2005-07-07 Erez Zadok <ezk@cs.sunysb.edu>
+ * m4/macros/header_templates.m4: extern template for strlcat().
+
+ * amd/get_args.c (get_version_string): use safer strlcat (or
+ replacement strlcat). Use new wrapper xsnprintf() function, which
+ will use the safer vsnprintf() if available, else default to plain
+ sprintf.
+
+ * configure.in: check for existence of strlcat() and its extern,
+ replacing with libamu/strlcat.c as needed.
+
+ * libamu/Makefile.am (EXTRA_DIST): add strlcat.c to distro.
+
+ * include/am_defs.h: optional strlcat() extern.
+
+ * include/am_utils.h: extern for new xvsnprintf().
+
* configure.in: overdue new major libtool shlib version.
+ Check for snprintf function and extern.
2005-07-06 Erez Zadok <ezk@cs.sunysb.edu>
* possible running off end of exported_ap[] array.
* buffer overflow in pawd.
* aix4 clean build.
+ * use strlcat/snprintf in a few places for safety.
*** Notes specific to am-utils version 6.1
* SUCH DAMAGE.
*
*
- * $Id: get_args.c,v 1.32 2005/06/04 16:34:33 ezk Exp $
+ * $Id: get_args.c,v 1.33 2005/07/07 23:34:23 ezk Exp $
*
*/
char tmpbuf[1024];
char *wire_buf;
int wire_buf_len = 0;
+ size_t len; /* max allocated length (to avoid buf overflow) */
- /* first get dynamic string listing all known networks */
+ /*
+ * First get dynamic string listing all known networks.
+ * This could be a long list, if host has lots of interfaces.
+ */
wire_buf = print_wires();
if (wire_buf)
wire_buf_len = strlen(wire_buf);
- vers = xmalloc(2048 + wire_buf_len);
- sprintf(vers, "%s\n%s\n%s\n%s\n",
- "Copyright (c) 1997-2005 Erez Zadok",
- "Copyright (c) 1990 Jan-Simon Pendry",
- "Copyright (c) 1990 Imperial College of Science, Technology & Medicine",
- "Copyright (c) 1990 The Regents of the University of California.");
- sprintf(tmpbuf, "%s version %s (build %d).\n",
- PACKAGE_NAME, PACKAGE_VERSION, AMU_BUILD_VERSION);
- strcat(vers, tmpbuf);
- sprintf(tmpbuf, "Report bugs to %s.\n", PACKAGE_BUGREPORT);
- strcat(vers, tmpbuf);
- sprintf(tmpbuf, "Configured by %s@%s on date %s.\n",
- USER_NAME, HOST_NAME, CONFIG_DATE);
- strcat(vers, tmpbuf);
- sprintf(tmpbuf, "Built by %s@%s on date %s.\n",
- BUILD_USER, BUILD_HOST, BUILD_DATE);
- strcat(vers, tmpbuf);
- sprintf(tmpbuf, "cpu=%s (%s-endian), arch=%s, karch=%s.\n",
- cpu, endian, gopt.arch, gopt.karch);
- strcat(vers, tmpbuf);
- sprintf(tmpbuf, "full_os=%s, os=%s, osver=%s, vendor=%s, distro=%s.\n",
- gopt.op_sys_full, gopt.op_sys, gopt.op_sys_ver, gopt.op_sys_vendor, DISTRO_NAME);
- strcat(vers, tmpbuf);
- sprintf(tmpbuf, "domain=%s, host=%s, hostd=%s.\n",
- hostdomain, am_get_hostname(), hostd);
- strcat(vers, tmpbuf);
-
- strcat(vers, "Map support for: ");
+ len = 2048 + wire_buf_len;
+ vers = xmalloc(len);
+ xsnprintf(vers, len, "%s\n%s\n%s\n%s\n",
+ "Copyright (c) 1997-2005 Erez Zadok",
+ "Copyright (c) 1990 Jan-Simon Pendry",
