March 2006 - 389-commits - Fedora Mailing-Lists

[Fedora-directory-commits] console build.properties, 1.7, 1.8 build.xml, 1.10, 1.11

by Doctor Conrad

Author: nhosoi Update of /cvs/dirsec/console In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7628 Modified Files: build.properties build.xml Log Message: [186105] Admin Server Makefile updates for Internal build Comment #12 . Preference version number was changed to CONSOLE-MAJOR-VERSION.0 . To do that, introduced Console.MAJOR_VERSION . changed to include the patch number in the jar file name . changed to create a symlink: redhat-mcc-7.2.jar pointing to redhat-mcc-7.2.0.jar Index: build.properties =================================================================== RCS file: /cvs/dirsec/console/build.properties,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- build.properties 29 Nov 2005 18:36:50 -0000 1.7 +++ build.properties 24 Mar 2006 01:04:00 -0000 1.8 @@ -21,15 +21,21 @@ lang=en +console.brand=fedora + console.root=. console.version=10 -console.dotversion=1.0 +console.dotversion=1.0.2 +console.dotgenversion=1.0 -mcc.core=fedora-mcc +mcc.core=${console.brand}-mcc mcc.name=${mcc.core}-${console.dotversion} +mcc.gen.name=${mcc.core}-${console.dotgenversion} -nmclf.core=fedora-nmclf +nmclf.core=${console.brand}-nmclf nmclf.name=${nmclf.core}-${console.dotversion} +nmclf.gen.name=${nmclf.core}-${console.dotgenversion} -base.core=fedora-base +base.core=${console.brand}-base base.name=${base.core}-${console.dotversion} +base.gen.name=${base.core}-${console.dotgenversion} Index: build.xml =================================================================== RCS file: /cvs/dirsec/console/build.xml,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- build.xml 20 Mar 2006 21:54:02 -0000 1.10 +++ build.xml 24 Mar 2006 01:04:00 -0000 1.11 @@ -172,10 +172,10 @@ destdir="${built.classdir}" debug="${compile.debug}" debuglevel="lines,vars,source" - deprecation="${compile.deprecation}" + deprecation="${compile.deprecation}" optimize="${compile.optimize}" verbose="no" - fork="true" + fork="true" excludes="**/CVS/**"> <classpath refid="console.classpath" /> </javac> @@ -257,6 +257,22 @@ <copy file="${built.jardir}/${nmclf.name}.jar" todir="${java.dir}"/> <copy file="${built.jardir}/${nmclf.name}_${lang}.jar" todir="${java.dir}"/> <copy file="${built.jardir}/${base.name}.jar" todir="${java.dir}"/> +  + <exec executable="ln" dir="${java.dir}" vmlauncher="true"> + <arg line="-s ${mcc.name}.jar ${mcc.gen.name}.jar"/> + </exec> + <exec executable="ln" dir="${java.dir}" vmlauncher="true"> + <arg line="-s ${mcc.name}_${lang}.jar ${mcc.gen.name}_${lang}.jar"/> + </exec> + <exec executable="ln" dir="${java.dir}" vmlauncher="true"> + <arg line="-s ${nmclf.name}.jar ${nmclf.gen.name}.jar"/> + </exec> + <exec executable="ln" dir="${java.dir}" vmlauncher="true"> + <arg line="-s ${nmclf.name}_${lang}.jar ${nmclf.gen.name}_${lang}.jar"/> + </exec> + <exec executable="ln" dir="${java.dir}" vmlauncher="true"> + <arg line="-s ${base.name}.jar ${base.gen.name}.jar"/> + </exec>  <copy file="${ldapjdk.local.location}/ldapjdk.jar" todir="${java.dir}"/> @@ -270,6 +286,7 @@ <include name="libssl*"/> <include name="libsmime*"/> <include name="libsoftokn*"/> + <include name="libfreebl*"/> <exclude name="libnssckbi*"/> <exclude name="lib*.a"/> </fileset> @@ -285,15 +302,15 @@ <chmod file="${package.dir}/startconsole" perm="755"/>  - <tar destfile="${dist.dir}/fedora-console-${console.dotversion}.tar.gz" + <tar destfile="${dist.dir}/${console.brand}-console-${console.dotversion}.tar.gz" compression="gzip"> <tarfileset dir="${package.dir}" - prefix="fedora-console-${console.dotversion}" + prefix="${console.brand}-console-${console.dotversion}" mode="755"> <include name="startconsole"/> </tarfileset> <tarfileset dir="${package.dir}" - prefix="fedora-console-${console.dotversion}"> + prefix="${console.brand}-console-${console.dotversion}"> <include name="**"/> <exclude name="startconsole"/> </tarfileset>

18 years, 1 month

1
0
0 / 0

[Fedora-directory-commits] directoryconsole/src/com/netscape/admin/dirserv about.properties, 1.2, 1.3 dirserv.properties, 1.3, 1.4

by Doctor Conrad

Author: nhosoi Update of /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv5599/src/com/netscape/admin/dirserv Modified Files: about.properties dirserv.properties Log Message: [186105] Admin Server Makefile updates for Internal build Comment #13 . changed to include the patch number in the jar file name . changed to create a symlink: redhat-ds-7.2.jar pointing redhat-ds-7.2.0.jar Index: about.properties =================================================================== RCS file: /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv/about.properties,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- about.properties 28 Oct 2005 18:01:34 -0000 1.2 +++ about.properties 24 Mar 2006 00:52:57 -0000 1.3 @@ -19,7 +19,7 @@ # # Strings and logos used by the DSAboutDialog -aboutDialog-dialogTitle=Fedora Directory Server 1.0 +aboutDialog-dialogTitle=Fedora Directory Server 1.0.2 aboutDialog-productLogo=com/netscape/management/client/images/logo32.gif aboutDialog-productCopyright=Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.\nCopyright (C) 2005 Red Hat, Inc.\nAll rights reserved. aboutDialog-productLicense=Fedora is a trademark of Red Hat, Inc. in the United States and other countries and is used by permission. Index: dirserv.properties =================================================================== RCS file: /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv/dirserv.properties,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- dirserv.properties 15 Feb 2006 23:00:50 -0000 1.3 +++ dirserv.properties 24 Mar 2006 00:52:57 -0000 1.4 @@ -164,9 +164,9 @@ # dialog-configtitle=Fedora Directory Server dsAdmin-title=Fedora Directory Server -dsAdmin-version=Version 1.0 +dsAdmin-version=Version 1.0.2 dsAdmin-nsServerPort=Port -dsAdmin-framework-description=Fedora Directory Server Console 1.0 +dsAdmin-framework-description=Fedora Directory Server Console 1.0.2 dsAdmin-remove-server-cgi-failed=ds_remove failure #

18 years, 1 month

1
0
0 / 0

[Fedora-directory-commits] directoryconsole build.properties, 1.4, 1.5 build.xml, 1.6, 1.7

by Doctor Conrad

Author: nhosoi Update of /cvs/dirsec/directoryconsole In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv5599 Modified Files: build.properties build.xml Log Message: [186105] Admin Server Makefile updates for Internal build Comment #13 . changed to include the patch number in the jar file name . changed to create a symlink: redhat-ds-7.2.jar pointing redhat-ds-7.2.0.jar Index: build.properties =================================================================== RCS file: /cvs/dirsec/directoryconsole/build.properties,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- build.properties 22 Mar 2006 17:46:10 -0000 1.4 +++ build.properties 24 Mar 2006 00:52:50 -0000 1.5 @@ -21,6 +21,8 @@ lang=en ldapconsole.root=.. -ldapconsole.version=1.0 +ldapconsole.version=1.0.2 +ldapconsole.gen.version=1.0 brand=fedora ldapconsole.name=${brand}-ds-${ldapconsole.version} +ldapconsole.gen.name=${brand}-ds-${ldapconsole.gen.version} Index: build.xml =================================================================== RCS file: /cvs/dirsec/directoryconsole/build.xml,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- build.xml 22 Mar 2006 19:09:02 -0000 1.6 +++ build.xml 24 Mar 2006 00:52:51 -0000 1.7 @@ -149,6 +149,12 @@ <include name="com/**/*.properties" /> </fileset> </jar> + <exec executable="ln" dir="${package.dir}" vmlauncher="true"> + <arg line="-s ${ldapconsole.name}.jar ${ldapconsole.gen.name}.jar"/> + </exec> + <exec executable="ln" dir="${package.dir}" vmlauncher="true"> + <arg line="-s ${ldapconsole.name}_${lang}.jar ${ldapconsole.gen.name}_${lang}.jar"/> + </exec> </target>

