetPort(ldapInfo); - strcpy(binddn, admldapGetSIEDN(ldapInfo)); - strcpy(bindpw, admldapGetSIEPWD(ldapInfo)); + strncpy(binddn, admldapGetSIEDN(ldapInfo), sizeof(binddn)); + binddn[sizeof(binddn)-1] = 0; + strncpy(bindpw, admldapGetSIEPWD(ldapInfo), sizeof(bindpw)); + bindpw[sizeof(bindpw)-1] = 0; bindInfo.binddn = binddn; bindInfo.bindpwd = bindpw; @@ -485,7 +494,7 @@ attr[0]="nsAdminEndUserHTMLIndex"; attr[1]=NULL; - strcpy(EntryDN, getSearchDN(ldapInfo)); + getSearchDN(ldapInfo, EntryDN, sizeof(EntryDN)); if ( i = ldap_search_s(ld, EntryDN, LDAP_SCOPE_SUBTREE, "(nsadminenduserhtmlindex=*)", attr, 0, &result)==LDAP_SUCCESS) { @@ -532,7 +541,7 @@ char *tmp=NULL, *data=NULL, *div=NULL; char *root = getenv("NETSITE_ROOT"); - GetFileForLanguage(CATLIST_FILE,GetClientLanguage(),existingpath); + GetFileForLanguage(CATLIST_FILE,GetClientLanguage(),existingpath,sizeof(existingpath)); f = fopen(existingpath, "r"); if(!f) { report_err( DBT_errorCouldNotOpenServersListFile_); @@ -602,8 +611,9 @@ if(!data) continue; /* huh?! */ data++; - sprintf(path, INCLUDE_PATH, root, data); - GetFileForLanguage(path,GetClientLanguage(),existingpath); + snprintf(path, sizeof(path), INCLUDE_PATH, root, data); + path[sizeof(path)-1] = 0; + GetFileForLanguage(path,GetClientLanguage(),existingpath,sizeof(existingpath)); if (!(flst = fopen(existingpath, "r"))) { fprintf(stdout, /*XP_GetClientStr(*/"%s",DBT_errorCouldNotOpenSServerListFile_/*)*/, @@ -612,7 +622,7 @@ } else { - while(fgets(opt, 128, flst) != (char *) NULL) + while(fgets(opt, sizeof(opt), flst) != (char *) NULL) { if(!strncmp(opt, CATEGORY, strlen(CATEGORY))) { tmp=strchr(opt, '\n'); @@ -748,11 +758,12 @@ if (user) { - sprintf(title,DBT_serverAccountManagementFor_,user); + snprintf(title,sizeof(title), DBT_serverAccountManagementFor_,user); } else { - sprintf(title,DBT_serverAccountManagement_); + snprintf(title,sizeof(title), DBT_serverAccountManagement_); } + title[sizeof(title)-1] = 0; fprintf(stdout,title); fprintf(stdout, "</B></FONT></FONT></FONT> </td></tr></table></TD></TR><TR> <TD>" @@ -767,7 +778,7 @@ "scrolling=auto marginwidth=0 marginheight=0 " "noresize border=0 " "name='%s'>\");\n", SCRIPT_NAME, TOP_NAME); - GetFileForLanguage(HTML_FILE,GetClientLanguage(),existingpath); + GetFileForLanguage(HTML_FILE,GetClientLanguage(),existingpath,sizeof(existingpath)); fprintf(stdout, " top.bottom.document.writeln(\"<frame " "src='%s' " Index: index.c =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/user-forms/src/index.c,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- index.c 18 Aug 2005 19:10:57 -0000 1.3 +++ index.c 31 Mar 2006 22:58:21 -0000 1.4 @@ -86,7 +86,7 @@ char *tmp=NULL, *data=NULL, *div=NULL; char *root = getenv("NETSITE_ROOT"); - GetFileForLanguage(CATLIST_FILE,GetClientLanguage(),existingpath); + GetFileForLanguage(CATLIST_FILE,GetClientLanguage(),existingpath,sizeof(existingpath)); f = fopen(existingpath, "r"); if(!f) { fprintf(stdout, @@ -157,8 +157,9 @@ if(!data) continue; /* huh?! */ data++; - sprintf(path, INCLUDE_PATH, root, data); - GetFileForLanguage(path,GetClientLanguage(),existingpath); + snprintf(path, sizeof(path), INCLUDE_PATH, root, data); + path[sizeof(path)-1] = 0; + GetFileForLanguage(path,GetClientLanguage(),existingpath,sizeof(existingpath)); if (!(flst = fopen(existingpath, "r"))) { fprintf(stdout, XP_GetClientStr(DBT_errorCouldNotOpenSServerListFile_), @@ -296,7 +297,7 @@ fprintf(stdout, " top.bottom.document.writeln(\"<frame src='%s?list' " "scrolling=no marginwidth=0 marginheight=0 " "name='%s'>\");\n", SCRIPT_NAME, TOP_NAME); - GetFileForLanguage(HTML_FILE,GetClientLanguage(),existingpath); + GetFileForLanguage(HTML_FILE,GetClientLanguage(),existingpath,sizeof(existingpath)); fprintf(stdout, " top.bottom.document.writeln(\"<frame " "src='%s' " "scrolling=yes marginwidth=4 "

17 years, 5 months

1
0
0 / 0

[Fedora-directory-commits] adminserver/admserv/newinst/src ux-config.cc, 1.8, 1.9 ux-dialog.cc, 1.9, 1.10 ux-remove.cc, 1.4, 1.5

