[Fedora-directory-commits] setuputil/installer/unix dl-common.cc, 1.1.1.1, 1.2 dl-dnld.cc, 1.1.1.1, 1.2 dl-inst.cc, 1.1.1.1, 1.2 dl-uninst.cc, 1.1.1.1, 1.2 installer.cc, 1.3, 1.4 product.cc, 1.4, 1.5 uninstaller.cc, 1.1.1.1, 1.2 ux-setup.cc, 1.1.1.1, 1.2
Richard Allen Megginson (rmeggins)
fedora-directory-commits at redhat.com
Thu Mar 23 15:59:24 UTC 2006
- Previous message (by thread): [Fedora-directory-commits] setuputil/installer/lib prodinfo.cpp, 1.1.1.1, 1.2 setupapi.cpp, 1.1.1.1, 1.2 uninstall.cpp, 1.1.1.1, 1.2
- Next message (by thread): [Fedora-directory-commits] setuputil/installer/unix/lib dialog.cc, 1.1.1.1, 1.2 ux-curse.c, 1.1.1.1, 1.2 ux-util.cc, 1.1.1.1, 1.2 ux-wrapper.cc, 1.1.1.1, 1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: rmeggins
Update of /cvs/dirsec/setuputil/installer/unix
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv15054/setuputil/installer/unix
Modified Files:
dl-common.cc dl-dnld.cc dl-inst.cc dl-uninst.cc installer.cc
product.cc uninstaller.cc ux-setup.cc
Log Message:
Bug(s) fixed: 186280
Bug Description: Close potential security vulnerabilities in CGI code
Reviewed by: Nathan & Noriko (Thanks!)
Fix Description: Mostly cleaned up usage of sprintf.
Platforms tested: Fedora Core 5
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
Index: dl-common.cc
===================================================================
RCS file: /cvs/dirsec/setuputil/installer/unix/dl-common.cc,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- dl-common.cc 29 Jul 2005 22:16:30 -0000 1.1.1.1
+++ dl-common.cc 23 Mar 2006 15:59:17 -0000 1.2
@@ -28,6 +28,17 @@
** HISTORY
**
** $Log$
+** Revision 1.2 2006/03/23 15:59:17 rmeggins
+** Bug(s) fixed: 186280
+** Bug Description: Close potential security vulnerabilities in CGI code
+** Reviewed by: Nathan & Noriko (Thanks!)
+** Fix Description: Mostly cleaned up usage of sprintf.
+** Platforms tested: Fedora Core 5
+** Flag Day: no
+** Doc impact: no
+** QA impact: should be covered by regular nightly and manual testing
+** New Tests integrated into TET: none
+**
** Revision 1.1.1.1 2005/07/29 22:16:30 foxworth
** Importing new setup sdk for open source project
**
@@ -315,9 +326,10 @@
DialogInput *dl = new DialogInput;
if (whatProduct != NULL)
- sprintf(tstr, selectionText, whatProduct);
+ snprintf(tstr, sizeof(tstr), selectionText, whatProduct);
else
- sprintf(tstr, selectionText);
+ snprintf(tstr, sizeof(tstr), selectionText);
+ tstr[sizeof(tstr)-1] = 0;
dl->setText(tstr);
dl->setSetupAction(NULL);
@@ -431,9 +443,10 @@
if (p->isVisible())
{
if (p->numVisibleComponents() >= 1)
- sprintf(tstr, " %d. %s (%d)\n", ++j, p->get(PKG_NAME), p->numVisibleComponents());
+ snprintf(tstr, sizeof(tstr), " %d. %s (%d)\n", ++j, p->get(PKG_NAME), p->numVisibleComponents());
else
- sprintf(tstr, " %d. %s\n", ++j, p->get(PKG_NAME));
+ snprintf(tstr, sizeof(tstr), " %d. %s\n", ++j, p->get(PKG_NAME));
+ tstr[sizeof(tstr)-1] = 0;
text2 = text2 + tstr;
@@ -525,7 +538,6 @@
char *ldapURL;
const char *buf = me->input();
NSString errMsg;
- char tmp[XSM_BUF];
LDAPURLDesc *ludpp;
char *domain;
DialogAction rc = DIALOG_NEXT;
@@ -678,7 +690,8 @@