18 years, 1 month

1
0
0 / 0

[Fedora-directory-commits] setuputil/installer/include nsdefs.h, 1.1.1.1, 1.2

by Doctor Conrad

Author: rmeggins Update of /cvs/dirsec/setuputil/installer/include In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28529/setuputil/installer/include Modified Files: nsdefs.h Log Message: Use <iostream> instead of <iostream.h> on those platforms that support it. With this fix, we don't get the deprecation warnings when building setuputil. This has been tested on various linux, Solaris 9 with old and new forte, and on HPUX IPF. Thanks to Nathan and Noriko for the reviews. Index: nsdefs.h =================================================================== RCS file: /cvs/dirsec/setuputil/installer/include/nsdefs.h,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- nsdefs.h 29 Jul 2005 22:16:28 -0000 1.1.1.1 +++ nsdefs.h 23 Mar 2006 20:45:37 -0000 1.2 @@ -30,6 +30,12 @@ ** HISTORY ** ** $Log$ +** Revision 1.2 2006/03/23 20:45:37 rmeggins +** Use <iostream> instead of <iostream.h> on those platforms that support it. +** With this fix, we don't get the deprecation warnings when building setuputil. +** This has been tested on various linux, Solaris 9 with old and new forte, and on HPUX IPF. +** Thanks to Nathan and Noriko for the reviews. +** ** Revision 1.1.1.1 2005/07/29 22:16:28 foxworth ** Importing new setup sdk for open source project ** @@ -153,7 +159,11 @@ ** Includes ** **********************************************************************/ -#include <iostream.h> +#if !defined(HPUX) || defined(_HP_NAMESPACE_STD) +#include <iostream> +#else +#include <iostream.h> /* use old name on older systems */ +#endif #ifdef XP_WIN32 #include <stdlib.h>

18 years, 1 month

1
0
0 / 0

[Fedora-directory-commits] setuputil nsconfig.mk,1.8,1.9

by Doctor Conrad

Author: rmeggins Update of /cvs/dirsec/setuputil In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28529/setuputil Modified Files: nsconfig.mk Log Message: Use <iostream> instead of <iostream.h> on those platforms that support it. With this fix, we don't get the deprecation warnings when building setuputil. This has been tested on various linux, Solaris 9 with old and new forte, and on HPUX IPF. Thanks to Nathan and Noriko for the reviews. Index: nsconfig.mk =================================================================== RCS file: /cvs/dirsec/setuputil/nsconfig.mk,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- nsconfig.mk 23 Feb 2006 21:47:45 -0000 1.8 +++ nsconfig.mk 23 Mar 2006 20:45:31 -0000 1.9 @@ -220,15 +220,14 @@ ifdef MODERNHP CC=cc -Ae +ESlit CXX=aCC +ARCH_CFLAGS=-AA # the default on ipf, but also use it elsewhere ifeq ($(NSOS_RELEASE), B.11.23) - ARCH_CFLAGS=-AA ifeq ($(USE_64), 1) BIT_SWITCH=+DD64 else BIT_SWITCH=+DD32 endif else # 11.11 or earlier - ARCH_CFLAGS= ifeq ($(USE_64), 1) BIT_SWITCH=+DA2.0W +DS2.0 else

18 years, 1 month

1
0
0 / 0

[Fedora-directory-commits] setuputil/installer/unix/lib dialog.cc, 1.1.1.1, 1.2 ux-curse.c, 1.1.1.1, 1.2 ux-util.cc, 1.1.1.1, 1.2 ux-wrapper.cc, 1.1.1.1, 1.2