+ "Copyright (c) 1990 Imperial College of Science, Technology & Medicine",
+ "Copyright (c) 1990 The Regents of the University of California.");
+ xsnprintf(tmpbuf, sizeof(tmpbuf), "%s version %s (build %d).\n",
+ PACKAGE_NAME, PACKAGE_VERSION, AMU_BUILD_VERSION);
+ strlcat(vers, tmpbuf, len);
+ xsnprintf(tmpbuf, sizeof(tmpbuf), "Report bugs to %s.\n", PACKAGE_BUGREPORT);
+ strlcat(vers, tmpbuf, len);
+ xsnprintf(tmpbuf, sizeof(tmpbuf), "Configured by %s@%s on date %s.\n",
+ USER_NAME, HOST_NAME, CONFIG_DATE);
+ strlcat(vers, tmpbuf, len);
+ xsnprintf(tmpbuf, sizeof(tmpbuf), "Built by %s@%s on date %s.\n",
+ BUILD_USER, BUILD_HOST, BUILD_DATE);
+ strlcat(vers, tmpbuf, len);
+ xsnprintf(tmpbuf, sizeof(tmpbuf), "cpu=%s (%s-endian), arch=%s, karch=%s.\n",
+ cpu, endian, gopt.arch, gopt.karch);
+ strlcat(vers, tmpbuf, len);
+ xsnprintf(tmpbuf, sizeof(tmpbuf), "full_os=%s, os=%s, osver=%s, vendor=%s, distro=%s.\n",
+ gopt.op_sys_full, gopt.op_sys, gopt.op_sys_ver, gopt.op_sys_vendor, DISTRO_NAME);
+ strlcat(vers, tmpbuf, len);
+ xsnprintf(tmpbuf, sizeof(tmpbuf), "domain=%s, host=%s, hostd=%s.\n",
+ hostdomain, am_get_hostname(), hostd);
+ strlcat(vers, tmpbuf, len);
+
+ strlcat(vers, "Map support for: ", len);
mapc_showtypes(tmpbuf);
- strcat(vers, tmpbuf);
- strcat(vers, ".\nAMFS: ");
+ strlcat(vers, tmpbuf, len);
+ strlcat(vers, ".\nAMFS: ", len);
ops_showamfstypes(tmpbuf);
- strcat(vers, tmpbuf);
- strcat(vers, ", inherit.\nFS: "); /* hack: "show" that we support type:=inherit */
+ strlcat(vers, tmpbuf, len);
+ strlcat(vers, ", inherit.\nFS: ", len); /* hack: "show" that we support type:=inherit */
ops_showfstypes(tmpbuf);
- strcat(vers, tmpbuf);
+ strlcat(vers, tmpbuf, len);
/* append list of networks if available */
if (wire_buf) {
- strcat(vers, wire_buf);
+ strlcat(vers, wire_buf, len);
XFREE(wire_buf);
}
dnl
dnl AC_CONFIG_AUX_DIR(m4)
AC_PREREQ(2.52)
-AC_REVISION($Revision: 1.101 $)
+AC_REVISION($Revision: 1.102 $)
AC_COPYRIGHT([Copyright (c) 1997-2005 Erez Zadok])
dnl find out system type
AC_MSG_NOTICE(*** SYSTEM TYPES ***)
signal \
sigsuspend \
socket \
- strchr \
strcasecmp \
+ strchr \
strcspn \
strdup \
strerror \
+ strlcat \
strlcpy \
strspn \
strstr \
strcasecmp \
strdup \
strerror \
+ strlcat \
strlcpy \
strstr \
ualarm \
sleep \
strcasecmp \
strdup \
+ strlcat \
strlcpy \
strstr \
ualarm \
* SUCH DAMAGE.
*
*
- * $Id: am_defs.h,v 1.60 2005/06/23 20:46:11 ezk Exp $
+ * $Id: am_defs.h,v 1.61 2005/07/07 23:34:23 ezk Exp $
*
*/
extern char *strdup(const char *s);
#endif /* not HAVE_EXTERN_STRDUP */
+#ifndef HAVE_EXTERN_STRLCAT
+/*
+ * define this extern even if function does not exist, for it will
+ * be filled in by libamu/strlcat.c
+ */
+extern size_t strlcat(char *dst, const char *src, size_t siz);
+#endif /* not HAVE_EXTERN_STRLCAT */
+
#ifndef HAVE_EXTERN_STRLCPY
/*
* define this extern even if function does not exist, for it will
* SUCH DAMAGE.