localLdapURL = UTF8ToLocal(me->manager()->getDefaultScript()->get(CONFIG_LDAP_URL));
hostPortURL = stripConfigLdapURL(localLdapURL);
- sprintf(text2, " %s", (const char *)hostPortURL);
+ snprintf(text2, sizeof(text2), " %s", (const char *)hostPortURL);
+ text2[sizeof(text2)-1] = 0;
free (localLdapURL);
@@ -842,7 +855,6 @@
const char *ldapURL;
const char *buf = me->input();
NSString errMsg;
- char tmp[XSM_BUF];
LDAPURLDesc *ludpp;
DialogAction rc = DIALOG_NEXT;
@@ -893,7 +905,8 @@
localLdapURL = UTF8ToLocal(me->manager()->getDefaultScript()->get(UG_LDAP_URL));
- sprintf(text2, " %s", localLdapURL);
+ snprintf(text2, sizeof(text2), " %s", localLdapURL);
+ text2[sizeof(text2)-1] = 0;
free (localLdapURL);
Index: dl-dnld.cc
===================================================================
RCS file: /cvs/dirsec/setuputil/installer/unix/dl-dnld.cc,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- dl-dnld.cc 29 Jul 2005 22:16:30 -0000 1.1.1.1
+++ dl-dnld.cc 23 Mar 2006 15:59:17 -0000 1.2
@@ -28,6 +28,17 @@
** HISTORY
**
** $Log$
+** Revision 1.2 2006/03/23 15:59:17 rmeggins
+** Bug(s) fixed: 186280
+** Bug Description: Close potential security vulnerabilities in CGI code
+** Reviewed by: Nathan & Noriko (Thanks!)
+** Fix Description: Mostly cleaned up usage of sprintf.
+** Platforms tested: Fedora Core 5
+** Flag Day: no
+** Doc impact: no
+** QA impact: should be covered by regular nightly and manual testing
+** New Tests integrated into TET: none
+**
** Revision 1.1.1.1 2005/07/29 22:16:30 foxworth
** Importing new setup sdk for open source project
**
@@ -180,7 +191,8 @@
for (int i = 0; i < p->numName(); i++)
{
s = p->name(i);
- sprintf(tstr, " %d. %s\n", i+1, s);
+ snprintf(tstr, sizeof(tstr), " %d. %s\n", i+1, s);
+ tstr[sizeof(tstr)-1] = 0;
text2 = text2 + tstr;
}
me->setText2(text2.data());
@@ -648,7 +660,7 @@
const char *sysVersion = me->manager()->getDefaultScript()->get(SYS_VERSION);
int i, j;
Bool found = False;
- char tmp[5];
+ char tmp[20];
setupSelectionDialog(me, platformInfo);
@@ -801,17 +813,18 @@
if (err == -1)
{
- sprintf(errMsg, "ERROR: Can't create directory %s\n", ans);
+ snprintf(errMsg, sizeof(errMsg), "ERROR: Can't create directory %s\n", ans);
}
else if (err == -2)
{
- sprintf(errMsg, "ERROR: %s exists and is not a directory.\n", ans);
+ snprintf(errMsg, sizeof(errMsg), "ERROR: %s exists and is not a directory.\n", ans);
}
else if (err == -3)
{
- sprintf(errMsg, "ERROR: Can't write to %s\n", ans);
+ snprintf(errMsg, sizeof(errMsg), "ERROR: Can't write to %s\n", ans);
}
+ errMsg[sizeof(errMsg)-1] = 0;
DialogAlert alert(errMsg);
alert.execute();
Index: dl-inst.cc
===================================================================
RCS file: /cvs/dirsec/setuputil/installer/unix/dl-inst.cc,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- dl-inst.cc 29 Jul 2005 22:16:31 -0000 1.1.1.1
+++ dl-inst.cc 23 Mar 2006 15:59:17 -0000 1.2
@@ -28,6 +28,17 @@
** HISTORY
**
** $Log$
+** Revision 1.2 2006/03/23 15:59:17 rmeggins
+** Bug(s) fixed: 186280
+** Bug Description: Close potential security vulnerabilities in CGI code
+** Reviewed by: Nathan & Noriko (Thanks!)
+** Fix Description: Mostly cleaned up usage of sprintf.