by Doctor Conrad

Author: rmeggins Update of /cvs/dirsec/setuputil/installer/unix/lib In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv15054/setuputil/installer/unix/lib Modified Files: dialog.cc ux-curse.c ux-util.cc ux-wrapper.cc Log Message: Bug(s) fixed: 186280 Bug Description: Close potential security vulnerabilities in CGI code Reviewed by: Nathan & Noriko (Thanks!) Fix Description: Mostly cleaned up usage of sprintf. Platforms tested: Fedora Core 5 Flag Day: no Doc impact: no QA impact: should be covered by regular nightly and manual testing New Tests integrated into TET: none Index: dialog.cc =================================================================== RCS file: /cvs/dirsec/setuputil/installer/unix/lib/dialog.cc,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- dialog.cc 29 Jul 2005 22:16:32 -0000 1.1.1.1 +++ dialog.cc 23 Mar 2006 15:59:22 -0000 1.2 @@ -28,6 +28,17 @@ ** HISTORY ** ** $Log$ +** Revision 1.2 2006/03/23 15:59:22 rmeggins +** Bug(s) fixed: 186280 +** Bug Description: Close potential security vulnerabilities in CGI code +** Reviewed by: Nathan & Noriko (Thanks!) +** Fix Description: Mostly cleaned up usage of sprintf. +** Platforms tested: Fedora Core 5 +** Flag Day: no +** Doc impact: no +** QA impact: should be covered by regular nightly and manual testing +** New Tests integrated into TET: none +** ** Revision 1.1.1.1 2005/07/29 22:16:32 foxworth ** Importing new setup sdk for open source project ** @@ -347,7 +358,11 @@ if (_enable8BitInput) { utf8Buf = localToUTF8(_buf); - strcpy(_buf, utf8Buf); + strncpy(_buf, utf8Buf, _bufLen); + if (!memchr(_buf, 0, _bufLen)) { /* string is not null terminated */ + _buf[0] = 0; /* erase to avoid using improperly formed utf8 */ + rc = 0; + } free(utf8Buf); } } @@ -411,12 +426,14 @@ ans = UTF8ToLocal(_defaultAns.data()); else ans = strdup((const char *) _defaultAns); - sprintf(tstr, " [%s]: ", ans); + snprintf(tstr, sizeof(tstr), " [%s]: ", ans); + tstr[sizeof(tstr)-1] = 0; free(ans); } else { - sprintf(tstr, "%c ", ':'); + snprintf(tstr, sizeof(tstr), "%c ", ':'); + tstr[sizeof(tstr)-1] = 0; _buf[0] = 0; } printw(tstr); Index: ux-curse.c =================================================================== RCS file: /cvs/dirsec/setuputil/installer/unix/lib/ux-curse.c,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- ux-curse.c 29 Jul 2005 22:16:32 -0000 1.1.1.1 +++ ux-curse.c 23 Mar 2006 15:59:22 -0000 1.2 @@ -56,8 +56,9 @@ va_list arg; va_start(arg, msg); - vsprintf(errbuf, msg, arg); + vsnprintf(errbuf, sizeof(errbuf), msg, arg); va_end(arg); + errbuf[sizeof(errbuf)-1] = 0; printw(errbuf); printw("Press any key to continue.\n"); refresh(); @@ -72,8 +73,9 @@ va_list arg; va_start(arg, msg); - vsprintf(errbuf, msg, arg); + vsnprintf(errbuf, sizeof(errbuf), msg, arg); va_end(arg); + errbuf[sizeof(errbuf)-1] = 0; getyx(stdscr, y, x); Index: ux-util.cc =================================================================== RCS file: /cvs/dirsec/setuputil/installer/unix/lib/ux-util.cc,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- ux-util.cc 29 Jul 2005 22:16:33 -0000 1.1.1.1 +++ ux-util.cc 23 Mar 2006 15:59:22 -0000 1.2 @@ -27,6 +27,17 @@ ** UNIX Only ** HISTORY: ** $Log$ +** Revision 1.2 2006/03/23 15:59:22 rmeggins +** Bug(s) fixed: 186280 +** Bug Description: Close potential security vulnerabilities in CGI code +** Reviewed by: Nathan & Noriko (Thanks!) +** Fix Description: Mostly cleaned up usage of sprintf. +** Platforms tested: Fedora Core 5 +** Flag Day: no +** Doc impact: no +** QA impact: should be covered by regular nightly and manual testing +** New Tests integrated into TET: none +** ** Revision 1.1.1.1 2005/07/29 22:16:33 foxworth ** Importing new setup sdk for open source project ** @@ -291,7 +302,8 @@ NSString hn; NVPair *admconf; - sprintf(tstr, "%s/%s", sroot, DEFAULT_ADMINCONF); + snprintf(tstr, sizeof(tstr), "%s/%s", sroot, DEFAULT_ADMINCONF); + tstr[sizeof(tstr)-1] = 0; admconf = new NVPair(tstr); @@ -371,7 +383,8 @@ NVPair *ssconf; NSString ssUser; - sprintf(tstr, "%s/%s", sroot, DEFAULT_SSUSERCONF); + snprintf(tstr, sizeof(tstr), "%s/%s", sroot, DEFAULT_SSUSERCONF); + tstr[sizeof(tstr)-1] = 0; ssconf = new NVPair(tstr); @@ -411,7 +424,8 @@ NVPair *ssconf; NSString ssGroup; - sprintf(tstr, "%s/%s", sroot, DEFAULT_SSUSERCONF); + snprintf(tstr, sizeof(tstr), "%s/%s", sroot, DEFAULT_SSUSERCONF); + tstr[sizeof(tstr)-1] = 0; ssconf = new NVPair(tstr); @@ -450,7 +464,8 @@ NVPair admpw; const char *pwd = NULL; - sprintf(temp, "%s/admin-serv/config/adm.conf", serverRoot); + snprintf(temp, sizeof(temp), "%s/admin-serv/config/adm.conf", serverRoot); + temp[sizeof(temp)-1] = 0; admpw.setFormat(2); admpw.read(temp); @@ -489,12 +504,13 @@ if (uname(&sysname) >= 0) { #if defined(IRIX) /* I want IRIX, not IRIX64 */ - sprintf(tstr, "%s%s", "IRIX", sysname.release); + snprintf(tstr, sizeof(tstr), "%s%s", "IRIX", sysname.release); #elif defined(SOLARIS) || defined(OSF1) || defined(HPUX) - sprintf(tstr, "%s%s", sysname.sysname, sysname.release); + snprintf(tstr, sizeof(tstr), "%s%s", sysname.sysname, sysname.release); #elif defined(AIX) - sprintf(tstr, "%s%s.%s", sysname.sysname, sysname.version, sysname.release); + snprintf(tstr, sizeof(tstr), "%s%s.%s", sysname.sysname, sysname.version, sysname.release); #endif + tstr[sizeof(tstr)-1] = 0; return tstr; } else @@ -537,6 +553,7 @@ if (!strncasecmp(line, "domain ", 7)) { sscanf(&line[7], "%s", domain); + domain[sizeof(domain)-1] = 0; dm = (domain[0] == '.' ? &domain[1] : domain); return dm; } @@ -589,7 +606,8 @@ /* Bug 624241 - sprintf() will wipe out target var first on Linux */ char hncopy[SML_BUF]; strcpy(hncopy, hn); - sprintf(hn, "%s.%s", hncopy, dn.data()); + snprintf(hn, sizeof(hn), "%s.%s", hncopy, dn.data()); + hn[sizeof(hn)-1] = 0; } /* Return whatever we ended up with. */ @@ -710,7 +728,8 @@ return 0; } - sprintf(fn, "/tmp/trychown.%ld", (long) getpid()); + snprintf(fn, sizeof(fn), "/tmp/trychown.%ld", (long) getpid()); + fn[sizeof(fn)-1] = 0; if ((fd = creat(fn, 0777)) == -1) return 0; /* Hmm. */ ret = chown(fn, pw->pw_uid, pw->pw_gid); @@ -826,7 +845,8 @@ } } - sprintf(fn, "/tmp/trychown_grp.%ld", (long) getpid()); + snprintf(fn, sizeof(fn), "/tmp/trychown_grp.%ld", (long) getpid()); + fn[sizeof(fn)-1] = 0; if ((fd = creat(fn, 0777)) == -1) { return 0; /* Hmm. */ @@ -885,11 +905,7 @@ NSString InstUtil::getSelfUserID() { -#if 0 - return cuserid(NULL); -#else return getpwuid(geteuid())->pw_name; -#endif } /********************************************************************* @@ -1066,7 +1082,8 @@ return ("/"); } - strcpy(s, path); + strncpy(s, path, sizeof(s)); + s[sizeof(s)-1] = 0; /* Strip off trailing / */ Index: ux-wrapper.cc =================================================================== RCS file: /cvs/dirsec/setuputil/installer/unix/lib/ux-wrapper.cc,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- ux-wrapper.cc 29 Jul 2005 22:16:33 -0000 1.1.1.1 +++ ux-wrapper.cc 23 Mar 2006 15:59:22 -0000 1.2 @@ -29,6 +29,17 @@ ** HISTORY: ** ** $Log$ +** Revision 1.2 2006/03/23 15:59:22 rmeggins +** Bug(s) fixed: 186280 +** Bug Description: Close potential security vulnerabilities in CGI code +** Reviewed by: Nathan & Noriko (Thanks!) +** Fix Description: Mostly cleaned up usage of sprintf. +** Platforms tested: Fedora Core 5 +** Flag Day: no +** Doc impact: no +** QA impact: should be covered by regular nightly and manual testing +** New Tests integrated into TET: none +** ** Revision 1.1.1.1 2005/07/29 22:16:33 foxworth ** Importing new setup sdk for open source project ** @@ -179,12 +190,13 @@ { return; } - sprintf(buf,"[%s] %s", who, level); + snprintf(buf, sizeof(buf), "[%s] %s", who, level); va_start (arg, msg); - vsprintf(buf+strlen(buf), msg, arg); + vsnprintf(buf+strlen(buf), sizeof(buf)-strlen(buf), msg, arg); va_end(arg); + buf[sizeof(buf)-1] = 0; fputs(buf,fp); fputs("\n",fp);

18 years, 1 month

1
0
0 / 0

[Fedora-directory-commits] setuputil/installer/unix dl-common.cc, 1.1.1.1, 1.2 dl-dnld.cc, 1.1.1.1, 1.2 dl-inst.cc, 1.1.1.1, 1.2 dl-uninst.cc, 1.1.1.1, 1.2 installer.cc, 1.3, 1.4 product.cc, 1.4, 1.5 uninstaller.cc, 1.1.1.1, 1.2 ux-setup.cc, 1.1.1.1, 1.2

