admserv/cgi-ds/ds_snmpctrl.c | 2 +-
admserv/cgi-src40/security.c | 4 ++--
admserv/cgi-src40/ugdsconfig.c | 38 ++++++++++++++++++++++----------------
admserv/cgi-src40/viewdata.c | 2 +-
lib/libadmin/httpcon.c | 2 +-
5 files changed, 27 insertions(+), 21 deletions(-)
New commits:
commit 0a28e3d0e6d574d025020e0f8c1f822cebaefed4
Author: Nathan Kinder <nkinder(a)redhat.com>
Date: Wed Apr 27 09:11:04 2011 -0700
Bug 699907 - (cov#10833) Use of uninitialized vars in SNMP code
We should initialize the sin struct to be empty to prevent the
uninitialized contents from being used when bind() is called.
diff --git a/admserv/cgi-ds/ds_snmpctrl.c b/admserv/cgi-ds/ds_snmpctrl.c
index 11df251..757d60a 100644
--- a/admserv/cgi-ds/ds_snmpctrl.c
+++ b/admserv/cgi-ds/ds_snmpctrl.c
@@ -204,7 +204,7 @@ smux_master_is_running()
{
struct servent *pse;
struct protoent *ppe;
- struct sockaddr_in sin;
+ struct sockaddr_in sin = {0};
int s;
sin.sin_family = AF_INET;
commit 43104bf6d73bb6a26753a594f4ff8a59ad1c13ca
Author: Nathan Kinder <nkinder(a)redhat.com>
Date: Wed Apr 27 09:00:52 2011 -0700
Bug 699907 - (cov#10836) Use of uninitialized var in http conn code
The make_http_request() function is designed to work with hostnames
only. If is possible that we use the uninitialized err variable if
an IP address is passed in as the server command. We should
initialize err to prevent this.
diff --git a/lib/libadmin/httpcon.c b/lib/libadmin/httpcon.c
index b8f78ee..4bc5abe 100644
--- a/lib/libadmin/httpcon.c
+++ b/lib/libadmin/httpcon.c
@@ -316,7 +316,7 @@ make_http_request(char *protocol, char *server, unsigned int port,
char *request
PRHostEnt *hstruct;
PRHostEnt hent;
char buf[PR_NETDB_BUF_SIZE];
- PRStatus err;
+ PRStatus err = PR_FAILURE;
const char *configdir = util_get_conf_dir();
const char *secdir = util_get_security_dir();
commit 0bb1c192ad71d4a9dd19f83232a825076c3f2f35
Author: Nathan Kinder <nkinder(a)redhat.com>
Date: Wed Apr 27 08:19:18 2011 -0700
Bug 699907 - (cov#10840) Use of uninitialized buffer in security cgi
There is a chance that we call system(cmd) when we have not set anything
in the cmd buffer. We should not call system(cmd) if we have not filled
in the cmd buffer.
diff --git a/admserv/cgi-src40/security.c b/admserv/cgi-src40/security.c
index 2941eb3..32933bb 100644
--- a/admserv/cgi-src40/security.c
+++ b/admserv/cgi-src40/security.c
@@ -1861,7 +1861,7 @@ static void moduleOperation(char* op) {
const char *binary = "modutil"; /* PATH and LD_LIBRARY_PATH must already be
set correctly */
const char *install_dir = LIBDIR;
char *filename, *filetype, *dllname;
- char cmd[BIG_LINE];
+ char cmd[BIG_LINE] = "";
char msg[BIG_LINE];
dllname = get_cgi_var("dllname", NULL, NULL);
@@ -1926,7 +1926,7 @@ static void moduleOperation(char* op) {
rpt_err(INCORRECT_USAGE, msg, NULL, NULL);
}
- if(system(cmd) != 0) {
+ if(*cmd && (system(cmd) != 0)) {
if (!PORT_Strcmp(op, "add")) {
PR_snprintf(msg, sizeof(msg), getResourceString(DBT_MODUTIL_FAILURE), filename);
} else if (!PORT_Strcmp(op, "remove")) {
commit 5293ab9b6b35633182183ff2506ced7bbb641fa4
Author: Nathan Kinder <nkinder(a)redhat.com>
Date: Tue Apr 26 15:07:16 2011 -0700
Bug 699907 - (cov#10843) Use of uninitialized variable in logging code
The first time that logMsg is called, logEnabled and enableVerified will
both be 0. This will cause us to fill in the logfile buffer with the file
name and then check for the existence of the logfile. If the logfile does
not exist, we leave enable_verified set and log_enable unset. This will
make future calls to logMsg() just return at line 82.