+** Platforms tested: Fedora Core 5
+** Flag Day: no
+** Doc impact: no
+** QA impact: should be covered by regular nightly and manual testing
+** New Tests integrated into TET: none
+**
** Revision 1.1.1.1 2005/07/29 22:16:31 foxworth
** Importing new setup sdk for open source project
**
@@ -406,9 +417,10 @@
else if (installer->checkDiskSpace() == False)
{
char szMsg[2048];
- sprintf(szMsg, "Warning: not enough disk space in the path %s, you can either remove unnecessary \n" \
+ snprintf(szMsg, sizeof(szMsg), "Warning: not enough disk space in the path %s, you can either remove unnecessary \n" \
"files on the destination drive and type Yes to continue, or click \n" \
"CTRL-B to go back and select less products to install\n\n", installer->getServerRoot().data());
+ szMsg[sizeof(szMsg)-1] = 0;
msg = szMsg;
me->setText (msg);
}
@@ -936,7 +948,8 @@
// Ask SS Group
ssGroup = me->manager()->getDefaultScript()->get(SS_GROUP);
- sprintf(tmp, "%s [%s]: ", "System Group", ssGroup.data());
+ snprintf(tmp, sizeof(tmp), "%s [%s]: ", "System Group", ssGroup.data());
+ tmp[sizeof(tmp)-1] = 0;
me->showString(tmp);
if (me->getInput() == 0)
Index: dl-uninst.cc
===================================================================
RCS file: /cvs/dirsec/setuputil/installer/unix/dl-uninst.cc,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- dl-uninst.cc 29 Jul 2005 22:16:31 -0000 1.1.1.1
+++ dl-uninst.cc 23 Mar 2006 15:59:17 -0000 1.2
@@ -28,6 +28,17 @@
** HISTORY
**
** $Log$
+** Revision 1.2 2006/03/23 15:59:17 rmeggins
+** Bug(s) fixed: 186280
+** Bug Description: Close potential security vulnerabilities in CGI code
+** Reviewed by: Nathan & Noriko (Thanks!)
+** Fix Description: Mostly cleaned up usage of sprintf.
+** Platforms tested: Fedora Core 5
+** Flag Day: no
+** Doc impact: no
+** QA impact: should be covered by regular nightly and manual testing
+** New Tests integrated into TET: none
+**
** Revision 1.1.1.1 2005/07/29 22:16:31 foxworth
** Importing new setup sdk for open source project
**
@@ -334,7 +345,8 @@
LDAPURLDesc *ludpp = NULL;
ldap_url_parse ((char *) ldapURL , &ludpp);
- sprintf(tmp, "ldap://%s:389/%s", ludpp->lud_host, ludpp->lud_dn);
+ snprintf(tmp, sizeof(tmp), "ldap://%s:389/%s", ludpp->lud_host, ludpp->lud_dn);
+ tmp[sizeof(tmp)-1] = 0;
ldap_free_urldesc(ludpp);
installInfo->set(CONFIG_LDAP_URL, tmp);
@@ -402,12 +414,13 @@
if (dp && dp->get(s) && q->isSelected() == False)
{
// q is dependent on p and q is not selected
- sprintf(tstr,
+ snprintf(tstr, sizeof(tstr),
getResource(RES_MESSAGE_UNINST_VERIFYSELECTION1),
q->get(PKG_NAME),
p->get(PKG_NAME),
q->get(PKG_NAME),
q->get(PKG_NAME));
+ tstr[sizeof(tstr)-1] = 0;
DialogAlert alert(tstr);
alert.execute();
Index: installer.cc
===================================================================
RCS file: /cvs/dirsec/setuputil/installer/unix/installer.cc,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- installer.cc 13 Dec 2005 20:58:22 -0000 1.3
+++ installer.cc 23 Mar 2006 15:59:17 -0000 1.4
@@ -27,6 +27,17 @@
**
** HISTORY:
** $Log$
+** Revision 1.4 2006/03/23 15:59:17 rmeggins
+** Bug(s) fixed: 186280
+** Bug Description: Close potential security vulnerabilities in CGI code
+** Reviewed by: Nathan & Noriko (Thanks!)
+** Fix Description: Mostly cleaned up usage of sprintf.