by Doctor Conrad

Author: rmeggins Update of /cvs/dirsec/setuputil/installer/unix In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv15054/setuputil/installer/unix Modified Files: dl-common.cc dl-dnld.cc dl-inst.cc dl-uninst.cc installer.cc product.cc uninstaller.cc ux-setup.cc Log Message: Bug(s) fixed: 186280 Bug Description: Close potential security vulnerabilities in CGI code Reviewed by: Nathan & Noriko (Thanks!) Fix Description: Mostly cleaned up usage of sprintf. Platforms tested: Fedora Core 5 Flag Day: no Doc impact: no QA impact: should be covered by regular nightly and manual testing New Tests integrated into TET: none Index: dl-common.cc =================================================================== RCS file: /cvs/dirsec/setuputil/installer/unix/dl-common.cc,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- dl-common.cc 29 Jul 2005 22:16:30 -0000 1.1.1.1 +++ dl-common.cc 23 Mar 2006 15:59:17 -0000 1.2 @@ -28,6 +28,17 @@ ** HISTORY ** ** $Log$ +** Revision 1.2 2006/03/23 15:59:17 rmeggins +** Bug(s) fixed: 186280 +** Bug Description: Close potential security vulnerabilities in CGI code +** Reviewed by: Nathan & Noriko (Thanks!) +** Fix Description: Mostly cleaned up usage of sprintf. +** Platforms tested: Fedora Core 5 +** Flag Day: no +** Doc impact: no +** QA impact: should be covered by regular nightly and manual testing +** New Tests integrated into TET: none +** ** Revision 1.1.1.1 2005/07/29 22:16:30 foxworth ** Importing new setup sdk for open source project ** @@ -315,9 +326,10 @@ DialogInput *dl = new DialogInput; if (whatProduct != NULL) - sprintf(tstr, selectionText, whatProduct); + snprintf(tstr, sizeof(tstr), selectionText, whatProduct); else - sprintf(tstr, selectionText); + snprintf(tstr, sizeof(tstr), selectionText); + tstr[sizeof(tstr)-1] = 0; dl->setText(tstr); dl->setSetupAction(NULL); @@ -431,9 +443,10 @@ if (p->isVisible()) { if (p->numVisibleComponents() >= 1) - sprintf(tstr, " %d. %s (%d)\n", ++j, p->get(PKG_NAME), p->numVisibleComponents()); + snprintf(tstr, sizeof(tstr), " %d. %s (%d)\n", ++j, p->get(PKG_NAME), p->numVisibleComponents()); else - sprintf(tstr, " %d. %s\n", ++j, p->get(PKG_NAME)); + snprintf(tstr, sizeof(tstr), " %d. %s\n", ++j, p->get(PKG_NAME)); + tstr[sizeof(tstr)-1] = 0; text2 = text2 + tstr; @@ -525,7 +538,6 @@ char *ldapURL; const char *buf = me->input(); NSString errMsg; - char tmp[XSM_BUF]; LDAPURLDesc *ludpp; char *domain; DialogAction rc = DIALOG_NEXT; @@ -678,7 +690,8 @@ localLdapURL = UTF8ToLocal(me->manager()->getDefaultScript()->get(CONFIG_LDAP_URL)); hostPortURL = stripConfigLdapURL(localLdapURL); - sprintf(text2, " %s", (const char *)hostPortURL); + snprintf(text2, sizeof(text2), " %s", (const char *)hostPortURL); + text2[sizeof(text2)-1] = 0; free (localLdapURL); @@ -842,7 +855,6 @@ const char *ldapURL; const char *buf = me->input(); NSString errMsg; - char tmp[XSM_BUF]; LDAPURLDesc *ludpp; DialogAction rc = DIALOG_NEXT; @@ -893,7 +905,8 @@ localLdapURL = UTF8ToLocal(me->manager()->getDefaultScript()->get(UG_LDAP_URL)); - sprintf(text2, " %s", localLdapURL); + snprintf(text2, sizeof(text2), " %s", localLdapURL); + text2[sizeof(text2)-1] = 0; free (localLdapURL); Index: dl-dnld.cc =================================================================== RCS file: /cvs/dirsec/setuputil/installer/unix/dl-dnld.cc,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- dl-dnld.cc 29 Jul 2005 22:16:30 -0000 1.1.1.1 +++ dl-dnld.cc 23 Mar 2006 15:59:17 -0000 1.2 @@ -28,6 +28,17 @@ ** HISTORY ** ** $Log$ +** Revision 1.2 2006/03/23 15:59:17 rmeggins +** Bug(s) fixed: 186280 +** Bug Description: Close potential security vulnerabilities in CGI code +** Reviewed by: Nathan & Noriko (Thanks!) +** Fix Description: Mostly cleaned up usage of sprintf. +** Platforms tested: Fedora Core 5 +** Flag Day: no +** Doc impact: no +** QA impact: should be covered by regular nightly and manual testing +** New Tests integrated into TET: none +** ** Revision 1.1.1.1 2005/07/29 22:16:30 foxworth ** Importing new setup sdk for open source project ** @@ -180,7 +191,8 @@ for (int i = 0; i < p->numName(); i++) { s = p->name(i); - sprintf(tstr, " %d. %s\n", i+1, s); + snprintf(tstr, sizeof(tstr), " %d. %s\n", i+1, s); + tstr[sizeof(tstr)-1] = 0; text2 = text2 + tstr; } me->setText2(text2.data()); @@ -648,7 +660,7 @@ const char *sysVersion = me->manager()->getDefaultScript()->get(SYS_VERSION); int i, j; Bool found = False; - char tmp[5]; + char tmp[20]; setupSelectionDialog(me, platformInfo); @@ -801,17 +813,18 @@ if (err == -1) { - sprintf(errMsg, "ERROR: Can't create directory %s\n", ans); + snprintf(errMsg, sizeof(errMsg), "ERROR: Can't create directory %s\n", ans); } else if (err == -2) { - sprintf(errMsg, "ERROR: %s exists and is not a directory.\n", ans); + snprintf(errMsg, sizeof(errMsg), "ERROR: %s exists and is not a directory.\n", ans); } else if (err == -3) { - sprintf(errMsg, "ERROR: Can't write to %s\n", ans); + snprintf(errMsg, sizeof(errMsg), "ERROR: Can't write to %s\n", ans); } + errMsg[sizeof(errMsg)-1] = 0; DialogAlert alert(errMsg); alert.execute(); Index: dl-inst.cc =================================================================== RCS file: /cvs/dirsec/setuputil/installer/unix/dl-inst.cc,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- dl-inst.cc 29 Jul 2005 22:16:31 -0000 1.1.1.1 +++ dl-inst.cc 23 Mar 2006 15:59:17 -0000 1.2 @@ -28,6 +28,17 @@ ** HISTORY ** ** $Log$ +** Revision 1.2 2006/03/23 15:59:17 rmeggins +** Bug(s) fixed: 186280 +** Bug Description: Close potential security vulnerabilities in CGI code +** Reviewed by: Nathan & Noriko (Thanks!) +** Fix Description: Mostly cleaned up usage of sprintf. +** Platforms tested: Fedora Core 5 +** Flag Day: no +** Doc impact: no +** QA impact: should be covered by regular nightly and manual testing +** New Tests integrated into TET: none +** ** Revision 1.1.1.1 2005/07/29 22:16:31 foxworth ** Importing new setup sdk for open source project ** @@ -406,9 +417,10 @@ else if (installer->checkDiskSpace() == False) { char szMsg[2048]; - sprintf(szMsg, "Warning: not enough disk space in the path %s, you can either remove unnecessary \n" \ + snprintf(szMsg, sizeof(szMsg), "Warning: not enough disk space in the path %s, you can either remove unnecessary \n" \ "files on the destination drive and type Yes to continue, or click \n" \ "CTRL-B to go back and select less products to install\n\n", installer->getServerRoot().data()); + szMsg[sizeof(szMsg)-1] = 0; msg = szMsg; me->setText (msg); } @@ -936,7 +948,8 @@ // Ask SS Group ssGroup = me->manager()->getDefaultScript()->get(SS_GROUP); - sprintf(tmp, "%s [%s]: ", "System Group", ssGroup.data()); + snprintf(tmp, sizeof(tmp), "%s [%s]: ", "System Group", ssGroup.data()); + tmp[sizeof(tmp)-1] = 0; me->showString(tmp); if (me->getInput() == 0) Index: dl-uninst.cc =================================================================== RCS file: /cvs/dirsec/setuputil/installer/unix/dl-uninst.cc,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- dl-uninst.cc 29 Jul 2005 22:16:31 -0000 1.1.1.1 +++ dl-uninst.cc 23 Mar 2006 15:59:17 -0000 1.2 @@ -28,6 +28,17 @@ ** HISTORY ** ** $Log$ +** Revision 1.2 2006/03/23 15:59:17 rmeggins +** Bug(s) fixed: 186280 +** Bug Description: Close potential security vulnerabilities in CGI code +** Reviewed by: Nathan & Noriko (Thanks!) +** Fix Description: Mostly cleaned up usage of sprintf. +** Platforms tested: Fedora Core 5 +** Flag Day: no +** Doc impact: no +** QA impact: should be covered by regular nightly and manual testing +** New Tests integrated into TET: none +** ** Revision 1.1.1.1 2005/07/29 22:16:31 foxworth ** Importing new setup sdk for open source project ** @@ -334,7 +345,8 @@ LDAPURLDesc *ludpp = NULL; ldap_url_parse ((char *) ldapURL , &ludpp); - sprintf(tmp, "ldap://%s:389/%s", ludpp->lud_host, ludpp->lud_dn); + snprintf(tmp, sizeof(tmp), "ldap://%s:389/%s", ludpp->lud_host, ludpp->lud_dn); + tmp[sizeof(tmp)-1] = 0; ldap_free_urldesc(ludpp); installInfo->set(CONFIG_LDAP_URL, tmp); @@ -402,12 +414,13 @@ if (dp && dp->get(s) && q->isSelected() == False) { // q is dependent on p and q is not selected - sprintf(tstr, + snprintf(tstr, sizeof(tstr), getResource(RES_MESSAGE_UNINST_VERIFYSELECTION1), q->get(PKG_NAME), p->get(PKG_NAME), q->get(PKG_NAME), q->get(PKG_NAME)); + tstr[sizeof(tstr)-1] = 0; DialogAlert alert(tstr); alert.execute(); Index: installer.cc =================================================================== RCS file: /cvs/dirsec/setuputil/installer/unix/installer.cc,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- installer.cc 13 Dec 2005 20:58:22 -0000 1.3 +++ installer.cc 23 Mar 2006 15:59:17 -0000 1.4 @@ -27,6 +27,17 @@ ** ** HISTORY: ** $Log$ +** Revision 1.4 2006/03/23 15:59:17 rmeggins +** Bug(s) fixed: 186280 +** Bug Description: Close potential security vulnerabilities in CGI code +** Reviewed by: Nathan & Noriko (Thanks!) +** Fix Description: Mostly cleaned up usage of sprintf. +** Platforms tested: Fedora Core 5 +** Flag Day: no +** Doc impact: no +** QA impact: should be covered by regular nightly and manual testing +** New Tests integrated into TET: none +** ** Revision 1.3 2005/12/13 20:58:22 nhosoi ** [175418] Admin Server ns-update crashes if necessary attribute-value is not given ** 1) Although Admin Server's PostInstall program ns-update expects it, PostInstall @@ -2292,28 +2303,29 @@ if (err == -1) { - sprintf(errMsg, "Can't create directory %s\n", sroot); + snprintf(errMsg, sizeof(errMsg), "Can't create directory %s\n", sroot); } else if (err == -2) { - sprintf(errMsg, "%s exists and is not a directory.\n", sroot); + snprintf(errMsg, sizeof(errMsg), "%s exists and is not a directory.\n", sroot); } else if (err == -3) { - sprintf(errMsg, "Can't write to %s\n", sroot); + snprintf(errMsg, sizeof(errMsg), "Can't write to %s\n", sroot); } else if (err == -4) { - sprintf(errMsg, + snprintf(errMsg, sizeof(errMsg), getResource(RES_MESSAGE_CHECKSERVERROOT1), sroot); } else { - sprintf(errMsg, + snprintf(errMsg, sizeof(errMsg), getResource(RES_MESSAGE_CHECKSERVERROOT2), sroot); } + errMsg[sizeof(errMsg)-1] = 0; } return errMsg; } @@ -2338,7 +2350,7 @@ } else if (!p->securityChecked()) { - sprintf(errMsg, + snprintf(errMsg, sizeof(errMsg), "You are installing %s over an\n" "existing installation that is of a higher security level.\n" "Installation over an incompatible security level is not\n" @@ -2347,7 +2359,7 @@ } else { - sprintf(errMsg, + snprintf(errMsg, sizeof(errMsg), "You are installing %s over an\n" "existing installation that is incompatible.\n" "Installation over an incompatible version is not\n" @@ -2355,6 +2367,7 @@ } } } + errMsg[sizeof(errMsg)-1] = 0; return errMsg; } @@ -2387,7 +2400,7 @@ { if ((ok = checkUpdate(p)) == False) { - sprintf(errMsg, + snprintf(errMsg, sizeof(errMsg), getResource(RES_MESSAGE_CHECKCOMPONENTDEPENDENCY1), p->get(PKG_NAME)); } @@ -2411,7 +2424,7 @@ msg = getResource(RES_MESSAGE_CHECKCOMPONENTDEPENDENCY6); break; }; - sprintf(errMsg, msg, p->get(PKG_NAME)); + snprintf(errMsg, sizeof(errMsg), msg, p->get(PKG_NAME)); } } @@ -2432,7 +2445,7 @@ */ { // Not compatible - sprintf(errMsg, + snprintf(errMsg, sizeof(errMsg), getResource(RES_MESSAGE_CHECKCOMPONENTDEPENDENCY2), p->get(PKG_NAME), q ? q->get(PKG_NAME) : s.data(), @@ -2447,6 +2460,7 @@ } } + errMsg[sizeof(errMsg)-1] = 0; return errMsg; } @@ -2474,7 +2488,7 @@ { if (err == -1) { - sprintf(errMsg, "Error: Can't find component %s in the package\n", (const char *) nickname); + snprintf(errMsg, sizeof(errMsg), "Error: Can't find component %s in the package\n", (const char *) nickname); } else { @@ -2483,7 +2497,7 @@ loc2 = getUILocation(nickname); if (loc2 < loc1) { - sprintf(errMsg, + snprintf(errMsg, sizeof(errMsg), getResource(RES_MESSAGE_CHECKCOMPONENTDEPENDENCY2), p->get(PKG_NAME), nickname, @@ -2491,7 +2505,7 @@ } else { - sprintf(errMsg, + snprintf(errMsg, sizeof(errMsg), getResource(RES_MESSAGE_CHECKCOMPONENTDEPENDENCY2), p->get(PKG_NAME), nickname, @@ -2502,6 +2516,7 @@ } } + errMsg[sizeof(errMsg)-1] = 0; return errMsg; } @@ -2527,7 +2542,7 @@ { if (err == -1) { - sprintf(errMsg, "Can't find component: %s\n", (const char *) nickname); + snprintf(errMsg, sizeof(errMsg), "Can't find component: %s\n", (const char *) nickname); } else { @@ -2535,14 +2550,17 @@ loc1 = getUILocation(p->get(PKG_NICKNAME)); loc2 = getUILocation(nickname); if (loc2 < loc1) - sprintf(errMsg, "%s's prior component %s is not selected\n", p->get(PKG_NICKNAME), nickname); + snprintf(errMsg, sizeof(errMsg), + "%s's prior component %s is not selected\n", p->get(PKG_NICKNAME), nickname); else if (checkAll) - sprintf(errMsg, "%s's later component %s is not selected\n", p->get(PKG_NICKNAME), nickname); + snprintf(errMsg, sizeof(errMsg), + "%s's later component %s is not selected\n", p->get(PKG_NICKNAME), nickname); } } } } + errMsg[sizeof(errMsg)-1] = 0; return errMsg; } @@ -2604,7 +2622,7 @@ { case -1: - sprintf(errMsg, + snprintf(errMsg, sizeof(errMsg), getResource(RES_MESSAGE_VERIFYSSUSER1), ssUser); break; @@ -2612,7 +2630,7 @@ { NSString err_text(getResource(RES_MESSAGE_VERIFYSSUSER2, RES_GLOBAL_BRAND)); err_text = err_text + getResource(RES_MESSAGE_VERIFYSSUSER3); - sprintf(errMsg, err_text, ssUser); + snprintf(errMsg, sizeof(errMsg), err_text, ssUser); break; } default: @@ -2620,6 +2638,7 @@ break; } + errMsg[sizeof(errMsg)-1] = 0; return errMsg; } @@ -2634,19 +2653,19 @@ switch (err) { case -1: - sprintf(errMsg, + snprintf(errMsg, sizeof(errMsg), getResource(RES_MESSAGE_VERIFYSSGROUP1), ssUser); break; case -2: - sprintf(errMsg, + snprintf(errMsg, sizeof(errMsg), getResource(RES_MESSAGE_VERIFYSSGROUP2), ssGroup); break; case -3: - sprintf(errMsg, + snprintf(errMsg, sizeof(errMsg), getResource(RES_MESSAGE_VERIFYSSGROUP3), ssUser,ssGroup); break; @@ -2655,7 +2674,7 @@ NSString err_text(getResource(RES_MESSAGE_VERIFYSSGROUP4, RES_GLOBAL_BRAND)); err_text = err_text + getResource(RES_MESSAGE_VERIFYSSGROUP5); - sprintf(errMsg, err_text, ssUser,ssGroup); + snprintf(errMsg, sizeof(errMsg), err_text, ssUser,ssGroup); break; } default: @@ -2663,6 +2682,7 @@ break; } + errMsg[sizeof(errMsg)-1] = 0; return errMsg; } @@ -2865,7 +2885,7 @@ if (err == INVALID_ROOT) { - sprintf(errMsg, getResource(RES_MESSAGE_VERIFYINSTALLPRIVILEGE1, RES_GLOBAL_BRAND)); + snprintf(errMsg, sizeof(errMsg), getResource(RES_MESSAGE_VERIFYINSTALLPRIVILEGE1, RES_GLOBAL_BRAND)); } else if (err == INSTALL_DN_ERR) { @@ -2874,7 +2894,7 @@ NSString err_text(getResource(RES_MESSAGE_VERIFYINSTALLPRIVILEGE2, RES_GLOBAL_BRAND)); err_text = err_text + getResource(RES_MESSAGE_VERIFYINSTALLPRIVILEGE22); - sprintf(errMsg, err_text, + snprintf(errMsg, sizeof(errMsg), err_text, DEFAULT_SS_CONTAINER_RDN, DEFAULT_ROOT_DN); } else @@ -2882,14 +2902,15 @@ NSString err_text(getResource(RES_MESSAGE_VERIFYINSTALLPRIVILEGE3, RES_GLOBAL_BRAND)); err_text = err_text + getResource(RES_MESSAGE_VERIFYINSTALLPRIVILEGE32); - sprintf(errMsg, err_text, installDN); + snprintf(errMsg, sizeof(errMsg), err_text, installDN); } } else if (err != OKAY) { - sprintf(errMsg, + snprintf(errMsg, sizeof(errMsg), getResource(RES_MESSAGE_VERIFYINSTALLPRIVILEGE4), ldapUser); } + errMsg[sizeof(errMsg)-1] = 0; return errMsg; } @@ -2926,8 +2947,8 @@ if (err != OKAY) { - sprintf(errMsg, "Setup is unable to detect User Directory Informations from the Server\n"); - + snprintf(errMsg, sizeof(errMsg), "Setup is unable to detect User Directory Informations from the Server\n"); + errMsg[sizeof(errMsg)-1] = 0; } return errMsg; @@ -2950,11 +2971,12 @@ if (err != OKAY) { - sprintf(errMsg, + snprintf(errMsg, sizeof(errMsg), "The Server Configuration directory subtree appears not to be set up\n" "correctly for the installation of Netscape Server products. Please contact\n" "your directory administrator to verify that the you have write\n" "access to %s\n", installDN); + errMsg[sizeof(errMsg)-1] = 0; } return errMsg; Index: product.cc =================================================================== RCS file: /cvs/dirsec/setuputil/installer/unix/product.cc,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- product.cc 