by Doctor Conrad

Author: rmeggins Update of /cvs/dirsec/adminserver/admserv/newinst/src In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28761/adminserver/admserv/newinst/src Modified Files: ux-config.cc ux-dialog.cc ux-remove.cc Log Message: Bug(s) fixed: 186280 Bug Description: adminserver: Close potential security vulnerabilities in CGI code Reviewed by: Rob, Pete, Nathan, Noriko (Thanks!) Fix Description: Most of this just involves making sure that we use PR_snprintf/PL_strncpyz/PL_strcatn where able, or just making sure we use snprintf/strncpy/strncat correctly and null terminate the buffers. I also got rid of some dead code, unused variables, and the like. There are a few cases that are more complex that I have specified below. In some cases I had to change the function signature to add a size parameter in cases where the function was copying to a given char * and the size was assumed (in most cases this was safe but it's still dangerous). Platforms tested: Fedora Core 5 Flag Day: no Doc impact: no Index: ux-config.cc =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/newinst/src/ux-config.cc,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- ux-config.cc 29 Mar 2006 02:19:52 -0000 1.8 +++ ux-config.cc 31 Mar 2006 22:58:20 -0000 1.9 @@ -158,7 +158,8 @@ if (InstUtil::isServerRoot(_serverRoot) == False) { err = -1; - sprintf(errMsg, "ERROR: %s is not a server root\n",_serverRoot.data()); + snprintf(errMsg, sizeof(errMsg), "ERROR: %s is not a server root\n",_serverRoot.data()); + errMsg[sizeof(errMsg)-1] = 0; } else { @@ -167,7 +168,8 @@ } else if (InstUtil::fileExists(_infoFile) == False) { - sprintf(errMsg, "ERROR: answer cache not found\n"); + snprintf(errMsg, sizeof(errMsg), "ERROR: answer cache not found\n"); + errMsg[sizeof(errMsg)-1] = 0; err = -1; } } @@ -176,7 +178,8 @@ if (_infoFile == (char *) NULL || InstUtil::fileExists(_infoFile) == False) { - sprintf(errMsg, "ERROR: installation script not found\n"); + snprintf(errMsg, sizeof(errMsg), "ERROR: installation script not found\n"); + errMsg[sizeof(errMsg)-1] = 0; _installLog->logMessage(FATAL, "Admin", "Installation script not found"); err = -1; } @@ -205,7 +208,8 @@ { if (_adminInfo == NULL) { - sprintf(errMsg, "ERROR: Invalid installation script. No Admin section.\n"); + snprintf(errMsg, sizeof(errMsg), "ERROR: Invalid installation script. No Admin section.\n"); + errMsg[sizeof(errMsg)-1] = 0; _installLog->logMessage(FATAL, "Admin", "Invalid installation script. no Admin section"); err = -1; } @@ -267,7 +271,8 @@ NSString hostName = InstUtil::guessHostname(); /* First, determine whether Admin is already configured */ - sprintf(tmp, "%s/admin-serv/config/adm.conf", _serverRoot.data()); + snprintf(tmp, sizeof(tmp), "%s/admin-serv/config/adm.conf", _serverRoot.data()); + tmp[sizeof(tmp)-1] = 0; admConf.setFormat(2); admConf.read(tmp); @@ -303,7 +308,8 @@ } } - sprintf(tmp, "%s/admin-serv/config/admpw", _serverRoot.data()); + snprintf(tmp, sizeof(tmp), "%s/admin-serv/config/admpw", _serverRoot.data()); + tmp[sizeof(tmp)-1] = 0; admConf.read(tmp); @@ -688,13 +694,13 @@ if (strncmp(errMsg, adminPort, 6) || port > MAXPORT) { - sprintf(errMsg, "OVERFLOW ERROR: Unable to bind to port %d\n" + snprintf(errMsg, sizeof(errMsg), "OVERFLOW ERROR: Unable to bind to port %d\n" "Please choose another port less than %d.\n", port, MAXPORT); } else if (InstUtil::portAvailable(port) == False) { - sprintf(errMsg, + snprintf(errMsg, sizeof(errMsg), "ERROR: Unable to bind to port %d\n" " Please choose another port.\n", port); @@ -703,6 +709,7 @@ { errMsg[0] = 0; } + errMsg[sizeof(errMsg)-1] = 0; return errMsg; } @@ -718,13 +725,13 @@ { case -1: - sprintf(errMsg, + snprintf(errMsg, sizeof(errMsg), "The user %s does not currently exist.\n" " Choose another, or create it an choose it again.\n", sysUser); break; case -2: - sprintf(errMsg, + snprintf(errMsg, sizeof(errMsg), "The system will not allow you to run the Administration\n" " server as that user. Please choose another one.\n"); break; @@ -733,6 +740,7 @@ break; } + errMsg[sizeof(errMsg)-1] = 0; return errMsg; } @@ -750,7 +758,8 @@ NSString errMsg; NSString sysUser; - sprintf(tmp, "%s/bin/admin/ns-admin", _serverRoot.data()); + snprintf(tmp, sizeof(tmp), "%s/bin/admin/ns-admin", _serverRoot.data()); + tmp[sizeof(tmp)-1] = 0; if (stat(tmp, &fi) == 0) { @@ -778,14 +787,17 @@ char stopProgram[BIG_BUF]; struct stat fi; - sprintf(pid, "%s/admin-serv/logs/pid", _serverRoot.data()); + snprintf(pid, sizeof(pid), "%s/admin-serv/logs/pid", _serverRoot.data()); + pid[sizeof(pid)-1] = 0; if (stat(pid, &fi) == 0) { - sprintf(stopProgram, "%s/stop-admin", _serverRoot.data()); + snprintf(stopProgram, sizeof(stopProgram), "%s/stop-admin", _serverRoot.data()); + stopProgram[sizeof(stopProgram)-1] = 0; if (stat (stopProgram, &fi) != 0) { - sprintf(stopProgram, "kill `cat %s`", pid); + snprintf(stopProgram, sizeof(stopProgram), "kill `cat %s`", pid); + stopProgram[sizeof(stopProgram)-1] = 0; } system(stopProgram); } @@ -793,7 +805,8 @@ /* Stop SNMP Master Agent if running */ int magpid; FILE* fhdl; - sprintf(pid, "%s/admin-serv/logs/pid_masteragt", _serverRoot.data()); + snprintf(pid, sizeof(pid), "%s/admin-serv/logs/pid_masteragt", _serverRoot.data()); + pid[sizeof(pid)-1] = 0; if ((fhdl = fopen(pid, "r")) != NULL) { fscanf(fhdl, "%d\n", &magpid); @@ -811,7 +824,8 @@ disableWinMode(); - sprintf(tmp, "%s/bin/admin/ns-update -f %s", _serverRoot.data(), _infoFile.data()); + snprintf(tmp, sizeof(tmp), "%s/bin/admin/ns-update -f %s", _serverRoot.data(), _infoFile.data()); + tmp[sizeof(tmp)-1] = 0; err = system(tmp); @@ -848,7 +862,8 @@ char buf[1024]; FILE *fp; - sprintf(cmd, "%s -V", file); + snprintf(cmd, sizeof(cmd), "%s -V", file); + cmd[sizeof(cmd)-1] = 0; fp = popen(cmd, "r"); if (fp != NULL) { @@ -880,10 +895,13 @@ char *v; snprintf(path, sizeof(path), "%s/httpd.worker", dir); + path[sizeof(path)-1] = 0; if (stat(path, &st) != 0) { snprintf(path, sizeof(path), "%s/httpd", dir); + path[sizeof(path)-1] = 0; if (stat(path, &st) != 0) { snprintf(errMsg, sizeof(errMsg), "Can't find Apache in %s", dir); + errMsg[sizeof(errMsg)-1] = 0; return errMsg; } } @@ -891,13 +909,16 @@ v = get_value(path, "APACHE_MPM_DIR"); if (strcmp(v, "server/mpm/worker")) { snprintf(errMsg, sizeof(errMsg), "The Admininistration Server requires an Apache web server that provides the worker model."); + errMsg[sizeof(errMsg)-1] = 0; return errMsg; } v = get_value(path, "HTTPD_ROOT"); - sprintf(path, "%s/modules", v); + snprintf(path, sizeof(path), "%s/modules", v); + path[sizeof(path)-1] = 0; if (stat(path, &st) != 0) { - snprintf(errMsg, sizeof(errMsg), "Unable to locate Apache modules in %s\n.", path);; + snprintf(errMsg, sizeof(errMsg), "Unable to locate Apache modules in %s\n.", path); + errMsg[sizeof(errMsg)-1] = 0; return errMsg; } @@ -915,15 +936,18 @@ char *v; snprintf(path, sizeof(path), "%s/httpd.worker", dir); + path[sizeof(path)-1] = 0; if (stat(path, &st) != 0) { snprintf(path, sizeof(path), "%s/httpd", dir); + path[sizeof(path)-1] = 0; if (stat(path, &st) != 0) { return NULL; } } v = get_value(path, "HTTPD_ROOT"); - sprintf(path, "%s/modules", v); + snprintf(path, sizeof(path), "%s/modules", v); + path[sizeof(path)-1] = 0; if (stat(path, &st) != 0) { return NULL; } Index: ux-dialog.cc =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/newinst/src/ux-dialog.cc,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- ux-dialog.cc 28 Oct 2005 22:44:18 -0000 1.9 +++ ux-dialog.cc 31 Mar 2006 22:58:20 -0000 1.10 @@ -331,7 +331,6 @@ const char *buf = me->input(); int err = 0; char errMsg[BIG_BUF]; - char tmp[XSM_BUF]; LDAPURLDesc *ludpp; DialogAction rc = DIALOG_NEXT; AdminPreInstall *setup = ((AdminPreInstall *)me->manager()->parent()); @@ -354,17 +353,17 @@ errMsg[0] = 0; break; case INVALID_URL: - sprintf(errMsg, "ERROR: The URL \"%s\" is not of valid format.\n", localLdapURL); + snprintf(errMsg, sizeof(errMsg), "ERROR: The URL \"%s\" is not of valid format.\n", localLdapURL); break; case CONN_FAILED: - sprintf(errMsg, + snprintf(errMsg, sizeof(errMsg), "ERROR: Cannot connect to URL \"%s\".\n" " The server may have been down. Please fix the problem\n" " before proceeding with installation.\n", localLdapURL); break; case INVALID_DN: - sprintf(errMsg, + snprintf(errMsg, sizeof(errMsg), "ERROR: setup cannot verify the base suffix as specified in\n" " \"%s\".\n" " Please check the base suffix and re-enter the URL.\n", @@ -377,6 +376,7 @@ free(localLdapURL); + errMsg[sizeof(errMsg)-1] = 0; if (errMsg[0] != 0) { DialogAlert alert(errMsg); @@ -410,7 +410,8 @@ localLdapURL = UTF8ToLocal(installInfo->get(CONFIG_LDAP_URL)); - sprintf(text2, " %s", localLdapURL); + snprintf(text2, sizeof(text2), " %s", localLdapURL); + text2[sizeof(text2)-1] = 0; me->setText2(text2); @@ -477,25 +478,25 @@ switch(err) { case INVALID_INPUT: - sprintf(errMsg, "ERROR: Invalid input.\n"); + snprintf(errMsg, sizeof(errMsg), "ERROR: Invalid input.\n"); break; case INVALID_URL: - sprintf(errMsg, "ERROR: Invalid URL \"%s\".\n", localLdapURL); + snprintf(errMsg, sizeof(errMsg), "ERROR: Invalid URL \"%s\".\n", localLdapURL); break; case INVALID_AUTH: - sprintf(errMsg, "ERROR: Insufficient authorization.\n"); + snprintf(errMsg, sizeof(errMsg), "ERROR: Insufficient authorization.\n"); break; case CONN_FAILED: - sprintf(errMsg, + snprintf(errMsg, sizeof(errMsg), "ERROR: Cannot connect to LDAP server.\n" " The server may have been down. Please fix the problem\n" " before proceeding with installation.\n"); break; case INVALID_USER: - sprintf(errMsg, "ERROR: Invalid user and/or password.\n"); + snprintf(errMsg, sizeof(errMsg), "ERROR: Invalid user and/or password.\n"); break; default: - sprintf(errMsg, + snprintf(errMsg, sizeof(errMsg), "ERROR: Authentication failed. Either you have entered\n" " an invalid user ID or password, or the directory server\n" " is having some problem. Please check and re-enter.\n"); @@ -505,6 +506,7 @@ free(localLdapURL); + errMsg[sizeof(errMsg)-1] = 0; if (errMsg [0] != 0) { DialogAlert alert(errMsg); Index: ux-remove.cc =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/newinst/src/ux-remove.cc,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- ux-remove.cc 18 Aug 2005 19:06:43 -0000 1.4 +++ ux-remove.cc 31 Mar 2006 22:58:20 -0000 1.5 @@ -88,7 +88,8 @@ serverRoot = uninstallInfo->get(SERVER_ROOT); instanceDir = serverRoot + "/" + "admin-serv"; - sprintf(temp, "%s/admin-serv/config/adm.conf", serverRoot.data()); + snprintf(temp, sizeof(temp), "%s/admin-serv/config/adm.conf", serverRoot.data()); + temp[sizeof(temp)-1] = 0; admConf = new NVPair(temp); if (admConf->isEmpty() == False) @@ -144,19 +145,23 @@ FILE *fhdl = NULL; /* Stop the Admin Server */ - sprintf(pidFile, "%s/admin-serv/logs/pid", serverRoot.data()); + snprintf(pidFile, sizeof(pidFile), "%s/admin-serv/logs/pid", serverRoot.data()); + pidFile[sizeof(pidFile)-1] = 0; if (stat(pidFile, &fi) == 0) { - sprintf(stopProgram, "%s/stop-admin", serverRoot.data()); + snprintf(stopProgram, sizeof(stopProgram), "%s/stop-admin", serverRoot.data()); + stopProgram[sizeof(stopProgram)-1] = 0; if (stat (stopProgram, &fi) != 0) { - sprintf(stopProgram, "kill `cat %s`", pid); + snprintf(stopProgram, sizeof(stopProgram), "kill `cat %s`", pid); + stopProgram[sizeof(stopProgram)-1] = 0; } system(stopProgram); } /* Stop SNMP Master Agent if running */ - sprintf(pidFile, "%s/admin-serv/logs/pid_masteragt", serverRoot.data()); + snprintf(pidFile, sizeof(pidFile), "%s/admin-serv/logs/pid_masteragt", serverRoot.data()); + pidFile[sizeof(pidFile)-1] = 0; if ((fhdl = fopen(pidFile, "r")) != NULL) { fscanf(fhdl, "%d\n", &pid); @@ -171,27 +176,35 @@ szHomeDir = getenv("home"); if(szHomeDir != NULL) { - sprintf(szCmdBuf, "rm -fr %s/.mcc", szHomeDir); + snprintf(szCmdBuf, sizeof(szCmdBuf), "rm -fr %s/.mcc", szHomeDir); + szCmdBuf[sizeof(szCmdBuf)-1] = 0; + system(szCmdBuf); } /* Remove dynamic and temporary files */ - sprintf(szCmdBuf, "rm -fr %s/admin-serv/tmp", serverRoot.data()); + snprintf(szCmdBuf, sizeof(szCmdBuf), "rm -fr %s/admin-serv/tmp", serverRoot.data()); + szCmdBuf[sizeof(szCmdBuf)-1] = 0; system(szCmdBuf); - sprintf(szCmdBuf, "rm -fr %s/admin-serv/ClassCache", serverRoot.data()); + snprintf(szCmdBuf, sizeof(szCmdBuf), "rm -fr %s/admin-serv/ClassCache", serverRoot.data()); + szCmdBuf[sizeof(szCmdBuf)-1] = 0; system(szCmdBuf); - sprintf(szCmdBuf, "rm -fr %s/admin-serv/SessionData", serverRoot.data()); + snprintf(szCmdBuf, sizeof(szCmdBuf), "rm -fr %s/admin-serv/SessionData", serverRoot.data()); + szCmdBuf[sizeof(szCmdBuf)-1] = 0; system(szCmdBuf); - sprintf(szCmdBuf, "rm -fr %s/admin-serv/config/*.properties", serverRoot.data()); + snprintf(szCmdBuf, sizeof(szCmdBuf), "rm -fr %s/admin-serv/config/*.properties", serverRoot.data()); + szCmdBuf[sizeof(szCmdBuf)-1] = 0; system(szCmdBuf); - sprintf(szCmdBuf, "rm -fr %s/java/jars/*.icon", serverRoot.data()); + snprintf(szCmdBuf, sizeof(szCmdBuf), "rm -fr %s/java/jars/*.icon", serverRoot.data()); + szCmdBuf[sizeof(szCmdBuf)-1] = 0; system(szCmdBuf); - sprintf(szCmdBuf, "rm -fr %s/java/.java", serverRoot.data()); + snprintf(szCmdBuf, sizeof(szCmdBuf), "rm -fr %s/java/.java", serverRoot.data()); + szCmdBuf[sizeof(szCmdBuf)-1] = 0; system(szCmdBuf); return 0;

