Chameleon

Chameleon Commit Details

Date:2014-01-11 22:48:26 (10 years 2 months ago)
Author:Chuck Fry
Commit:2336
Parents: 2335
Message:Prevent string buffer overflows
Changes:
M/branches/chucko/i386/config/nconf.h
M/branches/chucko/i386/config/confdata.c

File differences

branches/chucko/i386/config/nconf.h
2626
2727
2828
29
30
31
32
33
34
35
36
37
38
3929
4030
4131
#include "ncurses.h"
#define max(a, b) ({\
typeof(a) _a = a;\
typeof(b) _b = b;\
_a > _b ? _a : _b; })
#define min(a, b) ({\
typeof(a) _a = a;\
typeof(b) _b = b;\
_a < _b ? _a : _b; })
typedef enum {
NORMAL = 1,
MAIN_HEADING,
branches/chucko/i386/config/confdata.c
1616
1717
1818
19
20
21
22
23
24
25
26
27
28
1929
2030
2131
......
7585
7686
7787
88
7889
7990
80
81
82
83
91
92
93
94
95
96
97
8498
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
99
100
101
102
103
100104
101
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
102129
103130
104131
......
110137
111138
112139
113
140
114141
115142
116143
......
570597
571598
572599
573
574
575
600
601
602
576603
577
604
578605
579606
580607
......
586613
587614
588615
589
616
590617
591618
592
593
619
620
594621
595622
596623
#define LKC_DIRECT_LINK
#include "lkc.h"
#define max(a, b) ({\
typeof(a) _a = a;\
typeof(b) _b = b;\
_a > _b ? _a : _b; })
#define min(a, b) ({\
typeof(a) _a = a;\
typeof(b) _b = b;\
_a < _b ? _a : _b; })
static void conf_warning(const char *fmt, ...)
__attribute__ ((format (printf, 1, 2)));
return name ? name : "auto.conf";
}
/* TODO: figure out if symbols are always null-terminated */
static char *conf_expand_value(const char *in)
{
struct symbol *sym;
const char *src;
static char res_value[SYMBOL_MAXLENGTH];
char *dst, name[SYMBOL_MAXLENGTH];
static char res_value[SYMBOL_MAXLENGTH + 1];
char name[SYMBOL_MAXLENGTH];
size_t res_rem = SYMBOL_MAXLENGTH;
char *res_ptr = res_value;
const char *src;
*res_ptr = 0;
res_ptr[SYMBOL_MAXLENGTH] = 0;
res_value[0] = 0;
dst = name;
while ((src = strchr(in, '$'))) {
strncat(res_value, in, src - in);
src++;
dst = name;
while (isalnum(*src) || *src == '_')
*dst++ = *src++;
*dst = 0;
sym = sym_lookup(name, 0);
sym_calc_value(sym);
strcat(res_value, sym_get_string_value(sym));
in = src;
}
strcat(res_value, in);
while ((src = strchr(in, '$'))) {
struct symbol *sym;
const char *symval;
char *name_ptr = name;
size_t n = min(res_rem, src - in);
return res_value;
res_ptr = stpncpy(res_ptr, in, n);
if (!(res_rem -= n))
return res_value; /* buffer full, quit now */
src++;
*name_ptr = 0;
while (isalnum(*src) || *src == '_')
*name_ptr++ = *src++;
*name_ptr = 0;
sym = sym_lookup(name, 0);
sym_calc_value(sym);
symval = sym_get_string_value(sym);
n = min(res_rem, strlen(symval));
res_ptr = stpncpy(res_ptr, symval, n);
if (!(res_rem -= n))
return res_value; /* buffer full, quit now */
in = src;
}
strncpy(res_ptr, in, res_rem + 1);
return res_value;
}
char *conf_get_default_confname(void)
name = conf_expand_value(conf_defname);
env = getenv(SRCTREE);
if (env) {
sprintf(fullname, "%s/%s", env, name);
snprintf(fullname, PATH_MAX+1, "%s/%s", env, name);
if (!stat(fullname, &buf))
return fullname;
}
char *slash;
if (!stat(name, &st) && S_ISDIR(st.st_mode)) {
strcpy(dirname, name);
strcat(dirname, "/");
basename = conf_get_configname();
/* FIXME: add length check */
strcpy(stpcpy(dirname, name), "/");
basename = conf_get_configname();
} else if ((slash = strrchr(name, '/'))) {
int size = slash - name + 1;
size_t size = slash - name + 1;
memcpy(dirname, name, size);
dirname[size] = 0;
if (slash[1])
} else
basename = conf_get_configname();
sprintf(newname, "%s%s", dirname, basename);
snprintf(newname, PATH_MAX+1, "%s%s", dirname, basename);
env = getenv("KCONFIG_OVERWRITECONFIG");
if (!env || !*env) {
sprintf(tmpname, "%s.tmpconfig.%d", dirname, (int)getpid());
out = fopen(tmpname, "w");
snprintf(tmpname, PATH_MAX+1, "%s.tmpconfig.%d", dirname, (int)getpid());
out = fopen(tmpname, "w");
} else {
*tmpname = 0;
out = fopen(newname, "w");

Archive Download the corresponding diff file

Revision: 2336