23 Feb 2006 17:57:02 -0000 1.4 +++ product.cc 23 Mar 2006 15:59:17 -0000 1.5 @@ -27,6 +27,17 @@ ** ** HISTORY: ** $Log$ +** Revision 1.5 2006/03/23 15:59:17 rmeggins +** Bug(s) fixed: 186280 +** Bug Description: Close potential security vulnerabilities in CGI code +** Reviewed by: Nathan & Noriko (Thanks!) +** Fix Description: Mostly cleaned up usage of sprintf. +** Platforms tested: Fedora Core 5 +** Flag Day: no +** Doc impact: no +** QA impact: should be covered by regular nightly and manual testing +** New Tests integrated into TET: none +** ** Revision 1.4 2006/02/23 17:57:02 nkinder ** https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=182611 ** Bug(s) fixed: 182611 @@ -411,7 +422,8 @@ { char szdir[2048]; //Create an absolute path - sprintf(szdir,"%s/%s",input, dir->d_name); + snprintf(szdir,sizeof(szdir), "%s/%s",input, dir->d_name); + szdir[sizeof(szdir)-1] = 0; //Try removing the directory int i = rmdir(szdir); if (i != 0) @@ -616,7 +628,8 @@ // This is top level master configuration file init(); - sprintf(tstr, "%s/%s", sourceDir.data(), fileName); + snprintf(tstr, sizeof(tstr), "%s/%s", sourceDir.data(), fileName); + tstr[sizeof(tstr)-1] = 0; _packageInfo = new PackageInfo(tstr); if (_packageInfo->isEmpty() || (componentList = _packageInfo->getListItems(PKG_COMPONENTS)) == NULL || _packageInfo->numSections() == 0) @@ -680,7 +693,9 @@ init(); - sprintf(tstr, "%s/%s", sourceDir.data(), fileName); + snprintf(tstr, sizeof(tstr), "%s/%s", sourceDir.data(), fileName); + tstr[sizeof(tstr)-1] = 0; + _packageInfo = new PackageInfo(tstr); if (_packageInfo->isEmpty()) @@ -1277,12 +1292,14 @@ const char *sroot = info->get(SERVER_ROOT); PackageInfo *p = _packageInfo; - sprintf(prodinfo, "%s/nyr", sroot); + snprintf(prodinfo, sizeof(prodinfo), "%s/nyr", sroot); + prodinfo[sizeof(prodinfo)-1] = 0; if (nyr = fopen(prodinfo,"w")) fclose(nyr); // Create new prodinfo - sprintf(prodinfo, "%s/bin/%s/prodinfo", sroot, get(PKG_NICKNAME)); + snprintf(prodinfo, sizeof(prodinfo), "%s/bin/%s/prodinfo", sroot, get(PKG_NICKNAME)); + prodinfo[sizeof(prodinfo)-1] = 0; p->stampTime(); p->write(prodinfo); @@ -1551,6 +1568,9 @@ return errMsg; } +#define STRINGIZE(x) #x +#define MYFMT(size) "%" STRINGIZE(size) "s" + int Product::unInstall(const NSString & serverRoot) const { @@ -1583,11 +1603,12 @@ if (fp = fopen(logFile.data(), "r")) { - while (fscanf(fp, "%s", buf) != EOF) + while (fscanf(fp, MYFMT(MED_BUF), buf) != EOF) { char suffix[MED_BUF] = "\0"; char *p; + buf[sizeof(buf)-1] = 0; s = buf + serverRoot.length() + 1; p = strrchr((char *)s, '/'); @@ -1793,7 +1814,6 @@ { NSString restoreSource; NSString restoreTarget; - char buf[SML_BUF]; char **restoreList, **files; files = restoreList = package()->getListItems(PKG_RESTOREFILES); @@ -2181,11 +2201,8 @@ NSString name; const char *version = NULL; int err = 0; - char errMsg[BIG_BUF]; int position; - errMsg[0] = '\0'; - /* * Go through the product list and determine whether all dependency * are satisfied, i.e. if a product depends on one or more products Index: uninstaller.cc =================================================================== RCS file: /cvs/dirsec/setuputil/installer/unix/uninstaller.cc,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- uninstaller.cc 29 Jul 2005 22:16:32 -0000 1.1.1.1 +++ uninstaller.cc 23 Mar 2006 15:59:17 -0000 1.2 @@ -27,6 +27,17 @@ ** ** HISTORY: ** $Log$ +** Revision 1.2 2006/03/23 15:59:17 rmeggins +** Bug(s) fixed: 186280 +** Bug Description: Close potential security vulnerabilities in CGI code +** Reviewed by: Nathan & Noriko (Thanks!) +** Fix Description: Mostly cleaned up usage of sprintf. +** Platforms tested: Fedora Core 5 +** Flag Day: no +** Doc impact: no +** QA impact: should be covered by regular nightly and manual testing +** New Tests integrated into TET: none +** ** Revision 1.1.1.1 2005/07/29 22:16:32 foxworth ** Importing new setup sdk for open source project ** @@ -399,7 +410,7 @@ if (_serverRoot == (char *) NULL) { - sprintf(buf, "ERROR: please specify a server root\n"); + snprintf(buf, sizeof(buf), "ERROR: please specify a server root\n"); rc = -1; } else @@ -408,17 +419,17 @@ if (InstUtil::isServerRoot(_serverRoot) == False) { - sprintf(buf, "ERROR: %s is not a server root\n", _serverRoot.data()); + snprintf(buf, sizeof(buf), "ERROR: %s is not a server root\n", _serverRoot.data()); rc = -1; } else if (_newSuiteSpot.retrieveSuiteSpot(sourceDir, infName) != 0) { - sprintf(buf,"ERROR: uninstallation database not found\n"); + snprintf(buf, sizeof(buf), "ERROR: uninstallation database not found\n"); rc = -1; } else if (_newSuiteSpot.numComponents() == 0) { - sprintf(buf, "ERROR: nothing to remove\n"); + snprintf(buf, sizeof(buf), "ERROR: nothing to remove\n"); rc = -1; } else @@ -433,6 +444,7 @@ if (rc) { + buf[sizeof(buf)-1] = 0; printf(buf); return rc; } Index: ux-setup.cc =================================================================== RCS file: /cvs/dirsec/setuputil/installer/unix/ux-setup.cc,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- ux-setup.cc 29 Jul 2005 22:16:32 -0000 1.1.1.1 +++ ux-setup.cc 23 Mar 2006 15:59:17 -0000 1.2 @@ -28,6 +28,17 @@ ** HISTORY ** ** $Log$ +** Revision 1.2 2006/03/23 15:59:17 rmeggins +** Bug(s) fixed: 186280 +** Bug Description: Close potential security vulnerabilities in CGI code +** Reviewed by: Nathan & Noriko (Thanks!) +** Fix Description: Mostly cleaned up usage of sprintf. +** Platforms tested: Fedora Core 5 +** Flag Day: no +** Doc impact: no +** QA impact: should be covered by regular nightly and manual testing +** New Tests integrated into TET: none +** ** Revision 1.1.1.1 2005/07/29 22:16:32 foxworth ** Importing new setup sdk for open source project ** @@ -278,8 +289,6 @@ if (ldapURL && ldap_url_parse(ldapURL, &ludpp) == 0) { - char tmp[10]; - _installInfo->set(CONFIG_LDAP_URL, ldapURL); _installInfo->set(DS_ADMIN_DOMAIN, installDN); @@ -319,17 +328,17 @@ errMsg[0] = 0; break; case INVALID_URL: - sprintf(errMsg, "The URL \"%s\" is not of valid format.\n", localLdapURL); + snprintf(errMsg, sizeof(errMsg), "The URL \"%s\" is not of valid format.\n", localLdapURL); break; case CONN_FAILED: - sprintf(errMsg, + snprintf(errMsg, sizeof(errMsg), "Cannot connect to URL \"%s\".\n" " The server may have been down. Please fix the problem\n" " before proceeding with installation.\n", localLdapURL); break; case INVALID_DN: - sprintf(errMsg, + snprintf(errMsg, sizeof(errMsg), "setup cannot verify the base suffix as specified in\n" " \"%s\".\n" " Please check the base suffix and re-enter the URL.\n", @@ -340,6 +349,7 @@ break; } free(localLdapURL); + errMsg[sizeof(errMsg)-1] = 0; return errMsg; } @@ -359,28 +369,29 @@ switch(err) { case INVALID_INPUT: - sprintf(errMsg, getResource(RES_MESSAGE_VERIFYLDAPUSER1)); + snprintf(errMsg, sizeof(errMsg), getResource(RES_MESSAGE_VERIFYLDAPUSER1)); break; case INVALID_URL: - sprintf(errMsg, getResource(RES_MESSAGE_VERIFYLDAPUSER2), localLdapURL); + snprintf(errMsg, sizeof(errMsg), getResource(RES_MESSAGE_VERIFYLDAPUSER2), localLdapURL); break; case INVALID_AUTH: - sprintf(errMsg, getResource(RES_MESSAGE_VERIFYLDAPUSER3)); + snprintf(errMsg, sizeof(errMsg), getResource(RES_MESSAGE_VERIFYLDAPUSER3)); break; case CONN_FAILED: - sprintf(errMsg, getResource(RES_MESSAGE_VERIFYLDAPUSER4)); + snprintf(errMsg, sizeof(errMsg), getResource(RES_MESSAGE_VERIFYLDAPUSER4)); break; case INVALID_USER: - sprintf(errMsg, getResource(RES_MESSAGE_VERIFYLDAPUSER5)); + snprintf(errMsg, sizeof(errMsg), getResource(RES_MESSAGE_VERIFYLDAPUSER5)); break; default: - sprintf(errMsg, getResource(RES_MESSAGE_VERIFYLDAPUSER6)); + snprintf(errMsg, sizeof(errMsg), getResource(RES_MESSAGE_VERIFYLDAPUSER6)); break; } } free (localLdapURL); + errMsg[sizeof(errMsg)-1] = 0; return errMsg; } @@ -391,7 +402,8 @@ { char filename[200]; - sprintf(filename,"%s/%s", getenv("HOME"), ".nssetup-default"); + snprintf(filename, sizeof(filename), "%s/%s", getenv("HOME"), ".nssetup-default"); + filename[sizeof(filename)-1] = 0; _userDefault.setFormat(1); _userDefault.read(filename); }