+** Platforms tested: Fedora Core 5
+** Flag Day: no
+** Doc impact: no
+** QA impact: should be covered by regular nightly and manual testing
+** New Tests integrated into TET: none
+**
** Revision 1.3 2005/12/13 20:58:22 nhosoi
** [175418] Admin Server ns-update crashes if necessary attribute-value is not given
** 1) Although Admin Server's PostInstall program ns-update expects it, PostInstall
@@ -2292,28 +2303,29 @@
if (err == -1)
{
- sprintf(errMsg, "Can't create directory %s\n", sroot);
+ snprintf(errMsg, sizeof(errMsg), "Can't create directory %s\n", sroot);
}
else if (err == -2)
{
- sprintf(errMsg, "%s exists and is not a directory.\n", sroot);
+ snprintf(errMsg, sizeof(errMsg), "%s exists and is not a directory.\n", sroot);
}
else if (err == -3)
{
- sprintf(errMsg, "Can't write to %s\n", sroot);
+ snprintf(errMsg, sizeof(errMsg), "Can't write to %s\n", sroot);
}
else if (err == -4)
{
- sprintf(errMsg,
+ snprintf(errMsg, sizeof(errMsg),
getResource(RES_MESSAGE_CHECKSERVERROOT1),
sroot);
}
else
{
- sprintf(errMsg,
+ snprintf(errMsg, sizeof(errMsg),
getResource(RES_MESSAGE_CHECKSERVERROOT2),
sroot);
}
+ errMsg[sizeof(errMsg)-1] = 0;
}
return errMsg;
}
@@ -2338,7 +2350,7 @@
}
else if (!p->securityChecked())
{
- sprintf(errMsg,
+ snprintf(errMsg, sizeof(errMsg),
"You are installing %s over an\n"
"existing installation that is of a higher security level.\n"
"Installation over an incompatible security level is not\n"
@@ -2347,7 +2359,7 @@
}
else
{
- sprintf(errMsg,
+ snprintf(errMsg, sizeof(errMsg),
"You are installing %s over an\n"
"existing installation that is incompatible.\n"
"Installation over an incompatible version is not\n"
@@ -2355,6 +2367,7 @@
}
}
}
+ errMsg[sizeof(errMsg)-1] = 0;
return errMsg;
}
@@ -2387,7 +2400,7 @@
{
if ((ok = checkUpdate(p)) == False)
{
- sprintf(errMsg,
+ snprintf(errMsg, sizeof(errMsg),
getResource(RES_MESSAGE_CHECKCOMPONENTDEPENDENCY1),
p->get(PKG_NAME));
}
@@ -2411,7 +2424,7 @@
msg = getResource(RES_MESSAGE_CHECKCOMPONENTDEPENDENCY6);
break;
};
- sprintf(errMsg, msg, p->get(PKG_NAME));
+ snprintf(errMsg, sizeof(errMsg), msg, p->get(PKG_NAME));
}
}
@@ -2432,7 +2445,7 @@
*/
{
// Not compatible
- sprintf(errMsg,
+ snprintf(errMsg, sizeof(errMsg),
getResource(RES_MESSAGE_CHECKCOMPONENTDEPENDENCY2),
p->get(PKG_NAME),
q ? q->get(PKG_NAME) : s.data(),
@@ -2447,6 +2460,7 @@
}
}
+ errMsg[sizeof(errMsg)-1] = 0;
return errMsg;
}
@@ -2474,7 +2488,7 @@
{
if (err == -1)
{
- sprintf(errMsg, "Error: Can't find component %s in the package\n", (const char *) nickname);
+ snprintf(errMsg, sizeof(errMsg), "Error: Can't find component %s in the package\n", (const char *) nickname);
}
else
{
@@ -2483,7 +2497,7 @@
loc2 = getUILocation(nickname);
if (loc2 < loc1)
{
- sprintf(errMsg,
+ snprintf(errMsg, sizeof(errMsg),
getResource(RES_MESSAGE_CHECKCOMPONENTDEPENDENCY2),
p->get(PKG_NAME),
nickname,
@@ -2491,7 +2505,7 @@
}
else
{
- sprintf(errMsg,
+ snprintf(errMsg, sizeof(errMsg),
getResource(RES_MESSAGE_CHECKCOMPONENTDEPENDENCY2),
p->get(PKG_NAME),
nickname,
@@ -2502,6 +2516,7 @@
}
}
+ errMsg[sizeof(errMsg)-1] = 0;
return errMsg;
}
@@ -2527,7 +2542,7 @@
{
if (err == -1)
{