17 years, 5 months

1
0
0 / 0

[Fedora-directory-commits] adminserver/admserv/cgi-src40 admpw.c, 1.4, 1.5 config.c, 1.5, 1.6 download.c, 1.4, 1.5 dsconfig.c, 1.4, 1.5 help.c, 1.5, 1.6 htmladmin.c, 1.5, 1.6 listOldSrvs.c, 1.4, 1.5 mergeConfig.cpp, 1.4, 1.5 migrateConfig.c, 1.4, 1.5 monreplication.c, 1.4, 1.5 restartsrv.c, 1.4, 1.5 sec-activate.c, 1.5, 1.6 security.c, 1.6, 1.7 snmpconf.c, 1.4, 1.5 snmpmctl.c, 1.4, 1.5 start_config_ds.c, 1.4, 1.5 statpingserv.c, 1.3, 1.4 stopsrv.c, 1.4, 1.5 ugdsconfig.c, 1.5, 1.6 userinfo.c, 1.3, 1.4 viewda

by Doctor Conrad

Author: rmeggins Update of /cvs/dirsec/adminserver/admserv/cgi-src40 In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28761/adminserver/admserv/cgi-src40 Modified Files: admpw.c config.c download.c dsconfig.c help.c htmladmin.c listOldSrvs.c mergeConfig.cpp migrateConfig.c monreplication.c restartsrv.c sec-activate.c security.c snmpconf.c snmpmctl.c start_config_ds.c statpingserv.c stopsrv.c ugdsconfig.c userinfo.c viewdata.c viewlog.c Log Message: Bug(s) fixed: 186280 Bug Description: adminserver: Close potential security vulnerabilities in CGI code Reviewed by: Rob, Pete, Nathan, Noriko (Thanks!) Fix Description: Most of this just involves making sure that we use PR_snprintf/PL_strncpyz/PL_strcatn where able, or just making sure we use snprintf/strncpy/strncat correctly and null terminate the buffers. I also got rid of some dead code, unused variables, and the like. There are a few cases that are more complex that I have specified below. In some cases I had to change the function signature to add a size parameter in cases where the function was copying to a given char * and the size was assumed (in most cases this was safe but it's still dangerous). Platforms tested: Fedora Core 5 Flag Day: no Doc impact: no Index: admpw.c =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/admpw.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- admpw.c 18 Aug 2005 18:59:03 -0000 1.4 +++ admpw.c 31 Mar 2006 22:58:20 -0000 1.5 @@ -112,8 +112,8 @@ char resPath[256], *execPath; execPath = getcwd(resPath, 256); if (execPath) { - strcpy(resPath, execPath); - strcat(resPath, "/property"); + PL_strncpyz(resPath, execPath, sizeof(resPath)); + PL_strcatn(resPath, sizeof(resPath), "/property"); i18nResource = res_init_resource(resPath, RESOURCE_FILE); } if (getenv("HTTP_ACCEPT_LANGUAGE")) { @@ -301,7 +301,6 @@ FILE *f; int cnt; static char filename[BIG_LINE]; - static char inbuf[BIG_LINE]; static char outbuf[BIG_LINE]; PR_snprintf(filename, sizeof(filename), "%s/admpw", getenv("ADMSERV_ROOT")); Index: config.c =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/config.c,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- config.c 18 Aug 2005 18:59:03 -0000 1.5 +++ config.c 31 Mar 2006 22:58:20 -0000 1.6 @@ -86,7 +86,7 @@ static int update_conf(char *file, char *name, char *val); static int validate_addr(char* ip); static int validate_logfile(char* name); -static int get_logfile_path(char *name, char *buf); +static int get_logfile_path(char *name, char *buf, size_t bufsize); #ifdef XP_UNIX static int rename_pidlog_file(PsetHndl pset, char* newname); static int change_uid_all(char *dir, int curuid, int newuid); @@ -132,8 +132,8 @@ execPath = getcwd(resPath, 256); if (execPath) { - strcpy(resPath, execPath); - strcat(resPath, "/property"); + PL_strncpyz(resPath, execPath, sizeof(resPath)); + PL_strcatn(resPath, sizeof(resPath), "/property"); i18nResource = res_init_resource(resPath, RESOURCE_FILE); } valsbuf[0] = NULL; @@ -308,14 +308,15 @@ nl = createAttrNameList(cnt); x = 0; i = 0; while (inputs[x] && *(inputs[x]) != '\0') { - char namebuf[128], *cptr; - int j; - memset(namebuf, '\0', 128); - cptr = inputs[x++]; - j = 0; - while (*cptr != '=') namebuf[j++] = *cptr++; + char *begin, *end; + begin = inputs[x]; + end = strchr(inputs[x++], '='); + if (end) { + char *name = PL_strndup(begin, end-begin); /* Ignore "op" */ - if (strncasecmp(namebuf, "op", 2)) addName(nl, i++, namebuf); + if (strncasecmp(name, "op", 2)) addName(nl, i++, name); + PL_strfree(name); + } } resultList = psetGetAttrList(pset, nl, &errorCode); @@ -496,12 +497,12 @@ if (valptr && valptr[0] ) { char line[BIG_LINE]; int port = read_adm_conf(); - snprintf(line, BIG_LINE, "%s:%d", valptr, port); + PR_snprintf(line, sizeof(line), "%s:%d", valptr, port); err = update_conf("console.conf", "Listen", line); } else { char line[BIG_LINE]; int port = read_adm_conf(); - snprintf(line, BIG_LINE, "%d", port); + PR_snprintf(line, sizeof(line), "%d", port); err = update_conf("console.conf", "Listen", line); } } @@ -523,8 +524,8 @@ else { char newpath[BIG_LINE]; char pathline[BIG_LINE]; - get_logfile_path(valptr, newpath); - snprintf(pathline, BIG_LINE, "%s %s", newpath, "common"); + get_logfile_path(valptr, newpath, sizeof(newpath)); + PR_snprintf(pathline, sizeof(pathline), "%s %s", newpath, "common"); err = update_conf("console.conf", "CustomLog", pathline); } } @@ -544,7 +545,7 @@ } else { char newpath[BIG_LINE]; - get_logfile_path(valptr, newpath); + get_logfile_path(valptr, newpath, sizeof(newpath)); err = update_conf("console.conf", "ErrorLog", newpath); } } @@ -707,7 +708,6 @@ FILE *f; static char filename[BIG_LINE]; static char inbuf[BIG_LINE]; - static char buf[BIG_LINE]; static int port = -1; PR_snprintf(filename, sizeof(filename), "%s/adm.conf", getenv("ADMSERV_ROOT")); @@ -753,7 +753,7 @@ f = fopen(filename, "r"); if (f==NULL) { char msg[BIG_LINE]; - snprintf(msg, BIG_LINE, "Cannot open file %s for reading", filename); + PR_snprintf(msg, BIG_LINE, "Cannot open file %s for reading", filename); rpt_err(SYSTEM_ERROR, msg, NULL, NULL); } @@ -784,7 +784,7 @@ f = fopen(filename, "w"); if (f==NULL) { char msg[BIG_LINE]; - snprintf(msg, BIG_LINE, "Cannot open file %s for writing", filename); + PR_snprintf(msg, sizeof(msg), "Cannot open file %s for writing", filename); rpt_err(SYSTEM_ERROR, msg, NULL, NULL); } @@ -830,7 +830,6 @@ static int change_server_uid(PsetHndl pset, char* newuname) { char *sroot = getenv("NETSITE_ROOT"); int errorCode; - static char buf[BIG_LINE]; int newuid; char *olduname = psetGetAttrSingleValue(pset, "configuration.nsSuiteSpotUser", @@ -1084,7 +1083,7 @@ FILE *f; char fullname[BIG_LINE]; - get_logfile_path(name, fullname); + get_logfile_path(name, fullname, sizeof(fullname)); f = fopen(fullname, "a+"); if (f != NULL) { @@ -1094,13 +1093,13 @@ return 0; /* error */ } -static int get_logfile_path(char *name, char *buf) { +static int get_logfile_path(char *name, char *buf, size_t bufsize) { if (name[0] == '/') { - PR_snprintf(buf, sizeof(buf),"%s",name); + PR_snprintf(buf, bufsize,"%s",name); } else { - PR_snprintf(buf, sizeof(buf),"%s/%s", getenv("NETSITE_ROOT"), name); + PR_snprintf(buf, bufsize,"%s/%s", getenv("NETSITE_ROOT"), name); } return 0; Index: download.c =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/download.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- download.c 18 Aug 2005 18:59:03 -0000 1.4 +++ download.c 31 Mar 2006 22:58:20 -0000 1.5 @@ -35,6 +35,7 @@ #include <stdio.h> #include <stdlib.h> #include <string.h> +#include <stdarg.h> #ifdef XP_UNIX # include <dirent.h> @@ -74,6 +75,18 @@ #define DSGW_BLOCK "<dsgw_menu_block>" #define DSGW_BLOCK_CLOSE "</dsgw_menu_block>" +static int +safe_snprintf(char *buf, size_t size, const char *fmt, ...) +{ + int ret; + va_list ap; + va_start(ap, fmt); + ret = vsnprintf(buf, size, fmt, ap); + va_end(ap); + buf[size-1] = 0; + return ret; +} + int error_exit(char *msg) { @@ -93,7 +106,7 @@ error_exit("NETSITE_ROOT not found"); /* Check whether dsgw is installed */ - snprintf(path, sizeof(path), "%s%cdsgw", serverroot, FILE_SEP); + safe_snprintf(path, sizeof(path), "%s%cdsgw", serverroot, FILE_SEP); if (!(dp1 = dir_open(path))) { @@ -120,7 +133,7 @@ /* build list of supported downloads of the form <sr>/dist/<OSname>/n*.zip */ - snprintf(path, sizeof(path), "%s%cdist", serverroot, FILE_SEP); + safe_snprintf(path, sizeof(path), "%s%cdist", serverroot, FILE_SEP); baselen = strlen(path); @@ -134,7 +147,7 @@ continue; /* check if this is a dir and has an executable */ - snprintf(&(path[baselen]), sizeof(path), "%c%s", FILE_SEP, dir_name(ep1)); + safe_snprintf(&(path[baselen]), sizeof(path), "%c%s", FILE_SEP, dir_name(ep1)); if (!(dp2 = dir_open(path))) continue; @@ -148,7 +161,7 @@ !STRNCASECMP(dir_name(ep2), "winmcc", 6)) { platforms[count] = STRDUP(dir_name(ep1)); - snprintf(line, sizeof(line), "%s:%s", dir_name(ep1), dir_name(ep2)); + safe_snprintf(line, sizeof(line), "%s:%s", dir_name(ep1), dir_name(ep2)); paths[count++] = STRDUP(line); } } @@ -187,7 +200,7 @@ loc = strtok(strdup(acceptLanguage), ","); while (1) { - snprintf(line, sizeof(line), "..%cjava%chtml%c%c%c%cstart-console.html", FILE_SEP, FILE_SEP, FILE_SEP, loc[0],loc[1],FILE_SEP); + safe_snprintf(line, sizeof(line), "..%cjava%chtml%c%c%c%cstart-console.html", FILE_SEP, FILE_SEP, FILE_SEP, loc[0],loc[1],FILE_SEP); if ((html = fopen(line, "r")) != NULL) { break; @@ -197,7 +210,7 @@ loc = strtok(NULL, ", "); if (loc == NULL) { - snprintf(line, sizeof(line), "..%cjava%chtml%cstart-console.html", FILE_SEP, FILE_SEP, FILE_SEP); + safe_snprintf(line, sizeof(line), "..%cjava%chtml%cstart-console.html", FILE_SEP, FILE_SEP, FILE_SEP); if ((html = fopen(line, "r")) == NULL) { error_exit("start-console.html not found"); Index: dsconfig.c =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/dsconfig.