Author: rmeggins
Update of /cvs/dirsec/adminserver/lib/libsi18n
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28761/adminserver/lib/libsi18n
Modified Files:
getlang.c getstrprop.c makstrdb.c propset.c txtfile.c
Log Message:
Bug(s) fixed: 186280
Bug Description: adminserver: Close potential security vulnerabilities
in CGI code
Reviewed by: Rob, Pete, Nathan, Noriko (Thanks!)
Fix Description: Most of this just involves making sure that we use
PR_snprintf/PL_strncpyz/PL_strcatn where able, or just making sure we
use snprintf/strncpy/strncat correctly and null terminate the buffers.
I also got rid of some dead code, unused variables, and the like. There
are a few cases that are more complex that I have specified below. In
some cases I had to change the function signature to add a size
parameter in cases where the function was copying to a given char * and
the size was assumed (in most cases this was safe but it's still dangerous).
Platforms tested: Fedora Core 5
Flag Day: no
Doc impact: no
Index: getlang.c
===================================================================
RCS file: /cvs/dirsec/adminserver/lib/libsi18n/getlang.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- getlang.c 18 Aug 2005 19:20:24 -0000 1.4
+++ getlang.c 31 Mar 2006 22:58:34 -0000 1.5
@@ -75,16 +75,22 @@
{
switch(type) {
case CLIENT_LANGUAGE:
- if (language)
- strcpy(client_language, language);
+ if (language) {
+ strncpy(client_language, language, sizeof(client_language));
+ client_language[sizeof(client_language)-1] = 0;
+ }
break;
case ADMIN_LANGUAGE:
- if (language)
- strcpy(admin_language, language);
+ if (language) {
+ strncpy(admin_language, language, sizeof(admin_language));
+ admin_language[sizeof(admin_language)-1] = 0;
+ }
break;
case DEFAULT_LANGUAGE:
- if (language)
- strcpy(default_language, language);
+ if (language) {
+ strncpy(default_language, language, sizeof(default_language));
+ default_language[sizeof(default_language)-1] = 0;
+ }
break;
}
return ;
@@ -125,7 +131,7 @@
NSAPI_PUBLIC
int
-GetFileForLanguage(char* filePath,char* language,char* existingFilePath)
+GetFileForLanguage(char* filePath,char* language,char* existingFilePath,size_t
existingSize)
{
/* Input: filePath,language
* filePath is of the form "/xxx/xxx/$$LANGDIR/xxx/xxx/filename"
@@ -212,7 +218,8 @@
/* Try: /path/language/filename.ext */
if (pattern) {
- strcpy(existingFilePath,filePath);
+ strncpy(existingFilePath,filePath, existingSize);
+ existingFilePath[existingSize-1] = 0;
strReplace(existingFilePath,"$$LANGDIR",acceptLanguageList[iLang]);
if (stat(existingFilePath,&info)==0) {
@@ -228,14 +235,16 @@
/* Try: /path/filename_language.ext */
{
- strcpy(existingFilePath,filePath);
+ strncpy(existingFilePath,filePath, existingSize);
+ existingFilePath[existingSize-1] = 0;
strReplace(existingFilePath,"$$LANGDIR/",emptyString);
pDot = strrchr(existingFilePath,'.');
pSlash = strrchr(existingFilePath,'/');
if (pSlash>=pDot) {
pDot = strchr(existingFilePath,'\0');
}
- sprintf(lang_modifier,"%c%s",LANG_DELIMIT,acceptLanguageList[iLang]);
+
snprintf(lang_modifier,sizeof(lang_modifier),"%c%s",LANG_DELIMIT,acceptLanguageList[iLang]);
+ lang_modifier[sizeof(lang_modifier)-1] = 0;
strReplace(pDot,emptyString,lang_modifier);
if (stat(existingFilePath,&info)==0) {
Index: getstrprop.c
===================================================================
RCS file: /cvs/dirsec/adminserver/lib/libsi18n/getstrprop.c,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- getstrprop.c 18 Aug 2005 19:20:24 -0000 1.3
+++ getstrprop.c 31 Mar 2006 22:58:34 -0000 1.4
@@ -154,7 +154,6 @@
#if 0
#include "base/crit.h"
#include "base/systhr.h"
-static char pathDB[100] = "\0";
static int Initialized = 0;
#ifdef XP_UNIX
Index: makstrdb.c
===================================================================
RCS file: /cvs/dirsec/adminserver/lib/libsi18n/makstrdb.c,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- makstrdb.c 18 Aug 2005 19:20:24 -0000 1.3
+++ makstrdb.c 31 Mar 2006 22:58:34 -0000 1.4
@@ -117,7 +117,6 @@
char* cptr;
RESOURCE_TABLE* table;
NSRESHANDLE hresdb;
- char DBTlibraryName[128];
/* Creating database */
hresdb = NSResCreateTable(DATABASE_NAME, NULL);
Index: propset.c
===================================================================
RCS file: /cvs/dirsec/adminserver/lib/libsi18n/propset.c,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- propset.c 18 Aug 2005 19:20:24 -0000 1.3
+++ propset.c 31 Mar 2006 22:58:34 -0000 1.4
@@ -117,7 +117,7 @@
char *filepath;
char *p, *q;
int n;
- char linebuf[1000];
+ char linebuf[FILE_BUFFER_SIZE+1];
int st;
st = PropertiesLanguageStatus(propset, language);
Index: txtfile.c
===================================================================
RCS file: /cvs/dirsec/adminserver/lib/libsi18n/txtfile.c,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- txtfile.c 18 Aug 2005 19:20:24 -0000 1.3
+++ txtfile.c 31 Mar 2006 22:58:34 -0000 1.4
@@ -25,16 +25,6 @@
#include "txtfile.h"
-
-
-#if 0
-char fileBuffer[FILE_BUFFER_SIZE + 1];
-char *fbCurrent;
-int fbSize;
-int fbStatus;
-#endif
-
-
TEXTFILE * OpenTextFile(char *filename, int access)
{
TEXTFILE *txtfile;