18 years, 1 month

1
0
0 / 0

[Fedora-directory-commits] setuputil/installer/lib prodinfo.cpp, 1.1.1.1, 1.2 setupapi.cpp, 1.1.1.1, 1.2 uninstall.cpp, 1.1.1.1, 1.2

by Doctor Conrad

Author: rmeggins Update of /cvs/dirsec/setuputil/installer/lib In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv15054/setuputil/installer/lib Modified Files: prodinfo.cpp setupapi.cpp uninstall.cpp Log Message: Bug(s) fixed: 186280 Bug Description: Close potential security vulnerabilities in CGI code Reviewed by: Nathan & Noriko (Thanks!) Fix Description: Mostly cleaned up usage of sprintf. Platforms tested: Fedora Core 5 Flag Day: no Doc impact: no QA impact: should be covered by regular nightly and manual testing New Tests integrated into TET: none Index: prodinfo.cpp =================================================================== RCS file: /cvs/dirsec/setuputil/installer/lib/prodinfo.cpp,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- prodinfo.cpp 29 Jul 2005 22:16:29 -0000 1.1.1.1 +++ prodinfo.cpp 23 Mar 2006 15:59:10 -0000 1.2 @@ -24,6 +24,17 @@ ** Name: prodinfo.c ** ** $Log$ +** Revision 1.2 2006/03/23 15:59:10 rmeggins +** Bug(s) fixed: 186280 +** Bug Description: Close potential security vulnerabilities in CGI code +** Reviewed by: Nathan & Noriko (Thanks!) +** Fix Description: Mostly cleaned up usage of sprintf. +** Platforms tested: Fedora Core 5 +** Flag Day: no +** Doc impact: no +** QA impact: should be covered by regular nightly and manual testing +** New Tests integrated into TET: none +** ** Revision 1.1.1.1 2005/07/29 22:16:29 foxworth ** Importing new setup sdk for open source project ** @@ -239,17 +250,19 @@ continue; } if ( buf[0] == '[' ) { /* install date */ - int n; - char tmp[BUFSIZ]; + int end = 0; for ( i = strlen( buf ) - 1 ; i-- ; ) { if ( buf[i] == ']' ) { buf[i] = '\0'; /* clean up date */ break; } } - n = sscanf (buf + 1, "%s %s %s %s %s", tmp, tmp, tmp, tmp, tmp); + /* need to know if there are at least 5 tokens in buf - end will only be set + if there are at least 5 whitespace delimited tokens in (buf+1) + */ + sscanf (buf + 1, "%*s %*s %*s %*s %*s%n", &end); - if (n == 5) + if (end) { if ( tree->when ) { break; /* this is a previous date, stop reading */ Index: setupapi.cpp =================================================================== RCS file: /cvs/dirsec/setuputil/installer/lib/setupapi.cpp,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- setupapi.cpp 29 Jul 2005 22:16:30 -0000 1.1.1.1 +++ setupapi.cpp 23 Mar 2006 15:59:10 -0000 1.2 @@ -1887,10 +1887,9 @@ #else FILE *f = fopen("/etc/resolv.conf", "r"); char line[SML_BUF]; - char *domain; + char domain[SML_BUF]; char *dm; - domain = (char *) malloc(SML_BUF); /* See if there's a domain entry in their resolver configuration */ if (f) { @@ -1898,9 +1897,20 @@ { if (!strncasecmp(line, "domain ", 7)) { - sscanf(&line[7], "%s", domain); - dm = (domain[0] == '.' ? &domain[1] : domain); - return dm; + int end = 0; + int len = strlen(line); + char *begin = &line[7]; + if ((len > 8) && (line[7] == '.')) { + begin = &line[8]; + } + sscanf(begin, "%*s%n", &end); + if (end) { + fclose(f); + strncpy(domain, begin, end); + domain[end] = 0; + dm = strdup(domain); + return dm; + } } } fclose(f); @@ -1913,7 +1923,12 @@ #else getdomainname(domain, SML_BUF); #endif - dm = (domain[0] == '.' ? &domain[1] : domain); + domain[SML_BUF] = 0; + if (domain[0] == '.') { + dm = strdup(&domain[1]); + } else { + dm = strdup(domain); + } #endif return dm; Index: uninstall.cpp =================================================================== RCS file: /cvs/dirsec/setuputil/installer/lib/uninstall.cpp,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- uninstall.cpp 29 Jul 2005 22:16:30 -0000 1.1.1.1 +++ uninstall.cpp 23 Mar 2006 15:59:10 -0000 1.2 @@ -28,6 +28,17 @@ ** ** HISTORY: ** $Log$ +** Revision 1.2 2006/03/23 15:59:10 rmeggins +** Bug(s) fixed: 186280 +** Bug Description: Close potential security vulnerabilities in CGI code +** Reviewed by: Nathan & Noriko (Thanks!) +** Fix Description: Mostly cleaned up usage of sprintf. +** Platforms tested: Fedora Core 5 +** Flag Day: no +** Doc impact: no +** QA impact: should be covered by regular nightly and manual testing +** New Tests integrated into TET: none +** ** Revision 1.1.1.1 2005/07/29 22:16:30 foxworth ** Importing new setup sdk for open source project ** @@ -79,7 +90,7 @@ if (moduleNickName) { - sprintf(tstr, "%s%c%s%c%s%c%s.log", + snprintf(tstr, sizeof(tstr), "%s%c%s%c%s%c%s.log", serverRoot, PATH_DELIM, "setup", @@ -90,7 +101,7 @@ } else { - sprintf(tstr, "%s%c%s%c%s%c%s.log", + snprintf(tstr, sizeof(tstr), "%s%c%s%c%s%c%s.log", serverRoot, PATH_DELIM, "setup", @@ -99,6 +110,7 @@ PATH_DELIM, packageNickName); } + tstr[sizeof(tstr)-1] = 0; fp = fopen(tstr, "a");