- sprintf(errMsg, "Can't find component: %s\n", (const char *) nickname);
+ snprintf(errMsg, sizeof(errMsg), "Can't find component: %s\n", (const char *) nickname);
}
else
{
@@ -2535,14 +2550,17 @@
loc1 = getUILocation(p->get(PKG_NICKNAME));
loc2 = getUILocation(nickname);
if (loc2 < loc1)
- sprintf(errMsg, "%s's prior component %s is not selected\n", p->get(PKG_NICKNAME), nickname);
+ snprintf(errMsg, sizeof(errMsg),
+ "%s's prior component %s is not selected\n", p->get(PKG_NICKNAME), nickname);
else if (checkAll)
- sprintf(errMsg, "%s's later component %s is not selected\n", p->get(PKG_NICKNAME), nickname);
+ snprintf(errMsg, sizeof(errMsg),
+ "%s's later component %s is not selected\n", p->get(PKG_NICKNAME), nickname);
}
}
}
}
+ errMsg[sizeof(errMsg)-1] = 0;
return errMsg;
}
@@ -2604,7 +2622,7 @@
{
case -1:
- sprintf(errMsg,
+ snprintf(errMsg, sizeof(errMsg),
getResource(RES_MESSAGE_VERIFYSSUSER1),
ssUser);
break;
@@ -2612,7 +2630,7 @@
{
NSString err_text(getResource(RES_MESSAGE_VERIFYSSUSER2, RES_GLOBAL_BRAND));
err_text = err_text + getResource(RES_MESSAGE_VERIFYSSUSER3);
- sprintf(errMsg, err_text, ssUser);
+ snprintf(errMsg, sizeof(errMsg), err_text, ssUser);
break;
}
default:
@@ -2620,6 +2638,7 @@
break;
}
+ errMsg[sizeof(errMsg)-1] = 0;
return errMsg;
}
@@ -2634,19 +2653,19 @@
switch (err)
{
case -1:
- sprintf(errMsg,
+ snprintf(errMsg, sizeof(errMsg),
getResource(RES_MESSAGE_VERIFYSSGROUP1),
ssUser);
break;
case -2:
- sprintf(errMsg,
+ snprintf(errMsg, sizeof(errMsg),
getResource(RES_MESSAGE_VERIFYSSGROUP2),
ssGroup);
break;
case -3:
- sprintf(errMsg,
+ snprintf(errMsg, sizeof(errMsg),
getResource(RES_MESSAGE_VERIFYSSGROUP3),
ssUser,ssGroup);
break;
@@ -2655,7 +2674,7 @@
NSString err_text(getResource(RES_MESSAGE_VERIFYSSGROUP4, RES_GLOBAL_BRAND));
err_text = err_text + getResource(RES_MESSAGE_VERIFYSSGROUP5);
- sprintf(errMsg, err_text, ssUser,ssGroup);
+ snprintf(errMsg, sizeof(errMsg), err_text, ssUser,ssGroup);
break;
}
default:
@@ -2663,6 +2682,7 @@
break;
}
+ errMsg[sizeof(errMsg)-1] = 0;
return errMsg;
}
@@ -2865,7 +2885,7 @@
if (err == INVALID_ROOT)
{
- sprintf(errMsg, getResource(RES_MESSAGE_VERIFYINSTALLPRIVILEGE1, RES_GLOBAL_BRAND));
+ snprintf(errMsg, sizeof(errMsg), getResource(RES_MESSAGE_VERIFYINSTALLPRIVILEGE1, RES_GLOBAL_BRAND));
}
else if (err == INSTALL_DN_ERR)
{
@@ -2874,7 +2894,7 @@
NSString err_text(getResource(RES_MESSAGE_VERIFYINSTALLPRIVILEGE2, RES_GLOBAL_BRAND));
err_text =
err_text + getResource(RES_MESSAGE_VERIFYINSTALLPRIVILEGE22);
- sprintf(errMsg, err_text,
+ snprintf(errMsg, sizeof(errMsg), err_text,
DEFAULT_SS_CONTAINER_RDN, DEFAULT_ROOT_DN);
}
else
@@ -2882,14 +2902,15 @@
NSString err_text(getResource(RES_MESSAGE_VERIFYINSTALLPRIVILEGE3, RES_GLOBAL_BRAND));
err_text =
err_text + getResource(RES_MESSAGE_VERIFYINSTALLPRIVILEGE32);
- sprintf(errMsg, err_text, installDN);
+ snprintf(errMsg, sizeof(errMsg), err_text, installDN);
}
}
else if (err != OKAY)
{
- sprintf(errMsg,
+ snprintf(errMsg, sizeof(errMsg),
getResource(RES_MESSAGE_VERIFYINSTALLPRIVILEGE4), ldapUser);
}
+ errMsg[sizeof(errMsg)-1] = 0;
return errMsg;
}
@@ -2926,8 +2947,8 @@
if (err != OKAY)