If we were able to access the file fine for reading the first time logMsg()
is called at line 90, we will then go into the if condition at line 100
to set logfp. We are guaranteed that logfile is filled in at this point.
Further calls to logMsg() will have logfp set, so we no longer need logfile
to be filled in.
The problem here is that the call to fopen() at line 101 might fail, leaving
logfp NULL and log_enabled set to 1. The next time logMsg() is called, we
would call fopen again at line 101, but logfile would not be filled in.
To fix this, we should not set log_enabled to 1 unless we have successfully
opened the log file for writing. I also moved the code around so we only
attempt to call fopen on the file if we have filled the filename buffer in.
diff --git a/admserv/cgi-src40/ugdsconfig.c b/admserv/cgi-src40/ugdsconfig.c
index 4a20903..9be5332 100644
--- a/admserv/cgi-src40/ugdsconfig.c
+++ b/admserv/cgi-src40/ugdsconfig.c
@@ -74,7 +74,7 @@ static char *nonull_value(char *str);
/*
* Logging function
*/
-static FILE * logfp;
+static FILE * logfp = NULL;
static int log_enabled = 0, enable_verified=0;
static void logMsg(char *format, ...) {
char logfile[512];
@@ -83,22 +83,28 @@ static void logMsg(char *format, ...) {
/* Automatically enable logging if <cgi-name>.dbg file exists in the logs
directory */
if (!log_enabled && !enable_verified) {
- const char *logdir = util_get_log_dir();
+ const char *logdir = util_get_log_dir();
enable_verified = 1;
- if (util_is_dir_ok(logdir)) {
- PR_snprintf(logfile, sizeof(logfile), "%s/ugdsconfig.dbg",
logdir);
- logfp = fopen(logfile, "r");
- if (logfp == NULL) {
- return;
- }
- log_enabled = 1;
- fclose(logfp);
- logfp=NULL;
- }
- }
-
- if (logfp==NULL) {
- logfp = fopen(logfile, "w");
+ if (util_is_dir_ok(logdir)) {
+ PR_snprintf(logfile, sizeof(logfile), "%s/ugdsconfig.dbg", logdir);
+
+ /* Attempt to optn the log for reading
+ * to check if it exists. */
+ logfp = fopen(logfile, "r");
+ if (logfp == NULL) {
+ return;
+ }
+ fclose(logfp);
+
+ /* Attempt to open the file for writing. */
+ logfp = fopen(logfile, "w");
+
+ /* If we opened the log for writing, go
+ * ahead and enable logging. */
+ if (logfp != NULL) {
+ log_enabled = 1;
+ }
+ }
}
if (logfp != NULL) {
commit 68b330854301c503c08878311c1e682a3fe11e1e
Author: Nathan Kinder <nkinder(a)redhat.com>
Date: Tue Apr 26 14:55:40 2011 -0700
Bug 699907 - (cov#10844) Uninitialized time struct
We have an uninitialized "struct tm" that ends up getting passed
to strftime(). We should initialize the struct contents.
diff --git a/admserv/cgi-src40/viewdata.c b/admserv/cgi-src40/viewdata.c
index 05a6c1d..25b66c9 100644
--- a/admserv/cgi-src40/viewdata.c
+++ b/admserv/cgi-src40/viewdata.c
@@ -291,7 +291,7 @@ void output_data(LDAP *server, char *sie) {
if((vals = util_ldap_get_values(server, entry, "installationtimestamp"))) {
- struct tm tm;
+ struct tm tm = {0};
char buf[BIG_LINE];
int rc;