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- dsconfig.c 18 Aug 2005 18:59:03 -0000 1.4 +++ dsconfig.c 31 Mar 2006 22:58:20 -0000 1.5 @@ -132,8 +132,8 @@ char resPath[256], *execPath; execPath = getcwd(resPath, 256); if (execPath) { - strcpy(resPath, execPath); - strcat(resPath, "/property"); + PL_strncpyz(resPath, execPath, sizeof(resPath)); + PL_strcatn(resPath, sizeof(resPath), "/property"); i18nResource = res_init_resource(resPath, RESOURCE_FILE); } if (getenv("HTTP_ACCEPT_LANGUAGE")) { Index: help.c =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/help.c,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- help.c 18 Aug 2005 18:59:03 -0000 1.5 +++ help.c 31 Mar 2006 22:58:20 -0000 1.6 @@ -31,6 +31,7 @@ #include <stdio.h> #include <stdlib.h> #include <string.h> +#include <stdarg.h> #ifdef XP_UNIX # include <dirent.h> @@ -85,6 +86,18 @@ static int debugPrintout = 0; static int didContentHeader = 0; +static int +safe_snprintf(char *buf, size_t size, const char *fmt, ...) +{ + int ret; + va_list ap; + va_start(ap, fmt); + ret = vsnprintf(buf, size, fmt, ap); + va_end(ap); + buf[size-1] = 0; + return ret; +} + int parse_query_string(char *qs, char **name[], char **val[]) { @@ -230,7 +243,7 @@ in the server installation */ loc = strtok(strdup(localeList), ","); while (1){ - snprintf(path, sizeof(path), "%s%c%c%c", BASE_DIR, FILE_SEP, loc[0], loc[1]); + safe_snprintf(path, sizeof(path), "%s%c%c%c", BASE_DIR, FILE_SEP, loc[0], loc[1]); if (dir_open(path)) { /* return only the first 2 characters of the language code e.g. return en for en-US */ loc[2] = '\0'; @@ -239,7 +252,7 @@ loc = strtok(NULL, ","); if (!loc) { /* default to English (en) */ - snprintf(path, sizeof(path), "%s%c%s", BASE_DIR, FILE_SEP, DEFAULT_LANG); + safe_snprintf(path, sizeof(path), "%s%c%s", BASE_DIR, FILE_SEP, DEFAULT_LANG); if (dir_open(path)) return DEFAULT_LANG; else @@ -255,8 +268,7 @@ { char path[PATH_LENGTH]; char base[PATH_LENGTH]; - char dir[PATH_LENGTH]; - char *dirp, *contentp; + char *dirp; FILE *file = NULL; if (debugPrintout) @@ -266,11 +278,11 @@ /* Open the target file and return the contents */ - snprintf(path, sizeof(path), "%s%c%s%c%s%c%s", BASE_DIR, FILE_SEP, locale, FILE_SEP, + safe_snprintf(path, sizeof(path), "%s%c%s%c%s%c%s", BASE_DIR, FILE_SEP, locale, FILE_SEP, product, FILE_SEP, content); if (!(file = fopen(path, "r"))) { - snprintf(path, sizeof(path), "unable to open file: %s", path); + safe_snprintf(path, sizeof(path), "unable to open file: %s", path); if (debugPrintout) { printf("%s<P>\n", path); @@ -284,14 +296,12 @@ } /* spit out the output, inserting a BASE tag into the HEAD block */ - contentp = content; - dirp = dir; - while (*contentp && (*contentp != FILE_SEP)) - { - *dirp++ = *contentp++; + if (dirp = strchr(content, FILE_SEP)) { + safe_snprintf(base, sizeof(base), "<base href=\"/%s/%s/%s/help/%.*s/\">", "manual", locale, product, + (dirp-content), content); + } else { + safe_snprintf(base, sizeof(base), "<base href=\"/%s/%s/%s/help/\">", "manual", locale, product); } - *dirp = 0; - snprintf(base, sizeof(base), "<base href=\"/%s/%s/%s/help/%s/\">", "manual", locale, product, dir); if (!didContentHeader) { printf("Content-type: text/html\n\n"); @@ -325,7 +335,7 @@ /* open a frameset file, either from the product dir, or the master file * in the help dir. */ - snprintf(path, sizeof(path), "%s%c%s%c%s%c%s", BASE_DIR, FILE_SEP, locale, FILE_SEP, product, FILE_SEP, FRAMESET_FILE); + safe_snprintf(path, sizeof(path), "%s%c%s%c%s%c%s", BASE_DIR, FILE_SEP, locale, FILE_SEP, product, FILE_SEP, FRAMESET_FILE); if (debugPrintout) { printf("opening frameset file: %s<P>\n", path); @@ -333,7 +343,7 @@ if (!(frameset = fopen(path, "r"))) { /* product frameset failed, so try global one */ - snprintf(path, sizeof(path), "%s", FRAMESET_FILE); + safe_snprintf(path, sizeof(path), "%s", FRAMESET_FILE); if (!(frameset = fopen(path, "r"))) { if (debugPrintout) @@ -467,7 +477,7 @@ printf( "Map file parameter: %s<P>\n", mapfile ); } - snprintf(path, sizeof(path), "%s%c%s%c%s%c%s", BASE_DIR, FILE_SEP, locale, + safe_snprintf(path, sizeof(path), "%s%c%s%c%s%c%s", BASE_DIR, FILE_SEP, locale, FILE_SEP, product, FILE_SEP, mapfile); if (debugPrintout) { @@ -565,7 +575,7 @@ /* first, check for contents.htm in this directory */ - snprintf(path, sizeof(path), "%s%c%s", dirpath, FILE_SEP, CONTENTS_FILE); + safe_snprintf(path, sizeof(path), "%s%c%s", dirpath, FILE_SEP, CONTENTS_FILE); if ((fp = fopen(path, "r"))) { @@ -610,7 +620,7 @@ dumpTitle(getProductName(dir_name(d))); } - snprintf(path, sizeof(path), "%s%c%s", dirpath, FILE_SEP, dir_name(d)); + safe_snprintf(path, sizeof(path), "%s%c%s", dirpath, FILE_SEP, dir_name(d)); check_directory(path, prefix, suffix, dirDepth+1); if (dirDepth == 0) @@ -669,7 +679,7 @@ *endp = '\0'; - snprintf(base, sizeof(base), "%s%c%s", BASE_DIR, FILE_SEP, locale); + safe_snprintf(base, sizeof(base), "%s%c%s", BASE_DIR, FILE_SEP, locale); check_directory(base, prefix, suffix, 0); } Index: htmladmin.c =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/htmladmin.c,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- htmladmin.c 2 Nov 2005 01:15:17 -0000 1.5 +++ htmladmin.c 31 Mar 2006 22:58:20 -0000 1.6 @@ -644,8 +644,8 @@ while(ptr3[0] == ' ') ptr3++; /* remove spaces */ - PR_snprintf(dn, BIG_LINE, "ou=\"%s\", ou=UserPreferences, %s", binddn, ptr3); - PR_snprintf(filter, BIG_LINE, "(&(objectclass=nscustomview)(nsdisplayname=%s))", view); + PR_snprintf(dn, sizeof(dn), "ou=\"%s\", ou=UserPreferences, %s", binddn, ptr3); + PR_snprintf(filter, sizeof(filter), "(&(objectclass=nscustomview)(nsdisplayname=%s))", view); ldapError = ldap_search_s(server, dn, LDAP_SCOPE_SUBTREE, filter, NULL, 0, &result); @@ -659,7 +659,7 @@ if(!vals || !strcmp(vals[0], "<none>")) { /* not in the private views, maybe in the public views? */ - PR_snprintf(dn, BIG_LINE, "ou=Global Preferences, %s", ptr3); + PR_snprintf(dn, sizeof(dn), "ou=Global Preferences, %s", ptr3); ldapError = ldap_search_s(server, dn, LDAP_SCOPE_SUBTREE, filter, NULL, 0, &result); if(ldapError != LDAP_SUCCESS) @@ -758,7 +758,7 @@ char *admConf = (char *)malloc(strlen(getenv("ADMSERV_ROOT"))+ /*<sr>/admin-serv/config*/ strlen("/adm.conf")+1); - sprintf(admConf, "%s%cadm.conf", getenv("ADMSERV_ROOT"), FILE_PATHSEP); + PR_snprintf(admConf, sizeof(admConf), "%s%cadm.conf", getenv("ADMSERV_ROOT"), FILE_PATHSEP); /* get host name(FQDN) and port number from config file */ f = fopen(admConf, "r"); @@ -797,7 +797,7 @@ char *admConf = (char *)malloc(strlen(getenv("ADMSERV_ROOT"))+ /*<sr>/admin-serv/config*/ strlen("/adm.conf")+1); - sprintf(admConf, "%s%cadm.conf", getenv("ADMSERV_ROOT"), FILE_PATHSEP); + PR_snprintf(admConf, sizeof(admConf), "%s%cadm.conf", getenv("ADMSERV_ROOT"), FILE_PATHSEP); /* get host name(FQDN) and port number from config file */ f = fopen(admConf, "r"); @@ -830,7 +830,7 @@ char *admConf = (char *)malloc(strlen(getenv("ADMSERV_ROOT"))+ /*<sr>/admin-serv/config*/ strlen("/adm.conf")+1); - sprintf(admConf, "%s%cadm.conf", getenv("ADMSERV_ROOT"), FILE_PATHSEP); + PR_snprintf(admConf, sizeof(admConf), "%s%cadm.conf", getenv("ADMSERV_ROOT"), FILE_PATHSEP); /* get host name(FQDN) and port number from config file */ f = fopen(admConf, "r"); @@ -928,13 +928,13 @@ } if(accesslog && errorlog && strcmp(accesslog, errorlog)) - PR_snprintf(dirs, BIG_LINE, "%s|%s", accesslog, errorlog); + PR_snprintf(dirs, sizeof(dirs), "%s|%s", accesslog, errorlog); else if(accesslog) - PL_strncpy(dirs, accesslog, BIG_LINE); + PL_strncpyz(dirs, accesslog, sizeof(dirs)); else if(errorlog) - PL_strncpy(dirs, errorlog, BIG_LINE); + PL_strncpyz(dirs, errorlog, sizeof(dirs)); else - PR_snprintf(dirs, BIG_LINE, "admin-serv%clogs", FILE_PATHSEP); + PR_snprintf(dirs, sizeof(dirs), "admin-serv%clogs", FILE_PATHSEP); return strdup(dirs); } @@ -970,7 +970,7 @@ dirs = strdup(ptr); else { dirs = (char *)realloc(dirs, (strlen(dirs) + strlen(ptr) + 1)); - PR_snprintf(dirs, BIG_LINE, "%s|%s", dirs, ptr); + sprintf(dirs, "%s|%s", dirs, ptr); } ldap_value_free(vals); } @@ -1196,7 +1196,7 @@ continue; if(view) - PR_snprintf(viewparam, BIG_LINE, "&view=%s", view); + PR_snprintf(viewparam, sizeof(viewparam), "&view=%s", view); if((vals = ldap_get_values(server, sie_entry, SIE_SERVERID_ATTR)) != NULL) { @@ -1248,6 +1248,7 @@ if(running == 1) { if(is_local_admin(server_host, server_port[0])) { + /* if this ever changes, use PR_smprintf instead of malloc + sprintf */ href = (char *)malloc(strlen(getResourceString(DBT_OUTPUT_TOPOLOGY_LOCAL_SERVER_ENTRY)) + strlen(admin_url) + 1); sprintf(href, @@ -1256,6 +1257,7 @@ } else { + /* if this ever changes, use PR_smprintf instead of malloc + sprintf */ href = (char *)malloc(strlen(getResourceString(DBT_OUTPUT_TOPOLOGY_SERVER_ENTRY)) + strlen(htmladmin_strdup_escaped(ldap_get_dn(server, sie_entry))) + (view ? strlen(viewparam) : 0) + @@ -1268,6 +1270,7 @@ } + /* if this ever changes, use PR_smprintf instead of malloc + sprintf */ info_link = (char *)malloc(strlen(getResourceString(DBT_OUTPUT_TOPOLOGY_ADMIN_INFO_LINK)) + strlen(admin_url) + strlen(htmladmin_strdup_escaped(ldap_get_dn(server, sie_entry))) + 2); sprintf(info_link, (const char*)getResourceString(DBT_OUTPUT_TOPOLOGY_ADMIN_INFO_LINK), @@ -1275,6 +1278,7 @@ htmladmin_strdup_escaped(ldap_get_dn(server, sie_entry))); + /* if this ever changes, use PR_smprintf instead of malloc + sprintf */ log_link = (char *)malloc(strlen(getResourceString(DBT_OUTPUT_TOPOLOGY_ADMIN_LOG_LINK)) + strlen(admin_url) + strlen(htmladmin_strdup_escaped(vals[0])) + strlen(htmladmin_strdup_escaped(dirs)) + 