{
- sprintf(errMsg, "Setup is unable to detect User Directory Informations from the Server\n");
-
+ snprintf(errMsg, sizeof(errMsg), "Setup is unable to detect User Directory Informations from the Server\n");
+ errMsg[sizeof(errMsg)-1] = 0;
}
return errMsg;
@@ -2950,11 +2971,12 @@
if (err != OKAY)
{
- sprintf(errMsg,
+ snprintf(errMsg, sizeof(errMsg),
"The Server Configuration directory subtree appears not to be set up\n"
"correctly for the installation of Netscape Server products. Please contact\n"
"your directory administrator to verify that the you have write\n"
"access to %s\n", installDN);
+ errMsg[sizeof(errMsg)-1] = 0;
}
return errMsg;
Index: product.cc
===================================================================
RCS file: /cvs/dirsec/setuputil/installer/unix/product.cc,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- product.cc 23 Feb 2006 17:57:02 -0000 1.4
+++ product.cc 23 Mar 2006 15:59:17 -0000 1.5
@@ -27,6 +27,17 @@
**
** HISTORY:
** $Log$
+** Revision 1.5 2006/03/23 15:59:17 rmeggins
+** Bug(s) fixed: 186280
+** Bug Description: Close potential security vulnerabilities in CGI code
+** Reviewed by: Nathan & Noriko (Thanks!)
+** Fix Description: Mostly cleaned up usage of sprintf.
+** Platforms tested: Fedora Core 5
+** Flag Day: no
+** Doc impact: no
+** QA impact: should be covered by regular nightly and manual testing
+** New Tests integrated into TET: none
+**
** Revision 1.4 2006/02/23 17:57:02 nkinder
** https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=182611
** Bug(s) fixed: 182611
@@ -411,7 +422,8 @@
{
char szdir[2048];
//Create an absolute path
- sprintf(szdir,"%s/%s",input, dir->d_name);
+ snprintf(szdir,sizeof(szdir), "%s/%s",input, dir->d_name);
+ szdir[sizeof(szdir)-1] = 0;
//Try removing the directory
int i = rmdir(szdir);
if (i != 0)
@@ -616,7 +628,8 @@
// This is top level master configuration file
init();
- sprintf(tstr, "%s/%s", sourceDir.data(), fileName);
+ snprintf(tstr, sizeof(tstr), "%s/%s", sourceDir.data(), fileName);
+ tstr[sizeof(tstr)-1] = 0;
_packageInfo = new PackageInfo(tstr);
if (_packageInfo->isEmpty() || (componentList = _packageInfo->getListItems(PKG_COMPONENTS)) == NULL || _packageInfo->numSections() == 0)
@@ -680,7 +693,9 @@
init();
- sprintf(tstr, "%s/%s", sourceDir.data(), fileName);
+ snprintf(tstr, sizeof(tstr), "%s/%s", sourceDir.data(), fileName);
+ tstr[sizeof(tstr)-1] = 0;
+
_packageInfo = new PackageInfo(tstr);
if (_packageInfo->isEmpty())
@@ -1277,12 +1292,14 @@
const char *sroot = info->get(SERVER_ROOT);
PackageInfo *p = _packageInfo;
- sprintf(prodinfo, "%s/nyr", sroot);
+ snprintf(prodinfo, sizeof(prodinfo), "%s/nyr", sroot);
+ prodinfo[sizeof(prodinfo)-1] = 0;
if (nyr = fopen(prodinfo,"w"))
fclose(nyr);
// Create new prodinfo
- sprintf(prodinfo, "%s/bin/%s/prodinfo", sroot, get(PKG_NICKNAME));
+ snprintf(prodinfo, sizeof(prodinfo), "%s/bin/%s/prodinfo", sroot, get(PKG_NICKNAME));
+ prodinfo[sizeof(prodinfo)-1] = 0;
p->stampTime();
p->write(prodinfo);
@@ -1551,6 +1568,9 @@
return errMsg;
}
+#define STRINGIZE(x) #x
+#define MYFMT(size) "%" STRINGIZE(size) "s"
+
int
Product::unInstall(const NSString & serverRoot) const
