[Fedora-directory-commits] adminserver/lib/ldaputil certmap.c, 1.4, 1.5 init.c, 1.4, 1.5 - 389-commits - Fedora mailing-lists

31 Mar 2006

Author: rmeggins
Update of /cvs/dirsec/adminserver/lib/ldaputil
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28761/adminserver/lib/ldaputil
Modified Files:
    certmap.c init.c 
Log Message:
Bug(s) fixed: 186280
Bug Description: adminserver: Close potential security vulnerabilities 
in CGI code
Reviewed by: Rob, Pete, Nathan, Noriko (Thanks!)
Fix Description: Most of this just involves making sure that we use 
PR_snprintf/PL_strncpyz/PL_strcatn where able, or just making sure we 
use snprintf/strncpy/strncat correctly and null terminate the buffers.  
I also got rid of some dead code, unused variables, and the like.  There 
are a few cases that are more complex that I have specified below.  In 
some cases I had to change the function signature to add a size 
parameter in cases where the function was copying to a given char * and 
the size was assumed (in most cases this was safe but it's still dangerous).
Platforms tested: Fedora Core 5
Flag Day: no
Doc impact: no
Index: certmap.c
===================================================================
RCS file: /cvs/dirsec/adminserver/lib/ldaputil/certmap.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5

--- certmap.c	18 Aug 2005 19:18:50 -0000	1.4
+++ certmap.c	31 Mar 2006 22:58:23 -0000	1.5
@@ -1096,7 +1096,7 @@
    	    vallen = ava->value.len - lenLen;
rv = CERT_RFC1485_EscapeAndQuote(buf,
-						    BIG_LINE,
+						    sizeof(buf),
    					    (char*) ava->value.data + lenLen,
    					    vallen);
@@ -1195,12 +1195,12 @@
    	const char *tagName = certmap_secoid_to_name(tag);
if (PresentInComps(certmap_info->dncomps, tag)) {
-		    rv = AddToLdapDN(ldapdn, BIG_LINE, &dnlen, tagName, ava);
+		    rv = AddToLdapDN(ldapdn, sizeof(ldapdn), &dnlen, tagName, ava);
    	    if (rv != LDAPU_SUCCESS) return rv;
    	}
if (PresentInComps(certmap_info->filtercomps, tag)) {
-		    rv = AddToFilter(filter, BIG_LINE, &flen, tagName, ava);
+		    rv = AddToFilter(filter, sizeof(filter), &flen, tagName, ava);
    	    if (rv != LDAPU_SUCCESS) return rv;
    	    numfavas++;
    	}
Index: init.c
===================================================================
RCS file: /cvs/dirsec/adminserver/lib/ldaputil/init.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- init.c	18 Aug 2005 19:18:50 -0000	1.4
+++ init.c	31 Mar 2006 22:58:23 -0000	1.5
@@ -66,7 +66,7 @@
             if(is_lib) {
    	char path[1024];
-		sprintf(path, "%s%c%s", dir, FILE_PATHSEP, libname);
+		PR_snprintf(path, sizeof(path), "%s%c%s", dir, FILE_PATHSEP, libname);
    	lib = PR_LoadLibrary(path);
    	if (!lib) rv = LDAPU_ERR_UNABLE_TO_LOAD_PLUGIN;
        }
@@ -99,7 +99,7 @@
if (serv_root && *serv_root) {
        /* Load common libraries */
-	    sprintf(dir, "%s%clib%c%s", serv_root, FILE_PATHSEP,
+	    PR_snprintf(dir, sizeof(dir), "%s%clib%c%s", serv_root, FILE_PATHSEP,
    	    FILE_PATHSEP, "common");
        rv = load_server_libs(dir);
@@ -107,7 +107,7 @@
if (serv_type && *serv_type) {
    	/* Load server type specific libraries */
-		sprintf(dir, "%s%clib%c%s", serv_root, FILE_PATHSEP,
+		PR_snprintf(dir, sizeof(dir), "%s%clib%c%s", serv_root, FILE_PATHSEP,
    		FILE_PATHSEP, serv_type);
    	rv = load_server_libs(dir);
@@ -115,7 +115,7 @@
if (serv_id && *serv_id) {
    	    /* Load server instance specific libraries */
-		    sprintf(dir, "%s%clib%c%s", serv_root, FILE_PATHSEP,
+		    PR_snprintf(dir, sizeof(dir), "%s%clib%c%s", serv_root, FILE_PATHSEP,
    		    FILE_PATHSEP, serv_id);
    	    rv = load_server_libs(dir);

    