use reasonable buffer sizes for config params, and write safely

into fixed buffers

use reasonable buffer sizes for config params, and write safely
into fixed buffers
59947bda · Geoff Simmons · bcb3ec8c · 59947bda · 59947bda · 59947bda
Commit 59947bda authored May 01, 2015 by Geoff Simmons
Hide whitespace changes
Inline Side-by-side

Showing with 39 additions and 32 deletions

config.c src/config.c +15 -10

trackrdrd.c src/trackrdrd.c +8 -7

trackrdrd.h src/trackrdrd.h +16 -15

No files found.
--- a/src/config.c
+++ b/src/config.c
 /*-
- * Copyright (c) 2012-2014 UPLEX Nils Goroll Systemoptimierung
+ * Copyright (c) 2012-2015 UPLEX Nils Goroll Systemoptimierung
- * Copyright (c) 2012-2014 Otto Gmbh & Co KG
+ * Copyright (c) 2012-2015 Otto Gmbh & Co KG
 * All rights reserved
 * Use only with permission
 *
@@ -46,6 +46,7 @@
 #include "config_common.h"
 #include "vas.h"
+#include "vdef.h"
 #define DEFAULT_USER "nobody"
@@ -87,10 +88,12 @@ conf_getUnsignedInt(const char *rval, unsigned *i)
    return(0);
 }
-#define confString(name,fld)         \
+#define confString(name,fld)                    \
-    if (strcmp(lval, (name)) == 0) { \
+    if (strcmp(lval, (name)) == 0) {            \
-        strcpy((config.fld), rval);  \
+        if (strlen(rval) >= sizeof(config.fld)) \
-        return(0);                   \
+            return EINVAL;                      \
+        bprintf((config.fld), "%s", rval);      \
+        return(0);                              \
    }
 #define confUnsigned(name,fld)                   \
@@ -140,10 +143,12 @@ CONF_Add(const char *lval, const char *rval)
    }
    if (strcmp(lval, "syslog.facility") == 0) {
+        if (strlen(rval) + 1 > sizeof(config.syslog_facility_name))
+            return EINVAL;
        if ((ret = conf_getFacility(rval)) < 0)
            return EINVAL;
        config.syslog_facility = ret;
-        strcpy(config.syslog_facility_name, rval);
+        bprintf(config.syslog_facility_name, "%s", rval);
        char *p = &config.syslog_facility_name[0];
        do { *p = toupper(*p); } while (*++p);
        return(0);
@@ -155,7 +160,7 @@ CONF_Add(const char *lval, const char *rval)
        pw = getpwnam(rval);
        if (pw == NULL)
            return(EINVAL);
-        strcpy(config.user_name, pw->pw_name);
+        bprintf(config.user_name, "%s", pw->pw_name);
        config.uid = pw->pw_uid;
        config.gid = pw->pw_gid;
        return(0);
@@ -183,7 +188,7 @@ CONF_Add(const char *lval, const char *rval)
        char *p;
        errno = 0;
        double d = strtod(rval, &p);
-        if (errno == ERANGE)
+        if (errno)
            return errno;
        if (p[0] != '\0' || d < 0 || isnan(d) || !finite(d))
            return EINVAL;
@@ -223,7 +228,7 @@ CONF_Init(void)
    if (pw == NULL)
        pw = getpwuid(getuid());
    AN(pw);
-    strcpy(config.user_name, pw->pw_name);
+    bprintf(config.user_name, "%s", pw->pw_name);
    config.uid = pw->pw_uid;
    config.gid = pw->pw_gid;
 }

--- a/src/trackrdrd.c
+++ b/src/trackrdrd.c
 /*-
- * Copyright (c) 2012-2014 UPLEX Nils Goroll Systemoptimierung
+ * Copyright (c) 2012-2015 UPLEX Nils Goroll Systemoptimierung
- * Copyright (c) 2012-2014 Otto Gmbh & Co KG
+ * Copyright (c) 2012-2015 Otto Gmbh & Co KG
 * All rights reserved
 * Use only with permission
 *
@@ -54,6 +54,7 @@
 #include <pwd.h>
 #include "vas.h"
+#include "vdef.h"
 #include "trackrdrd.h"
 #include "config_common.h"
@@ -276,7 +277,7 @@ main(int argc, char * const *argv)
        usage(EXIT_FAILURE);
    if (c_arg) {
-        strcpy(cli_config_filename, c_arg);
+        bprintf(cli_config_filename, "%s", c_arg);
        printf("Reading config from %s\n", c_arg);
        if (CONF_ReadFile(c_arg, CONF_Add) != 0)
            exit(EXIT_FAILURE);
@@ -304,13 +305,13 @@ main(int argc, char * const *argv)
    }
    if (P_arg)
-        strcpy(config.pid_file, P_arg);
+        bprintf(config.pid_file, "%s", P_arg);
    if (n_arg)
-        strcpy(config.varnish_name, n_arg);
+        bprintf(config.varnish_name, "%s", n_arg);
    if (l_arg)
-        strcpy(config.log_file, l_arg);
+        bprintf(config.log_file, "%s", l_arg);
    if (f_arg) {
-        strcpy(config.varnish_bindump, f_arg);
+        bprintf(config.varnish_bindump, "%s", f_arg);
    }
    if (LOG_Open(PACKAGE_NAME) != 0) {

--- a/src/trackrdrd.h
+++ b/src/trackrdrd.h
@@ -159,16 +159,25 @@ void CHILD_Main(int readconfig);
 #define EMPTY(s) (s[0] == '\0')
 #define DEFAULT_CONFIG "/etc/trackrdrd.conf"
-char cli_config_filename[BUFSIZ];
+char cli_config_filename[PATH_MAX + 1];
 struct config {
-    char	pid_file[BUFSIZ];
+    char	pid_file[PATH_MAX];
-    char	varnish_name[BUFSIZ];
+    char	varnish_name[PATH_MAX];
-    char	vsmfile[PATH_MAX + 1];
+    char	vsmfile[PATH_MAX];
-    char	log_file[BUFSIZ];
+    char	log_file[PATH_MAX];
-    char	varnish_bindump[BUFSIZ];
+    char	varnish_bindump[PATH_MAX];
+    char	mq_module[PATH_MAX];
+    char	mq_config_file[PATH_MAX];
+    char	user_name[LOGIN_NAME_MAX + 1];
+    char	syslog_facility_name[sizeof("LOCAL0")];
+#define DEF_IDLE_PAUSE 0.01
+    double	idle_pause;
+    uid_t	uid;
+    gid_t	gid;
    int		syslog_facility;
-    char	syslog_facility_name[BUFSIZ];
    unsigned	monitor_interval;
    unsigned	monitor_workers;
@@ -193,18 +202,10 @@ struct config {
    unsigned	qlen_goal;
 #define DEF_QLEN_GOAL 1024
-    char	mq_module[BUFSIZ];
-    char	mq_config_file[BUFSIZ];
    unsigned	nworkers;
    unsigned	restarts;
    unsigned	restart_pause;
    unsigned	thread_restarts;
-    char	user_name[BUFSIZ];
-    uid_t	uid;
-    gid_t	gid;
-#define DEF_IDLE_PAUSE 0.01
-    double	idle_pause;
 } config;
 void CONF_Init(void);