{
@@ -1583,11 +1603,12 @@
if (fp = fopen(logFile.data(), "r"))
{
- while (fscanf(fp, "%s", buf) != EOF)
+ while (fscanf(fp, MYFMT(MED_BUF), buf) != EOF)
{
char suffix[MED_BUF] = "\0";
char *p;
+ buf[sizeof(buf)-1] = 0;
s = buf + serverRoot.length() + 1;
p = strrchr((char *)s, '/');
@@ -1793,7 +1814,6 @@
{
NSString restoreSource;
NSString restoreTarget;
- char buf[SML_BUF];
char **restoreList, **files;
files = restoreList = package()->getListItems(PKG_RESTOREFILES);
@@ -2181,11 +2201,8 @@
NSString name;
const char *version = NULL;
int err = 0;
- char errMsg[BIG_BUF];
int position;
- errMsg[0] = '\0';
-
/*
* Go through the product list and determine whether all dependency
* are satisfied, i.e. if a product depends on one or more products
Index: uninstaller.cc
===================================================================
RCS file: /cvs/dirsec/setuputil/installer/unix/uninstaller.cc,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- uninstaller.cc 29 Jul 2005 22:16:32 -0000 1.1.1.1
+++ uninstaller.cc 23 Mar 2006 15:59:17 -0000 1.2
@@ -27,6 +27,17 @@
**
** HISTORY:
** $Log$
+** Revision 1.2 2006/03/23 15:59:17 rmeggins
+** Bug(s) fixed: 186280
+** Bug Description: Close potential security vulnerabilities in CGI code
+** Reviewed by: Nathan & Noriko (Thanks!)
+** Fix Description: Mostly cleaned up usage of sprintf.
+** Platforms tested: Fedora Core 5
+** Flag Day: no
+** Doc impact: no
+** QA impact: should be covered by regular nightly and manual testing
+** New Tests integrated into TET: none
+**
** Revision 1.1.1.1 2005/07/29 22:16:32 foxworth
** Importing new setup sdk for open source project
**
@@ -399,7 +410,7 @@
if (_serverRoot == (char *) NULL)
{
- sprintf(buf, "ERROR: please specify a server root\n");
+ snprintf(buf, sizeof(buf), "ERROR: please specify a server root\n");
rc = -1;
}
else
@@ -408,17 +419,17 @@
if (InstUtil::isServerRoot(_serverRoot) == False)
{
- sprintf(buf, "ERROR: %s is not a server root\n", _serverRoot.data());
+ snprintf(buf, sizeof(buf), "ERROR: %s is not a server root\n", _serverRoot.data());
rc = -1;
}
else if (_newSuiteSpot.retrieveSuiteSpot(sourceDir, infName) != 0)
{
- sprintf(buf,"ERROR: uninstallation database not found\n");
+ snprintf(buf, sizeof(buf), "ERROR: uninstallation database not found\n");
rc = -1;
}
else if (_newSuiteSpot.numComponents() == 0)
{
- sprintf(buf, "ERROR: nothing to remove\n");
+ snprintf(buf, sizeof(buf), "ERROR: nothing to remove\n");
rc = -1;
}
else
@@ -433,6 +444,7 @@
if (rc)
{
+ buf[sizeof(buf)-1] = 0;
printf(buf);
return rc;
}
Index: ux-setup.cc
===================================================================
RCS file: /cvs/dirsec/setuputil/installer/unix/ux-setup.cc,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- ux-setup.cc 29 Jul 2005 22:16:32 -0000 1.1.1.1
+++ ux-setup.cc 23 Mar 2006 15:59:17 -0000 1.2
@@ -28,6 +28,17 @@
** HISTORY
**
** $Log$
+** Revision 1.2 2006/03/23 15:59:17 rmeggins
+** Bug(s) fixed: 186280
+** Bug Description: Close potential security vulnerabilities in CGI code
+** Reviewed by: Nathan & Noriko (Thanks!)
+** Fix Description: Mostly cleaned up usage of sprintf.