2); sprintf(log_link, (const char*)getResourceString(DBT_OUTPUT_TOPOLOGY_ADMIN_LOG_LINK), @@ -1301,6 +1305,7 @@ running = server_status(server_host, server_port[0]); if(running == 1) { + /* if this ever changes, use PR_smprintf instead of malloc + sprintf */ href = (char *)malloc(strlen(getResourceString(DBT_OUTPUT_TOPOLOGY_SERVER_RUNNING)) + strlen(htmladmin_strdup_escaped(ldap_get_dn(server, sie_entry))) + (view ? strlen(viewparam) : 0) + @@ -1312,6 +1317,7 @@ } else if(running == 0) { + /* if this ever changes, use PR_smprintf instead of malloc + sprintf */ href = (char *)malloc(strlen(getResourceString(DBT_OUTPUT_TOPOLOGY_SERVER_STOP)) + strlen(htmladmin_strdup_escaped(ldap_get_dn(server, sie_entry))) + (view ? strlen(viewparam) : 0) + @@ -1321,16 +1327,19 @@ view ? viewparam : ""); } + /* if this ever changes, use PR_smprintf instead of malloc + sprintf */ info_link = (char *)malloc(strlen(getResourceString(DBT_OUTPUT_TOPOLOGY_DIRECTORY_INFO_LINK)) + strlen(admin_url) + strlen(htmladmin_strdup_escaped(ldap_get_dn(server, sie_entry))) + 2); sprintf(info_link, getResourceString(DBT_OUTPUT_TOPOLOGY_DIRECTORY_INFO_LINK), admin_url, htmladmin_strdup_escaped(ldap_get_dn(server, sie_entry))); + /* if this ever changes, use PR_smprintf instead of malloc + sprintf */ log_link = (char *)malloc(strlen(getResourceString(DBT_OUTPUT_TOPOLOGY_DIRECTORY_LOG_LINK)) + strlen(admin_url) + strlen(htmladmin_strdup_escaped(vals[0])) + 2); sprintf(log_link, (const char*)getResourceString(DBT_OUTPUT_TOPOLOGY_DIRECTORY_LOG_LINK), admin_url, htmladmin_strdup_escaped(vals[0])); + /* if this ever changes, use PR_smprintf instead of malloc + sprintf */ repl_link = (char *)malloc(strlen(getResourceString(DBT_OUTPUT_TOPOLOGY_DIRECTORY_REPL_LINK)) + strlen(admin_url)*2 + strlen(htmladmin_strdup_escaped(host)) + strlen(getenv("NETSITE_ROOT")) + /*space for port num*/ 12); sprintf(repl_link, (const char*)getResourceString(DBT_OUTPUT_TOPOLOGY_DIRECTORY_REPL_LINK), admin_url, @@ -1347,105 +1356,6 @@ (running == 1) ? getResourceString(DBT_OUTPUT_TOPOLOGY_ON) : ((running == 0) ? getResourceString(DBT_OUTPUT_TOPOLOGY_OFF) : getResourceString(DBT_OUTPUT_TOPOLOGY_UNKNOWN)), (running == 1 || running == 0) ? href : ""); } - else if(strstr(ldap_get_dn(server, sie_entry), "Messaging")) { - /* - * Messaging Server - logs we get from DS, plus we need to display 3 components under the SIE: - * imap, pop and smtp. */ - char *dirs = MS_dirs(server, sie_entry, serverroot); - char *services[3]; - int count; - char *service_name; - - services[0] = strdup("IMAP"); - services[1] = strdup("POP"); - services[2] = strdup("SMTP"); - - - if(dirs) { - - info_link = (char *)malloc(strlen(getResourceString(DBT_OUTPUT_TOPOLOGY_MSG_INFO_LINK)) + strlen(admin_url) + strlen(htmladmin_strdup_escaped(ldap_get_dn(server, sie_entry))) + 2); - sprintf(info_link, - (const char*)getResourceString(DBT_OUTPUT_TOPOLOGY_MSG_INFO_LINK), - admin_url, - htmladmin_strdup_escaped(ldap_get_dn(server, sie_entry))); - - log_link = (char *)malloc(strlen(getResourceString(DBT_OUTPUT_TOPOLOGY_MSG_LOG_LINK)) + strlen(admin_url) + strlen(htmladmin_strdup_escaped(vals[0])) + strlen(htmladmin_strdup_escaped(dirs)) + 2); - sprintf(log_link, (const char*)getResourceString(DBT_OUTPUT_TOPOLOGY_MSG_LOG_LINK), - admin_url, - htmladmin_strdup_escaped(vals[0]), - htmladmin_strdup_escaped(dirs)); - - - fprintf(stdout, - (const char*)getResourceString(DBT_OUTPUT_TOPOLOGY_MSG_LINKS), - info_link, - log_link); - } - - for(count=0; count < 3; count++) { - - - fprintf(stdout, - (const char*)getResourceString(DBT_OUTPUT_TOPOLOGY_MSG_SERVICE), - services[count]); - - switch(count) { - case 0: - service_name = (char *)malloc(strlen("cn=imap, cn=service, cn=configuration, ") + strlen(ldap_get_dn(server, sie_entry)) + 1); - sprintf(service_name, "cn=imap, cn=service, cn=configuration, %s", - ldap_get_dn(server, sie_entry)); - break; - case 1: - service_name = (char *)malloc(strlen("cn=pop, cn=service, cn=configuration, ") + strlen(ldap_get_dn(server, sie_entry)) + 1); - sprintf(service_name, "cn=pop, cn=service, cn=configuration, %s", - ldap_get_dn(server, sie_entry)); - break; - case 2: - service_name = (char *)malloc(strlen("cn=smtp, cn=service, cn=configuration, ") + strlen(ldap_get_dn(server, sie_entry)) + 1); - sprintf(service_name, "cn=smtp, cn=service, cn=configuration, %s", - ldap_get_dn(server, sie_entry)); - break; - } - - running = server_status(server_host, server_port[count]); - if(running == 1) { - - href = (char *)malloc(strlen(getResourceString(DBT_OUTPUT_TOPOLOGY_MSG_OFF)) + - strlen(htmladmin_strdup_escaped(service_name)) + - (view ? strlen(viewparam) : 0) + - 1); - sprintf(href, - (const char*)getResourceString(DBT_OUTPUT_TOPOLOGY_MSG_OFF), - htmladmin_strdup_escaped(service_name), - view ? viewparam : ""); - } - else if(running == 0) { - - href = (char *)malloc(strlen(getResourceString(DBT_OUTPUT_TOPOLOGY_MSG_ON)) + - strlen(htmladmin_strdup_escaped(service_name)) + - (view ? strlen(viewparam) : 0) + - 1); - sprintf(href, (const char*)getResourceString(DBT_OUTPUT_TOPOLOGY_MSG_ON), - htmladmin_strdup_escaped(service_name), - view ? viewparam : ""); - } - - - fprintf(stdout, - (const char*)getResourceString(DBT_OUTPUT_TOPOLOGY_MSG_STATUS), - (running == 1) ? getResourceString(DBT_OUTPUT_TOPOLOGY_ON) : ((running == 0) ? getResourceString(DBT_OUTPUT_TOPOLOGY_OFF) : getResourceString(DBT_OUTPUT_TOPOLOGY_UNKNOWN) ), - (running == 1 || running == 0) ? href : ""); - - - - - - - - free(service_name); - - } - } else if(strstr(ldap_get_dn(server, sie_entry), "Enterprise")) { /* * Enterprise Server - local config file. @@ -1541,55 +1451,6 @@ (running == 1) ? href : ""); } - else if((strstr(ldap_get_dn(server, sie_entry), "Application")) || - (strstr(ldap_get_dn(server, sie_entry), "Biller"))) { - /* BillerXpert or NAS - the log directory is hardcoded to <instance-root>/logs */ - - running = server_status(server_host, server_port[0]); - - if(running == 1) { - - href = (char *)malloc(strlen(getResourceString(DBT_OUTPUT_TOPOLOGY_OTHER_ON)) + - strlen(htmladmin_strdup_escaped(ldap_get_dn(server, sie_entry))) + - (view ? strlen(viewparam) : 0) + - 1); - sprintf(href, (const char*)getResourceString(DBT_OUTPUT_TOPOLOGY_OTHER_ON), - htmladmin_strdup_escaped(ldap_get_dn(server, sie_entry)), - view ? viewparam : ""); - } - else if(running == 0) { - - href = (char *)malloc(strlen(getResourceString(DBT_OUTPUT_TOPOLOGY_OTHER_OFF)) + - strlen(htmladmin_strdup_escaped(ldap_get_dn(server, sie_entry))) + - (view ? strlen(viewparam) : 0) + - 1); - sprintf(href, (const char*)getResourceString(DBT_OUTPUT_TOPOLOGY_OTHER_OFF), - htmladmin_strdup_escaped(ldap_get_dn(server, sie_entry)), - view ? viewparam : ""); - } - - info_link = (char *)malloc(strlen(getResourceString(DBT_OUTPUT_TOPOLOGY_OTHER_INFO_LINK)) + strlen(admin_url) + strlen(htmladmin_strdup_escaped(ldap_get_dn(server, sie_entry))) + 2); - sprintf(info_link, - (const char*)getResourceString(DBT_OUTPUT_TOPOLOGY_OTHER_INFO_LINK), - admin_url, - htmladmin_strdup_escaped(ldap_get_dn(server, sie_entry))); - - log_link = (char *)malloc(strlen(getResourceString(DBT_OUTPUT_TOPOLOGY_OTHER_LOG_LINK)) + strlen(admin_url) + strlen(htmladmin_strdup_escaped(vals[0])) + strlen(htmladmin_strdup_escaped(vals[0])) + 3); - sprintf(log_link, - (const char*)getResourceString(DBT_OUTPUT_TOPOLOGY_OTHER_LOG_LINK), - admin_url, - htmladmin_strdup_escaped(vals[0]), - htmladmin_strdup_escaped(vals[0]), - FILE_PATHSEP); - - fprintf(stdout, - (const char*)getResourceString(DBT_OUTPUT_TOPOLOGY_STATUS), - info_link, - log_link, - (running == 1) ? getResourceString(DBT_OUTPUT_TOPOLOGY_ON) : ((running == -1) ? getResourceString(DBT_OUTPUT_TOPOLOGY_UNKNOWN) : getResourceString(DBT_OUTPUT_TOPOLOGY_OFF)), - (running == 1) ? href : ""); - - } fprintf(stdout, getResourceString(DBT_OUTPUT_TOPOLOGY_TABLE_FOOTER)); @@ -1637,10 +1498,10 @@ nbuf = (bufstruct *) new_buffer(NBUF_SIZE); - tmp = (unsigned char *)malloc(strlen(binddn) + strlen(bindpw) + 2); - auth = (unsigned char *)malloc(2024); - sprintf((char *)tmp, "%s:%s", binddn, bindpw); + tmp = (unsigned char *)PR_smprintf("%s:%s", binddn, bindpw); + auth = (unsigned char *)malloc(strlen((char *)tmp)*2+1); do_uuencode(tmp, auth, strlen((char *)tmp)); + PR_smprintf_free((char *)tmp); if(strstr(admin_url, "https")) { admin_host = strtok(buf+8, ":"); @@ -1751,10 +1612,10 @@ nbuf = (bufstruct *) new_buffer(NBUF_SIZE); - tmp = (unsigned char *)malloc(strlen(binddn) + strlen(bindpw) + 2); - auth = (unsigned char *)malloc(2024); - sprintf((char *)tmp, "%s:%s", binddn, bindpw); + tmp = (unsigned char *)PR_smprintf("%s:%s", binddn, bindpw); + auth = (unsigned char *)malloc(strlen((char *)tmp)*2+1); do_uuencode(tmp, auth, strlen((char *)tmp)); + PR_smprintf_free((char *)tmp); if(strstr(admin_url, "https")) { admin_host = strtok(buf+8, ":"); @@ -1864,7 +1725,7 @@ int rv; - PR_snprintf(line, BIG_LINE, "%s%cbin/admin/admin/bin/property", getenv("NETSITE_ROOT"), FILE_PATHSEP); + PR_snprintf(line, sizeof(line), "%s%cbin/admin/admin/bin/property", getenv("NETSITE_ROOT"), FILE_PATHSEP); i18nResource = res_init_resource(line, RESOURCE_FILE); acceptLanguage = "en"; if (lang) acceptLanguage = strdup(lang); @@ -1883,7 +1744,7 @@ view = get_cgi_var("view", NULL, NULL); if(view) - PR_snprintf(viewparam, BIG_LINE, "&view=%s", view); + PR_snprintf(viewparam, sizeof(viewparam), "&view=%s", view); /* In all cases, get the custom view. */ Index: listOldSrvs.c =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/listOldSrvs.