*
*
- * $Id: am_utils.h,v 1.65 2005/04/07 23:31:07 ezk Exp $
+ * $Id: am_utils.h,v 1.66 2005/07/07 23:34:23 ezk Exp $
*
*/
extern int check_pmap_up(char *host, struct sockaddr_in* sin);
extern u_long get_nfs_version(char *host, struct sockaddr_in *sin, u_long nfs_version, const char *proto);
extern long get_server_pid(void);
+extern int xsnprintf(char *str, size_t size, const char *format, ...);
#ifdef MOUNT_TABLE_ON_FILE
strcasecmp.c \
strdup.c \
strerror.c \
+ strlcat.c \
strlcpy.c \
strstr.c \
ualarm.c
--- /dev/null
+/*
+ * Copyright (c) 1997-2005 Erez Zadok
+ * Copyright (c) 1990 Jan-Simon Pendry
+ * Copyright (c) 1990 Imperial College of Science, Technology & Medicine
+ * Copyright (c) 1990 The Regents of the University of California.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Jan-Simon Pendry at Imperial College, London.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgment:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *
+ * $Id: strlcat.c,v 1.1 2005/07/07 23:34:23 ezk Exp $
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif /* HAVE_CONFIG_H */
+#include <am_defs.h>
+#include <amu.h>
+
+/*
+ * Implementation of strlcat(3) from OpenBSD/NetBSD.
+ */
+
+/*
+ * Appends src to string dst of size siz (unlike strncat, siz is the
+ * full size of dst, not space left). At most siz-1 characters
+ * will be copied. Always NUL terminates (unless siz <= strlen(dst)).
+ * Returns strlen(src) + MIN(siz, strlen(initial dst)).
+ * If retval >= siz, truncation occurred.
+ */
+size_t
+strlcat(char *dst, const char *src, size_t siz)
+{
+ char *d = dst;
+ const char *s = src;
+ size_t n = siz;
+ size_t dlen;
+
+ /* Find the end of dst and adjust bytes left but don't go past end */
+ while (n-- != 0 && *d != '\0')
+ d++;
+ dlen = d - dst;
+ n = siz - dlen;
+
+ if (n == 0)
+ return(dlen + strlen(s));
+ while (*s != '\0') {
+ if (n != 1) {
+ *d++ = *s;
+ n--;
+ }
+ s++;
+ }
+ *d = '\0';
+
+ return(dlen + (s - src)); /* count does not include NUL */
+}
* SUCH DAMAGE.
*
*
- * $Id: xutil.c,v 1.37 2005/04/07 05:50:39 ezk Exp $
+ * $Id: xutil.c,v 1.38 2005/07/07 23:34:23 ezk Exp $
*
*/
plog(XLOG_ERROR, "unable to release controlling tty");
}
+
+
+/* our version of snprintf */
+int
+xsnprintf(char *str, size_t size, const char *format, ...)
+{
+ va_list ap;
+ int ret;
+
+ va_start(ap, format);
+#ifdef HAVE_VSNPRINTF
+ ret = vsnprintf(str, size, format, ap);
+#else /* not HAVE_VSNPRINTF */
+ ret = sprintf(str, format, ap); /* less secure version */
+#endif /* not HAVE_VSNPRINTF */
+ va_end(ap);
+ return ret;
+}
AH_TEMPLATE([HAVE_EXTERN_STRDUP],
[does extern definition for strdup() exist?])
+AH_TEMPLATE([HAVE_EXTERN_STRLCAT],
+[does extern definition for strlcat() exist?])
+
AH_TEMPLATE([HAVE_EXTERN_STRLCPY],
[does extern definition for strlcpy() exist?])
projects / am-utils-6.2.git / commitdiff