use reasonable buffer sizes for config params, and write safely

into fixed buffers

use reasonable buffer sizes for config params, and write safely
into fixed buffers
1bb84661 · Geoff Simmons · 758a3f0c · 1bb84661 · 1bb84661 · 1bb84661
Commit 1bb84661 authored May 01, 2015 by Geoff Simmons
Hide whitespace changes
Inline Side-by-side

Showing with 39 additions and 32 deletions

config.c src/config.c +15 -10

trackrdrd.c src/trackrdrd.c +8 -7

trackrdrd.h src/trackrdrd.h +16 -15

No files found.
--- a/src/config.c
+++ b/src/config.c
 /*-
- * Copyright (c) 2012-2014 UPLEX Nils Goroll Systemoptimierung
- * Copyright (c) 2012-2014 Otto Gmbh & Co KG
+ * Copyright (c) 2012-2015 UPLEX Nils Goroll Systemoptimierung
+ * Copyright (c) 2012-2015 Otto Gmbh & Co KG
 * All rights reserved
 * Use only with permission
 *
@@ -46,6 +46,7 @@
 #include "config_common.h"

 #include "vas.h"
+#include "vdef.h"

 #define DEFAULT_USER "nobody"

@@ -87,10 +88,12 @@ conf_getUnsignedInt(const char *rval, unsigned *i)
    return(0);
 }

-#define confString(name,fld)         \
-    if (strcmp(lval, (name)) == 0) { \
-        strcpy((config.fld), rval);  \
-        return(0);                   \
+#define confString(name,fld)                    \
+    if (strcmp(lval, (name)) == 0) {            \
+        if (strlen(rval) >= sizeof(config.fld)) \
+            return EINVAL;                      \
+        bprintf((config.fld), "%s", rval);      \
+        return(0);                              \
    }

 #define confUnsigned(name,fld)                   \
@@ -140,10 +143,12 @@ CONF_Add(const char *lval, const char *rval)
    }

    if (strcmp(lval, "syslog.facility") == 0) {
+        if (strlen(rval) + 1 > sizeof(config.syslog_facility_name))
+            return EINVAL;
        if ((ret = conf_getFacility(rval)) < 0)
            return EINVAL;
        config.syslog_facility = ret;
-        strcpy(config.syslog_facility_name, rval);
+        bprintf(config.syslog_facility_name, "%s", rval);
        char *p = &config.syslog_facility_name[0];
        do { *p = toupper(*p); } while (*++p);
        return(0);
@@ -155,7 +160,7 @@ CONF_Add(const char *lval, const char *rval)
        pw = getpwnam(rval);
        if (pw == NULL)
            return(EINVAL);
-        strcpy(config.user_name, pw->pw_name);
+        bprintf(config.user_name, "%s", pw->pw_name);
        config.uid = pw->pw_uid;
        config.gid = pw->pw_gid;
        return(0);
@@ -183,7 +188,7 @@ CONF_Add(const char *lval, const char *rval)
        char *p;
        errno = 0;
        double d = strtod(rval, &p);
-        if (errno == ERANGE)
+        if (errno)
            return errno;
        if (p[0] != '\0' || d < 0 || isnan(d) || !finite(d))
            return EINVAL;
@@ -223,7 +228,7 @@ CONF_Init(void)
    if (pw == NULL)
        pw = getpwuid(getuid());
    AN(pw);
-    strcpy(config.user_name, pw->pw_name);
+    bprintf(config.user_name, "%s", pw->pw_name);
    config.uid = pw->pw_uid;
    config.gid = pw->pw_gid;
 }

--- a/src/trackrdrd.c
+++ b/src/trackrdrd.c
 /*-
- * Copyright (c) 2012-2014 UPLEX Nils Goroll Systemoptimierung
- * Copyright (c) 2012-2014 Otto Gmbh & Co KG
+ * Copyright (c) 2012-2015 UPLEX Nils Goroll Systemoptimierung
+ * Copyright (c) 2012-2015 Otto Gmbh & Co KG
 * All rights reserved
 * Use only with permission
 *
@@ -54,6 +54,7 @@
 #include <pwd.h>

 #include "vas.h"
+#include "vdef.h"

 #include "trackrdrd.h"
 #include "config_common.h"
@@ -276,7 +277,7 @@ main(int argc, char * const *argv)
        usage(EXIT_FAILURE);

    if (c_arg) {
-        strcpy(cli_config_filename, c_arg);
+        bprintf(cli_config_filename, "%s", c_arg);
        printf("Reading config from %s\n", c_arg);
        if (CONF_ReadFile(c_arg, CONF_Add) != 0)
            exit(EXIT_FAILURE);
@@ -304,13 +305,13 @@ main(int argc, char * const *argv)
    }
        
    if (P_arg)
-        strcpy(config.pid_file, P_arg);
+        bprintf(config.pid_file, "%s", P_arg);
    if (n_arg)
-        strcpy(config.varnish_name, n_arg);
+        bprintf(config.varnish_name, "%s", n_arg);
    if (l_arg)
-        strcpy(config.log_file, l_arg);
+        bprintf(config.log_file, "%s", l_arg);
    if (f_arg) {
-        strcpy(config.varnish_bindump, f_arg);
+        bprintf(config.varnish_bindump, "%s", f_arg);
    }
        
    if (LOG_Open(PACKAGE_NAME) != 0) {

--- a/src/trackrdrd.h
+++ b/src/trackrdrd.h
@@ -159,16 +159,25 @@ void CHILD_Main(int readconfig);
 #define EMPTY(s) (s[0] == '\0')

 #define DEFAULT_CONFIG "/etc/trackrdrd.conf"
-char cli_config_filename[BUFSIZ];
+char cli_config_filename[PATH_MAX + 1];

 struct config {
-    char	pid_file[BUFSIZ];
-    char	varnish_name[BUFSIZ];
-    char	vsmfile[PATH_MAX + 1];
-    char	log_file[BUFSIZ];
-    char	varnish_bindump[BUFSIZ];
+    char	pid_file[PATH_MAX];
+    char	varnish_name[PATH_MAX];
+    char	vsmfile[PATH_MAX];
+    char	log_file[PATH_MAX];
+    char	varnish_bindump[PATH_MAX];
+    char	mq_module[PATH_MAX];
+    char	mq_config_file[PATH_MAX];
+    char	user_name[LOGIN_NAME_MAX + 1];
+    char	syslog_facility_name[sizeof("LOCAL0")];
+
+#define DEF_IDLE_PAUSE 0.01
+    double	idle_pause;
+
+    uid_t	uid;
+    gid_t	gid;
    int		syslog_facility;
-    char	syslog_facility_name[BUFSIZ];
    unsigned	monitor_interval;
    unsigned	monitor_workers;

@@ -193,18 +202,10 @@ struct config {
    unsigned	qlen_goal;
 #define DEF_QLEN_GOAL 1024

-    char	mq_module[BUFSIZ];
-    char	mq_config_file[BUFSIZ];
    unsigned	nworkers;
    unsigned	restarts;
    unsigned	restart_pause;
    unsigned	thread_restarts;
-    char	user_name[BUFSIZ];
-    uid_t	uid;
-    gid_t	gid;
-
-#define DEF_IDLE_PAUSE 0.01
-    double	idle_pause;
 } config;

 void CONF_Init(void);