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- listOldSrvs.c 18 Aug 2005 18:59:03 -0000 1.4 +++ listOldSrvs.c 31 Mar 2006 22:58:20 -0000 1.5 @@ -60,7 +60,7 @@ int -readServersList(char* serverRoot, FILE *fstream, char *fileName, char* errorInfo) +readServersList(char* serverRoot, FILE *fstream, char *fileName, char* errorInfo, size_t errorSize) { char line[1024]; int ln; @@ -75,15 +75,15 @@ char *v; ++ln; - switch( (t = admutil_getline(fstream, 1024, ln, line))) { + switch( (t = admutil_getline(fstream, sizeof(line), ln, line))) { case -1: fclose(fstream); if (i18nResource && (errorMsg = res_getstring(i18nResource, DBT_ERROR_READ_FILE, acceptLanguage))) - PR_snprintf(errorInfo, sizeof(errorInfo), errorMsg, fileName); - else PR_snprintf(errorInfo, sizeof(errorInfo), "Error reading file: %s", fileName); + PR_snprintf(errorInfo, errorSize, errorMsg, fileName); + else PR_snprintf(errorInfo, errorSize, "Error reading file: %s", fileName); return 0; case 1: fclose(fstream); @@ -122,7 +122,7 @@ } char** -get_server_list(char* oldServerRoot, char* errorInfo) { +get_server_list(char* oldServerRoot, char* errorInfo, size_t errorSize) { PRDir *sr; PRDirEntry *dirname; @@ -145,14 +145,14 @@ (errMsg = res_getstring(i18nResource, DBT_ERROR_OPEN_FILE, acceptLanguage))) - PR_snprintf(errorInfo, sizeof(errorInfo), errMsg, fileName); + PR_snprintf(errorInfo, errorSize, errMsg, fileName); else - PR_snprintf(errorInfo, sizeof(errorInfo), "Error open file: %s", fileName); + PR_snprintf(errorInfo, errorSize, "Error open file: %s", fileName); return 0; } } - if (!(result = readServersList(oldServerRoot, fstream, fileName, errorInfo))) { + if (!(result = readServersList(oldServerRoot, fstream, fileName, errorInfo, errorSize))) { return NULL; } @@ -162,8 +162,8 @@ (errMsg = res_getstring(i18nResource, DBT_ERROR_OPEN_DIR, acceptLanguage))) - PR_snprintf(errorInfo, sizeof(errorInfo), errMsg, oldServerRoot); - else PR_snprintf(errorInfo, sizeof(errorInfo), "Error open directory: %s", oldServerRoot); + PR_snprintf(errorInfo, errorSize, errMsg, oldServerRoot); + else PR_snprintf(errorInfo, errorSize, "Error open directory: %s", oldServerRoot); return NULL; } @@ -206,7 +206,7 @@ char *nameptr, *valptr, *val; char error_info[128]; int setFlag = 0, getFlag = 0, forceSetFlag = 0; - char resPath[256], *execPath, *tmpptr; + char *execPath, *tmpptr; char *lang = getenv("HTTP_ACCEPT_LANGUAGE"); const char *errMsg = NULL; #if 0 @@ -275,7 +275,7 @@ else rpt_err(INCORRECT_USAGE, "No old server root specified", NULL, NULL); } - server_list = get_server_list(oldSR, error_info); + server_list = get_server_list(oldSR, error_info, sizeof(error_info)); if (server_list) { rpt_success(NULL); Index: mergeConfig.cpp =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/mergeConfig.cpp,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- mergeConfig.cpp 29 Mar 2006 02:19:52 -0000 1.4 +++ mergeConfig.cpp 31 Mar 2006 22:58:20 -0000 1.5 @@ -311,14 +311,14 @@ while((start_ptr && *start_ptr != '\0') && (end_ptr && *end_ptr != '\0')) { end_ptr[0] = '\0'; - strcat(replace_string, start_ptr); - strcat(replace_string, dest_groupDN); + PL_strcatn(replace_string, sizeof(replace_string), start_ptr); + PL_strcatn(replace_string, sizeof(replace_string), dest_groupDN); start_ptr = end_ptr + strlen(source_groupDN); if(start_ptr && *start_ptr != '\0') end_ptr = strstr(start_ptr, source_groupDN); } if(start_ptr && *start_ptr!= '\0') - strcat(replace_string, start_ptr); + PL_strcatn(replace_string, sizeof(replace_string), start_ptr); free(temp_string); free(attribute_list[i]); @@ -363,7 +363,7 @@ } while(merge_rules[count]) { - sprintf(temp, "{%s}", attrName); + PR_snprintf(temp, sizeof(temp), "{%s}", attrName); if(strstr(merge_rules[count], temp)) break; count++; @@ -646,11 +646,11 @@ source_entry = ldap_next_entry(source_server, source_entry)) { next_source_dn = ldap_get_dn(source_server, source_entry); - strcpy(temp, next_source_dn); + PL_strncpyz(temp, next_source_dn, sizeof(temp)); temp2 = strchr(temp, ','); temp2[2] = '\0'; // include the space - strcpy(next_dest_dn, temp); - strcat(next_dest_dn, dest_pref_dn); + PL_strncpyz(next_dest_dn, temp, sizeof(next_dest_dn)); + PL_strcatn(next_dest_dn, sizeof(next_dest_dn), dest_pref_dn); if(recursive_mergeGlobalPrefs(source_server, next_source_dn, @@ -816,7 +816,7 @@ /* ---------------------- INIT i18n ---------------------------------------- */ char *lang=getenv("HTTP_ACCEPT_LANGUAGE"); - sprintf(line, "%s%cbin/admin/admin/bin/property", server_root, FILE_PATHSEP); + PR_snprintf(line, sizeof(line), "%s%cbin/admin/admin/bin/property", server_root, FILE_PATHSEP); i18nResource = res_init_resource(line, RESOURCE_FILE); acceptLanguage = "en"; if (lang) acceptLanguage = strdup(lang); @@ -848,7 +848,7 @@ if (source_binddn) rv = ADM_GetCurrentPassword(&err, &source_bindpw); - sprintf(admroot, "%s%cadmin-serv%cconfig", + PR_snprintf(admroot, sizeof(admroot), "%s%cadmin-serv%cconfig", server_root, FILE_PATHSEP, FILE_PATHSEP); @@ -861,7 +861,7 @@ rv = ADMSSL_InitSimple(); if (rv) { - sprintf(error_info, getResourceString(DBT_ADMSSL_INITFAIL), rv); + PR_snprintf(error_info, sizeof(error_info), getResourceString(DBT_ADMSSL_INITFAIL), rv); rpt_err(APP_ERROR, error_info, NULL, NULL); } @@ -899,8 +899,7 @@ rpt_err(ELEM_MISSING, getResourceString(DBT_NO_SOURCE_GROUPDN), NULL, NULL); - char *dest_basedn = (char *)malloc((strlen(dest_domain) + 20) * sizeof(char)); - sprintf(dest_basedn, "ou=%s, o=NetscapeRoot", dest_domain); + char *dest_basedn = PR_smprintf("ou=%s, o=NetscapeRoot", dest_domain); temp = strdup(source_groupdn); char *source_basedn = strtok(temp, ","); @@ -910,13 +909,13 @@ if(source_basedn[0] == ' ') source_basedn = &(source_basedn[1]); - sprintf(dest_url, "ldap%s://%s:%s/%s", + PR_snprintf(dest_url, sizeof(dest_url), "ldap%s://%s:%s/%s", (!strcmp(dest_secure, "1") ? "s" : ""), dest_host, dest_port, dest_basedn); - sprintf(source_url, "ldap%s://%s:%d/%s", + PR_snprintf(source_url, sizeof(source_url), "ldap%s://%s:%d/%s", ((admldapGetSecurity(ldapInfo)) ? "s" : ""), admldapGetHost(ldapInfo), admldapGetPort(ldapInfo), @@ -1072,15 +1071,15 @@ isie_created = 1; } - strcat(sie_response, "SIE:"); - strcat(sie_response, sieEntry->entryDN()); - strcat(sie_response, "%0A"); + PL_strcatn(sie_response, sizeof(sie_response), "SIE:"); + PL_strcatn(sie_response, sizeof(sie_response), sieEntry->entryDN()); + PL_strcatn(sie_response, sizeof(sie_response), "%0A"); } /* creating SIE's for current ISIE */ - strcat(isie_response, "ISIE:"); - strcat(isie_response, appEntry->entryDN()); - strcat(isie_response, "%0A"); + PL_strcatn(isie_response, sizeof(isie_response), "ISIE:"); + PL_strcatn(isie_response, sizeof(isie_response), appEntry->entryDN()); + PL_strcatn(isie_response, sizeof(isie_response), "%0A"); /* ------------------------- MERGE ALL ENTRIES UNDER CURRENT ISIE --------------------------- */ @@ -1143,10 +1142,10 @@ char source_pref_dn[BIG_LINE]; char dest_pref_dn[BIG_LINE]; - strcpy(source_pref_dn, "ou=Global Preferences, "); - strcat(source_pref_dn, source_basedn); - strcpy(dest_pref_dn, "ou=Global Preferences, "); - strcat(dest_pref_dn, dest_basedn); + PL_strncpyz(source_pref_dn, "ou=Global Preferences, ", sizeof(source_pref_dn)); + PL_strcatn(source_pref_dn, sizeof(source_pref_dn), source_basedn); + PL_strncpyz(dest_pref_dn, "ou=Global Preferences, ", sizeof(dest_pref_dn)); + PL_strcatn(dest_pref_dn, sizeof(dest_pref_dn), dest_basedn); if(mergeGlobalPrefs(admldapGetHost(ldapInfo), admldapGetPort(ldapInfo), @@ -1169,7 +1168,7 @@ } /* GET */ - sprintf(response, + PR_snprintf(response, sizeof(response), "%s%s", sie_response, isie_response); Index: migrateConfig.c =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/migrateConfig.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- migrateConfig.c 18 Aug 2005 18:59:03 -0000 1.4 +++ migrateConfig.c 31 Mar 2006 22:58:20 -0000 1.5 @@ -140,8 +140,8 @@ execPath = getcwd(resPath, 256); if (execPath) { - strcpy(resPath, execPath); - strcat(resPath, "/property"); + PL_strncpyz(resPath, execPath, sizeof(resPath)); + PL_strcatn(resPath, sizeof(resPath), "/property"); i18nResource = res_init_resource(resPath, RESOURCE_FILE); } @@ -349,12 +349,12 @@ if (val) { char urlBuf[256]; char *tmpptr; - PL_strcpy(urlBuf, val); + PL_strncpyz(urlBuf, val, sizeof(urlBuf)); tmpptr = PL_strrchr(urlBuf, ':'); if (tmpptr) { tmpptr++; *tmpptr = '\0'; - PL_strcat(urlBuf, valptr); + PL_strcatn(urlBuf, sizeof(urlBuf), valptr); addSingleValueAttribute(updateList, i++, "adminurl", urlBuf); } } @@ -430,7 +430,6 @@ char *lines[50]; int port; const char *errMsg = NULL; - char error_info[128]; PR_snprintf(filename, sizeof(filename), "%s/adm.conf", getenv("ADMSERV_ROOT")); @@ -480,8 +479,6 @@ int linecnt=0; char *lines[50]; int port; - const char *errMsg = NULL; - char error_info[128]; PR_snprintf(filename, sizeof(filename), "%s/magnus.conf", getenv("ADMSERV_ROOT")); Index: monreplication.c =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/monreplication.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- monreplication.c 18 Aug 2005 18:59:03 -0000 1.4 +++ monreplication.c 31 Mar 2006 22:58:20 -0000 1.5 @@ -58,8 +58,8 @@ char resPath[256], *execPath; execPath = getcwd(resPath, 256); if (execPath) { - strcpy(resPath, execPath); - strcat(resPath, "/property"); + PL_strncpyz(resPath, execPath, sizeof(resPath)); + PL_strcatn(resPath, sizeof(resPath), "/property"); i18nResource = res_init_resource(resPath, RESOURCE_FILE); } if (getenv("HTTP_ACCEPT_LANGUAGE")) { Index: restartsrv.c =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/restartsrv.