+** Platforms tested: Fedora Core 5
+** Flag Day: no
+** Doc impact: no
+** QA impact: should be covered by regular nightly and manual testing
+** New Tests integrated into TET: none
+**
** Revision 1.1.1.1 2005/07/29 22:16:32 foxworth
** Importing new setup sdk for open source project
**
@@ -278,8 +289,6 @@
if (ldapURL && ldap_url_parse(ldapURL, &ludpp) == 0)
{
- char tmp[10];
-
_installInfo->set(CONFIG_LDAP_URL, ldapURL);
_installInfo->set(DS_ADMIN_DOMAIN, installDN);
@@ -319,17 +328,17 @@
errMsg[0] = 0;
break;
case INVALID_URL:
- sprintf(errMsg, "The URL \"%s\" is not of valid format.\n", localLdapURL);
+ snprintf(errMsg, sizeof(errMsg), "The URL \"%s\" is not of valid format.\n", localLdapURL);
break;
case CONN_FAILED:
- sprintf(errMsg,
+ snprintf(errMsg, sizeof(errMsg),
"Cannot connect to URL \"%s\".\n"
" The server may have been down. Please fix the problem\n"
" before proceeding with installation.\n",
localLdapURL);
break;
case INVALID_DN:
- sprintf(errMsg,
+ snprintf(errMsg, sizeof(errMsg),
"setup cannot verify the base suffix as specified in\n"
" \"%s\".\n"
" Please check the base suffix and re-enter the URL.\n",
@@ -340,6 +349,7 @@
break;
}
free(localLdapURL);
+ errMsg[sizeof(errMsg)-1] = 0;
return errMsg;
}
@@ -359,28 +369,29 @@
switch(err)
{
case INVALID_INPUT:
- sprintf(errMsg, getResource(RES_MESSAGE_VERIFYLDAPUSER1));
+ snprintf(errMsg, sizeof(errMsg), getResource(RES_MESSAGE_VERIFYLDAPUSER1));
break;
case INVALID_URL:
- sprintf(errMsg, getResource(RES_MESSAGE_VERIFYLDAPUSER2), localLdapURL);
+ snprintf(errMsg, sizeof(errMsg), getResource(RES_MESSAGE_VERIFYLDAPUSER2), localLdapURL);
break;
case INVALID_AUTH:
- sprintf(errMsg, getResource(RES_MESSAGE_VERIFYLDAPUSER3));
+ snprintf(errMsg, sizeof(errMsg), getResource(RES_MESSAGE_VERIFYLDAPUSER3));
break;
case CONN_FAILED:
- sprintf(errMsg, getResource(RES_MESSAGE_VERIFYLDAPUSER4));
+ snprintf(errMsg, sizeof(errMsg), getResource(RES_MESSAGE_VERIFYLDAPUSER4));
break;
case INVALID_USER:
- sprintf(errMsg, getResource(RES_MESSAGE_VERIFYLDAPUSER5));
+ snprintf(errMsg, sizeof(errMsg), getResource(RES_MESSAGE_VERIFYLDAPUSER5));
break;
default:
- sprintf(errMsg, getResource(RES_MESSAGE_VERIFYLDAPUSER6));
+ snprintf(errMsg, sizeof(errMsg), getResource(RES_MESSAGE_VERIFYLDAPUSER6));
break;
}
}
free (localLdapURL);
+ errMsg[sizeof(errMsg)-1] = 0;
return errMsg;
}
@@ -391,7 +402,8 @@
{
char filename[200];
- sprintf(filename,"%s/%s", getenv("HOME"), ".nssetup-default");
+ snprintf(filename, sizeof(filename), "%s/%s", getenv("HOME"), ".nssetup-default");
+ filename[sizeof(filename)-1] = 0;
_userDefault.setFormat(1);
_userDefault.read(filename);
}
- Previous message (by thread): [Fedora-directory-commits] setuputil/installer/lib prodinfo.cpp, 1.1.1.1, 1.2 setupapi.cpp, 1.1.1.1, 1.2 uninstall.cpp, 1.1.1.1, 1.2
- Next message (by thread): [Fedora-directory-commits] setuputil/installer/unix/lib dialog.cc, 1.1.1.1, 1.2 ux-curse.c, 1.1.1.1, 1.2 ux-util.cc, 1.1.1.1, 1.2 ux-wrapper.cc, 1.1.1.1, 1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the Fedora-directory-commits
mailing list