18 years, 1 month

1
0
0 / 0

[Fedora-directory-commits] adminutil/tests retrieveSIE.c,1.1,1.2

by Doctor Conrad

Author: rmeggins Update of /cvs/dirsec/adminutil/tests In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv11998/adminutil/tests Modified Files: retrieveSIE.c Log Message: Bug(s) fixed: 186280 Bug Description: Close potential security vulnerabilities in CGI code Reviewed by: Noriko (Thanks!) Fix Description: The code was already pretty clean in terms of buffer access. I added some malloc return checking, used some nspr functions where applicable, removed some dead code, and fixed a couple of small memory leaks. Platforms tested: Fedora Core 5 Flag Day: no Doc impact: no QA impact: should be covered by regular nightly and manual testing New Tests integrated into TET: none Index: retrieveSIE.c =================================================================== RCS file: /cvs/dirsec/adminutil/tests/retrieveSIE.c,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- retrieveSIE.c 16 Nov 2005 18:50:21 -0000 1.1 +++ retrieveSIE.c 22 Mar 2006 23:47:25 -0000 1.2 @@ -58,7 +58,8 @@ exit(1); } - sprintf(admroot, "%s/admin-serv/config", svrroot); + snprintf(admroot, len, "%s/admin-serv/config", svrroot); + admroot[len] = '\0'; /* * get the LDAP information from admin server config info

18 years, 1 month

1
0
0 / 0

[Fedora-directory-commits] adminutil/lib/libadmsslutil admsslutil.c, 1.2, 1.3

by Doctor Conrad

Author: rmeggins Update of /cvs/dirsec/adminutil/lib/libadmsslutil In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv11998/adminutil/lib/libadmsslutil Modified Files: admsslutil.c Log Message: Bug(s) fixed: 186280 Bug Description: Close potential security vulnerabilities in CGI code Reviewed by: Noriko (Thanks!) Fix Description: The code was already pretty clean in terms of buffer access. I added some malloc return checking, used some nspr functions where applicable, removed some dead code, and fixed a couple of small memory leaks. Platforms tested: Fedora Core 5 Flag Day: no Doc impact: no QA impact: should be covered by regular nightly and manual testing New Tests integrated into TET: none Index: admsslutil.c =================================================================== RCS file: /cvs/dirsec/adminutil/lib/libadmsslutil/admsslutil.c,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- admsslutil.c 6 Dec 2005 18:38:42 -0000 1.2 +++ admsslutil.c 22 Mar 2006 23:47:20 -0000 1.3 @@ -144,20 +144,12 @@ filename++; /* Skip '/' */ } - /* basename is either "-cert" or "-key" */ - base = strstr(filename, basename); + /* basename is either "-cert" or "-key" - look for last occurance */ + base = PL_strrstr(filename, basename); if (base == NULL) { return; } - /* - * Find the last occurrence of basename in filename in an unlikely - * scenario that basename (-key or -cert) appears in the prefix - */ - while (strstr(base+1, basename) != NULL) { - base = strstr(base+1, basename); - } - /* Include '-' into prefix */ prefixLen = base-filename+1; if (prefixLen > maxprefixlen) { @@ -188,6 +180,10 @@ /* PKSC11 module must be configured before NSS is initialized */ db_name = PL_strdup("internal (software) "); + if (!db_name) { + return -1; + } + PK11_ConfigurePKCS11(NULL,NULL,NULL,db_name,NULL, NULL,NULL,NULL, /*minPwdLen=*/8, /*pwdRequired=*/1); @@ -272,7 +268,11 @@ if((!certdbFile) || (!keydbFile) || (!admroot)) return -1; - return initNSS(certdbFile, keydbFile); + errCode = initNSS(certdbFile, keydbFile); + PL_Free(certdbFile); + PL_Free(keydbFile); + + return errCode; } void servssl_error(char *fmt, ...) @@ -763,66 +763,6 @@ } fclose(f); - -#ifdef NES - /* add/edit field in magnus.conf */ - modified_security = 0; - linecnt = 0; - PR_snprintf(filename, sizeof(filename), - "%s/admin-serv/config/magnus.conf", sroot); - - f = fopen(filename, "r"); - if (f==NULL) { - servssl_error("Can not open magnus.conf for reading"); - } - - while(fgets(inbuf, sizeof(inbuf), f) != NULL) { - if(lines[linecnt] != NULL) - PR_Free(lines[linecnt]); - if ((strstr(inbuf,"Security ") == inbuf) && - (security && *security != '\0')) { - /* Line starts with "Security" */ - col = strrchr(inbuf,' '); - if (col == NULL) { - servssl_error("Bad format for security field in magnus.conf"); - } - *col=0; - PR_snprintf(buf, sizeof(buf), "%s %s\n", inbuf, security); - lines[linecnt++] = PL_strdup(buf); - modified_security=1; - } - else { - lines[linecnt++] = PL_strdup(inbuf); - } - } - fclose(f); - - if ((!modified_security) && - (security && *security != '\0')) { - /* security not found - put it in */ - if(lines[linecnt] != NULL) - PR_Free(lines[linecnt]); - PR_snprintf(buf, sizeof(buf), "Security %s\n", security); - lines[linecnt++] = PL_strdup(buf); - } - - f = fopen(filename, "w"); - if (f==NULL) { - fclose(f); - servssl_error("Can not open magnus.conf for writing"); - } - - for (i=0; i < linecnt; i++) { - fprintf(f, "%s", lines[i]); - } - - fclose(f); - - for(i=0; i<50; i++) { - if(lines[i] != NULL) - PR_Free(lines[i]); - } -#endif /* NES */ }

18 years, 1 month

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

389-commits March 2006