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- restartsrv.c 18 Aug 2005 18:59:03 -0000 1.4 +++ restartsrv.c 31 Mar 2006 22:58:20 -0000 1.5 @@ -121,8 +121,8 @@ execPath = getcwd(resPath, 256); if (execPath) { - strcpy(resPath, execPath); - strcat(resPath, "/property"); + PL_strncpyz(resPath, execPath, sizeof(resPath)); + PL_strcatn(resPath, sizeof(resPath), "/property"); i18nResource = res_init_resource(resPath, RESOURCE_FILE); } @@ -256,11 +256,8 @@ #ifdef XP_UNIX static char * get_admserv_pid() { char path[BIG_LINE]; - char newpath[BIG_LINE]; char *pidlog = (char*)get_pid_file(); - char *sroot = getenv("NETSITE_ROOT"); char inbuf[16]; - int errorCode; FILE *f; PR_snprintf(path, sizeof(path), "%s", pidlog); Index: sec-activate.c =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/sec-activate.c,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- sec-activate.c 18 Nov 2005 21:15:03 -0000 1.5 +++ sec-activate.c 31 Mar 2006 22:58:20 -0000 1.6 @@ -124,11 +124,9 @@ if (value) { } else { - char * msg = getResourceString(DBT_CGI_MISSING_ARGS); - char * scratch = (char *) malloc(strlen(msg) + strlen(var) + 1); - sprintf(scratch, msg, var); + char * scratch = PR_smprintf(getResourceString(DBT_CGI_MISSING_ARGS), var); rpt_err(INCORRECT_USAGE, scratch, 0, 0); - free((void *) scratch); /* never executed */ + PR_smprintf_free(scratch); /* never executed */ } return value; @@ -182,7 +180,7 @@ * Returns 0 on success, -1 on failure. */ -int get_cert_nickname(char *buf) { +int get_cert_nickname(char *buf, size_t bufsize) { char *list_of_families; char *family_name; @@ -201,7 +199,7 @@ if((temp = get_cgi_var(cgi_var_name, "", "")) == NULL) { return -1; } - strcpy(buf, temp); + PL_strncpyz(buf, temp, bufsize); return 0; /*family_name = PORT_Strtok(NULL, ",");*/ } @@ -238,7 +236,7 @@ PR_snprintf(temp, sizeof(temp), "security=%s\n", val); else PR_snprintf(temp, sizeof(temp), "security=off\n"); - strcat(temp_return, temp); + PL_strcatn(temp_return, sizeof(temp_return), temp); if((family_list = psetGetChildren(pset, "configuration.Encryption", &errorCode))) { @@ -262,7 +260,7 @@ &errorCode); if((!val) || (!token) || (!personality)) { - strcat(temp_return, "familyList=NULL\n"); + PL_strcatn(temp_return, sizeof(temp_return), "familyList=NULL\n"); *return_string = PORT_Strdup(temp_return); return -1; } @@ -271,19 +269,19 @@ family_name++; PR_snprintf(temp, sizeof(temp), "familyList=%s\n", family_name); - strcat(temp_return, temp); + PL_strcatn(temp_return, sizeof(temp_return), temp); PR_snprintf(temp, sizeof(temp), "%s-activated=%s\n", family_name, val); - strcat(temp_return, temp); + PL_strcatn(temp_return, sizeof(temp_return), temp); PR_snprintf(temp, sizeof(temp), "%s-token=%s\n", family_name, token); - strcat(temp_return, temp); + PL_strcatn(temp_return, sizeof(temp_return), temp); PR_snprintf(temp, sizeof(temp), "%s-cert=%s\n", family_name, personality); - strcat(temp_return, temp); + PL_strcatn(temp_return, sizeof(temp_return), temp); } } - strcat(temp_return, "familyList=NULL\n"); + PL_strcatn(temp_return, sizeof(temp_return), "familyList=NULL\n"); /* get cipher preferences */ @@ -291,46 +289,46 @@ val = psetGetAttrSingleValue(pset, "configuration.encryption.nsSSL2", &errorCode); - strcat(temp_return, "ssl2-activated="); + PL_strcatn(temp_return, sizeof(temp_return), "ssl2-activated="); if(val) - strcat(temp_return, val); - strcat(temp_return, "\n"); + PL_strcatn(temp_return, sizeof(temp_return), val); + PL_strcatn(temp_return, sizeof(temp_return), "\n"); val = NULL; val = psetGetAttrSingleValue(pset, "configuration.encryption.nsSSL2Ciphers", &errorCode); - strcat(temp_return, "ssl2="); + PL_strcatn(temp_return, sizeof(temp_return), "ssl2="); if(val) - strcat(temp_return, val); - strcat(temp_return, "\n"); + PL_strcatn(temp_return, sizeof(temp_return), val); + PL_strcatn(temp_return, sizeof(temp_return), "\n"); val = NULL; val = psetGetAttrSingleValue(pset, "configuration.encryption.nsSSL3", &errorCode); - strcat(temp_return, "ssl3-activated="); + PL_strcatn(temp_return, sizeof(temp_return), "ssl3-activated="); if(val) - strcat(temp_return, val); - strcat(temp_return, "\n"); + PL_strcatn(temp_return, sizeof(temp_return), val); + PL_strcatn(temp_return, sizeof(temp_return), "\n"); val = NULL; val = psetGetAttrSingleValue(pset, "configuration.encryption.nsSSL3Ciphers", &errorCode); - strcat(temp_return, "ssl3="); + PL_strcatn(temp_return, sizeof(temp_return), "ssl3="); if(val) - strcat(temp_return, val); - strcat(temp_return, "\n"); + PL_strcatn(temp_return, sizeof(temp_return), val); + PL_strcatn(temp_return, sizeof(temp_return), "\n"); val = NULL; val = psetGetAttrSingleValue(pset, "configuration.encryption.nsSSLClientAuth", &errorCode); - strcat(temp_return, "clientauth="); + PL_strcatn(temp_return, sizeof(temp_return), "clientauth="); if(val) - strcat(temp_return, val); - strcat(temp_return, "\n"); + PL_strcatn(temp_return, sizeof(temp_return), val); + PL_strcatn(temp_return, sizeof(temp_return), "\n"); *return_string = PORT_Strdup(temp_return); return 0; @@ -609,7 +607,7 @@ /* get all variables */ rv = GetSSLFamilyAttributes(pset, &return_string); - fprintf(stdout, return_string); + fputs(return_string, stdout); free(return_string); } else if (!PORT_Strcmp(method, "POST")) { @@ -631,11 +629,9 @@ get_family_input(&family_head); if((trustdb = get_cgi_var(trustdbVN, "", "")) == NULL) { - char * msg = getResourceString(DBT_CGI_MISSING_ARGS); - char * scratch = (char *) malloc(strlen(msg) + sizeof(trustdbVN)); - sprintf(scratch, msg, trustdbVN); + char * scratch = PR_smprintf(getResourceString(DBT_CGI_MISSING_ARGS), trustdbVN); rpt_err(ELEM_MISSING, NULL, scratch, NULL); - free((void *) scratch); /* never executed */ + PR_smprintf_free(scratch); /* never executed */ } /* SET SSL VARIABLES via pset */ @@ -666,12 +662,10 @@ char protocols[BIG_LINE]; char ciphers[BIG_LINE]; - if (get_cert_nickname(certnickname) < 0) { - char * msg = getResourceString(DBT_CGI_MISSING_ARGS); - char * scratch = (char *) malloc(strlen(msg) + strlen(certnickname) + 1); - sprintf(scratch, msg, certnickname); + if (get_cert_nickname(certnickname, sizeof(certnickname)) < 0) { + char * scratch = PR_smprintf(getResourceString(DBT_CGI_MISSING_ARGS), certnickname); rpt_err(ELEM_MISSING, NULL, scratch, NULL); - free((void *) scratch); /* never executed */ + PR_smprintf_free(scratch); /* never executed */ } if (strlen(clientauth) == 0) { clientauth = (char*)"off"; @@ -689,7 +683,8 @@ rv = update_conf("console.conf", "NSSProtocol", protocols); - snprintf(ciphers, BIG_LINE, "%s,%s", ssl2, ssl3); + snprintf(ciphers, sizeof(ciphers), "%s,%s", ssl2, ssl3); + ciphers[sizeof(ciphers)-1] = 0; rv = update_conf("console.conf", "NSSCipherSuite", ciphers); if (!strcmp(clientauth, "on")) Index: security.c =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/security.c,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- security.c 1 Feb 2006 23:03:57 -0000 1.6 +++ security.c 31 Mar 2006 22:58:20 -0000 1.7 @@ -1010,10 +1010,12 @@ loser: if (privateKey==NULL) { - char tmpLine[BIG_LINE]; + char *tmpLine = NULL; + tmpLine = (char *)PR_Malloc(PR_GetErrorTextLength()+1); PR_GetErrorText(tmpLine); PR_snprintf(line, sizeof(line), "%d:%s", PR_GetError(), tmpLine); + PR_Free(tmpLine); rpt_err(GENERAL_FAILURE, getResourceString(DBT_INTERNAL_ERROR), @@ -1231,9 +1233,12 @@ if (rv != SECSuccess) { { - char tmpLine[BIG_LINE]; + char *tmpLine; + + tmpLine = (char *)PR_Malloc(PR_GetErrorTextLength()+1); PR_GetErrorText(tmpLine); PR_snprintf(line, sizeof(line), "%d:%s", PR_GetError(), tmpLine); + PR_Free(tmpLine); } /* if unable to import report error */ rpt_err(SYSTEM_ERROR, Index: snmpconf.c =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/snmpconf.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- snmpconf.c 18 Aug 2005 18:59:03 -0000 1.4 +++ snmpconf.c 31 Mar 2006 22:58:20 -0000 1.5 @@ -115,8 +115,8 @@ char resPath[256], *execPath; execPath = getcwd(resPath, 256); if (execPath) { - strcpy(resPath, execPath); - strcat(resPath, "/property"); + PL_strncpyz(resPath, execPath, sizeof(resPath)); + PL_strcatn(resPath, sizeof(resPath), "/property"); i18nResource = res_init_resource(resPath, RESOURCE_FILE); } if (getenv("HTTP_ACCEPT_LANGUAGE")) { @@ -396,7 +396,6 @@ void update_manager_list(char *manager, char *configfile) { char *comma, *tab1, *tab2, *entry, *name, *trap_port, *community; - char op_buf[128]; manager_list * list = NULL; Index: snmpmctl.c =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/snmpmctl.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- snmpmctl.c 18 Aug 2005 18:59:03 -0000 1.4 +++ snmpmctl.c 31 Mar 2006 22:58:20 -0000 1.5 @@ -133,8 +133,8 @@ char resPath[256], *execPath; execPath = getcwd(resPath, 256); if (execPath) { - strcpy(resPath, execPath); - strcat(resPath, "/property"); + PL_strncpyz(resPath, execPath, sizeof(resPath)); + PL_strcatn(resPath, sizeof(resPath), "/property"); i18nResource = res_init_resource(resPath, RESOURCE_FILE); } if (getenv("HTTP_ACCEPT_LANGUAGE")) { @@ -162,7 +162,6 @@ int main(int argc, char *argv[]) { int _ai = ADMUTIL_Init(); - char line[BIG_LINE]; char *method = getenv("REQUEST_METHOD"); char *qs=0; char *root = getenv("NETSITE_ROOT"); @@ -410,7 +409,6 @@ char command[BIG_LINE]; char path[PATH_MAX]; FILE *fhdl; - char buffer[20]; char *ADMSERV_ROOT = getenv("ADMSERV_ROOT"); pid_t magtid; @@ -524,7 +522,6 @@ char errlog[PATH_MAX]; FILE *fhdl; pid_t magtid; - char buffer[20]; char err_text[128]; int ret=0; Index: start_config_ds.c =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/start_config_ds.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- start_config_ds.c 18 Aug 2005 18:59:03 -0000 1.4 +++ start_config_ds.c 31 Mar 2006 22:58:20 -0000 1.5 @@ -112,6 +112,7 @@ return error_exit("NETSITE_ROOT not found"); snprintf(path, sizeof(path), "%s%c%s", admroot, FILE_SEP, ADMIN_CONFIG_FILE); + path[sizeof(path)-1] = 0; if (!(configfile = fopen(path, "r"))) return error_exit("Failed to open adm.conf"); @@ -137,6 +138,7 @@ p++; snprintf(path, sizeof(path), "%s%c%s", srvroot, FILE_SEP, p); + path[sizeof(path)-1] = 0; /* this should probably be an explicit fork/exec, but I don't have the time... */ if ((ret_val = system(path)) == -1) Index: statpingserv.c =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/statpingserv.c,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- statpingserv.c 18 Aug 2005 18:59:03 -0000 1.3 +++ statpingserv.c 31 Mar 2006 22:58:20 -0000 1.4 @@ -57,7 +57,6 @@ { int _ai = ADMUTIL_Init(); char *m; - char msg[BIG_LINE]; char *qs = getenv("QUERY_STRING"); PRHostEnt hent; Index: stopsrv.c =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/stopsrv.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- stopsrv.c 18 Aug 2005 18:59:03 -0000 1.4 +++ stopsrv.c 31 Mar 2006 22:58:20 -0000 1.5 @@ -81,8 +81,8 @@ execPath = getcwd(resPath, 256); if (execPath) { - strcpy(resPath, execPath); - strcat(resPath, "/property"); + PL_strncpyz(resPath, execPath, sizeof(resPath)); + PL_strcatn(resPath, sizeof(resPath), "/property"); i18nResource = res_init_resource(resPath, RESOURCE_FILE); } Index: ugdsconfig.c =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/ugdsconfig.c,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- ugdsconfig.c 28 Oct 2005 22:43:29 -0000 1.5 +++ ugdsconfig.c 31 Mar 2006 22:58:20 -0000 1.6 @@ -137,8 +137,8 @@ char resPath[256], *execPath; execPath = getcwd(resPath, 256); if (execPath) { - strcpy(resPath, execPath); - strcat(resPath, "/property"); + PL_strncpyz(resPath, execPath, sizeof(resPath)); + PL_strcatn(resPath, sizeof(resPath), "/property"); i18nResource = res_init_resource(resPath, RESOURCE_FILE); } if (getenv("HTTP_ACCEPT_LANGUAGE")) { Index: userinfo.c =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/userinfo.c,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- userinfo.c 18 Aug 2005 18:59:03 -0000 1.3 +++ userinfo.c 31 Mar 2006 22:58:20 -0000 1.4 @@ -34,7 +34,6 @@ { int _ai = ADMUTIL_Init(); AdmldapInfo ldapInfo; - char admconf[256]; char *method; int rv, rv1, rv2; int err; Index: viewdata.c =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/viewdata.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- viewdata.c 18 Aug 2005 18:59:03 -0000 1.4 +++ viewdata.c 31 Mar 2006 22:58:20 -0000 1.5 @@ -95,8 +95,8 @@ char resPath[256], *execPath; execPath = getcwd(resPath, 256); if (execPath) { - strcpy(resPath, execPath); - strcat(resPath, "/property"); + PL_strncpyz(resPath, execPath, sizeof(resPath)); + PL_strcatn(resPath, sizeof(resPath), "/property"); i18nResource = res_init_resource(resPath, RESOURCE_FILE); } if (getenv("HTTP_ACCEPT_LANGUAGE")) { @@ -222,6 +222,7 @@ char *dn; char *domain; char *tmp, *tmp2; + char *base = NULL; LDAPMessage *entry; int ldapError; @@ -243,39 +244,28 @@ /* form the rest of the url */ - if(strstr(sie, "Messaging")) { - dn = (char *)malloc(strlen("ou=Messaging, ou=Global Preferences, ") + strlen(domain) + 1); - sprintf(dn, "ou=Messaging, ou=Global Preferences, %s", domain); - } - else if(strstr(sie, "Administration")) { - dn = (char *)malloc(strlen("ou=Admin, ou=Global Preferences, ") + strlen(domain) + 1); - sprintf(dn, "ou=Admin, ou=Global Preferences, %s", domain); + if(strstr(sie, "Administration")) { + base = "ou=Admin, ou=Global Preferences"; } else if(strstr(sie, "Directory")) { - dn = (char *)malloc(strlen("ou=Directory, ou=Global Preferences, ") + strlen(domain) + 1); - sprintf(dn, "ou=Directory, ou=Global Preferences, %s", domain); + base = "ou=Directory, ou=Global Preferences"; } else if(strstr(sie, "Enterprise")) { - dn = (char *)malloc(strlen("ou=Enterprise, ou=Global Preferences, ") + strlen(domain) + 1); - sprintf(dn, "ou=Enterprise, ou=Global Preferences, %s", domain); + base = "ou=Enterprise, ou=Global Preferences"; } else if(strstr(sie, "Certificate")) { - dn = (char *)malloc(strlen("ou=Certificate, ou=Global Preferences, ") + strlen(domain) + 1); - sprintf(dn, "ou=Certificate, ou=Global Preferences, %s", domain); - } - else if(strstr(sie, "Application")) { - dn = (char *)malloc(strlen("ou=Application, ou=Global Preferences, ") + strlen(domain) + 1); - sprintf(dn, "ou=Application, ou=Global Preferences, %s", domain); - } - else if(strstr(sie, "Biller")) { - dn = (char *)malloc(strlen("ou=Biller, ou=Global Preferences, ") + strlen(domain) + 1); - sprintf(dn, "ou=Biller, ou=Global Preferences, %s", domain); + base = "ou=Certificate, ou=Global Preferences"; } + dn = PR_smprintf("%s, %s", base, domain); + if((ldapError = ldap_search_s(server, dn, LDAP_SCOPE_BASE, - "(objectclass=*)", NULL, 0, &entry)) != LDAP_SUCCESS) + "(objectclass=*)", NULL, 0, &entry)) != LDAP_SUCCESS) { + PR_smprintf_free(dn); return 1; + } + PR_smprintf_free(dn); if(vals = ldap_get_values(server, entry, "nshtmladminproducturl")) { *url = strdup(vals[0]); ldap_value_free(vals); @@ -329,7 +319,7 @@ tzset(); PR_snprintf(buf, sizeof(buf), "%s %s", buf, daylight ? tzname[1] : tzname[0]); #else - strftime(buf, BIG_LINE, "%b %d, %Y %T %p %Z", &tm); + strftime(buf, sizeof(buf), "%b %d, %Y %T %p %Z", &tm); #endif @@ -346,15 +336,16 @@ if(!(vals = ldap_get_values(server, entry, "nsserverport"))) { /* argh, port can be in the configuration object */ - char *config_buf = (char *)malloc(strlen("cn=configuration, ") + strlen(sie) + 1); - sprintf(config_buf, "cn=configuration, %s", sie); + char *config_buf = PR_smprintf("cn=configuration, %s", sie); if((ldapError = ldap_search_s(server, config_buf, LDAP_SCOPE_BASE, - "(objectclass=*)", NULL, 0, &entry)) != LDAP_SUCCESS) + "(objectclass=*)", NULL, 0, &entry)) != LDAP_SUCCESS) { + PR_smprintf_free(config_buf); return; + } + PR_smprintf_free(config_buf); vals = ldap_get_values(server, entry, "nsserverport"); - free(config_buf); } if(vals) { fprintf(stdout, (const char*)getResourceString(DBT_OUTPUT_DATA_SERVER_PORT), vals[0]); @@ -499,15 +490,12 @@ nbuf = (bufstruct *) new_buffer(NBUF_SIZE); - request = (char *)malloc(strlen(getResourceString(DBT_NETCENTER_GET_REQ)) + - strlen((char *)binddn) + - 3); /* space + 2 newline characters */ - - sprintf(request, getResourceString(DBT_NETCENTER_GET_REQ), binddn); + request = PR_smprintf(getResourceString(DBT_NETCENTER_GET_REQ), binddn); sockd = make_http_request("http", getResourceString(DBT_NETCENTER_HOST), atoi(getResourceString(DBT_NETCENTER_PORT)), request, 60, &errorcode); + PR_smprintf_free(request); if (sockd == NULL) { continue; Index: viewlog.c =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/viewlog.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- viewlog.c 18 Aug 2005 18:59:03 -0000 1.4 +++ viewlog.c 31 Mar 2006 22:58:20 -0000 1.5 @@ -86,7 +86,7 @@ replace=0; count=0; - while(fgets(line, BIG_LINE, cmd)) { + while(fgets(line, sizeof(line), cmd)) { if(strncmp(line, "format=", 7)) if((!str) || (strstr(line, str))) { count++; @@ -129,8 +129,8 @@ char resPath[256], *execPath; execPath = getcwd(resPath, 256); if (execPath) { - strcpy(resPath, execPath); - strcat(resPath, "/property"); + PL_strncpyz(resPath, execPath, sizeof(resPath)); + PL_strcatn(resPath, sizeof(resPath), "/property"); i18nResource = res_init_resource(resPath, RESOURCE_FILE); } if (getenv("HTTP_ACCEPT_LANGUAGE")) { @@ -163,7 +163,7 @@ } fprintf(stdout, getResourceString(DBT_DISPLAY_LOGFILE_SELECT_BEGIN)); - strcpy(temp_dirs, dirs); + PL_strncpyz(temp_dirs, dirs, sizeof(temp_dirs)); current_dir = strtok(temp_dirs, "|"); while(current_dir) { @@ -226,7 +226,7 @@ if(!file) return NULL; - strcpy(temp, directories); + PL_strncpyz(temp, directories, sizeof(temp)); ptr = strtok(temp, "|"); while(ptr != NULL) { @@ -374,7 +374,6 @@ char *file; char *directories; char *id; - char log_dir[PATH_MAX]; char **logfiles = NULL; char tmp[BIG_LINE]; int x;

17 years, 5 months

1
0
0 / 0

[Fedora-directory-commits] ldapserver component_versions.mk, 1.35.2.6, 1.35.2.7

by Doctor Conrad

Author: nkinder Update of /cvs/dirsec/ldapserver In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2253 Modified Files: Tag: Directory71RtmBranch component_versions.mk Log Message: Pick up new ADSYNC component for bug 186657 Index: component_versions.mk =================================================================== RCS file: /cvs/dirsec/ldapserver/component_versions.mk,v retrieving revision 1.35.2.6 retrieving revision 1.35.2.7 diff -u -r1.35.2.6 -r1.35.2.7 --- component_versions.mk 22 Mar 2006 18:55:06 -0000 1.35.2.6 +++ component_versions.mk 30 Mar 2006 23:23:55 -0000 1.35.2.7 @@ -250,7 +250,7 @@ endif ifndef ADSYNC_VERSION - ADSYNC_VERSION=20060322 + ADSYNC_VERSION=20060330 endif ifndef NT4SYNC_VERSION

17 years, 5 months

1
0
0 / 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

389-commits March 2006