gnustep/libs-base
0
0
Fork 0
mirror of https://github.com/gnustep/libs-base.git synced 2025-05-30 16:30:41 +00:00
Code Issues Projects Releases Packages Wiki Activity

Limit size of amount of config file data read.

Browse source 
git-svn-id: svn+ssh://svn.gna.org/svn/gnustep/libs/base/trunk@30301 72102866-910b-0410-8b05-ffd578937521
This commit is contained in:
Richard Frith-MacDonald 2010-05-06 05:09:12 +00:00
parent 9fa57f0eed
commit ae539ae03d
2 changed files with 56 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

5
ChangeLog
View file

@ -1,3 +1,8 @@
2010-05-06 Richard Frith-Macdonald <rfm@gnu.org>
* Tools/gdomap.c: Limit config files to containing a thousand entries
for safety/security.
2010-05-05 Richard Frith-Macdonald <rfm@gnu.org> 2010-05-05 Richard Frith-Macdonald <rfm@gnu.org>
* Source/GSHTTPURLHandle.m: * Source/GSHTTPURLHandle.m:

64
Tools/gdomap.c
View file

@ -152,6 +152,7 @@ typedef unsigned char *uptr;
#ifndef __MINGW__ #ifndef __MINGW__
static int is_daemon = 0; /* Currently running as daemon. */ static int is_daemon = 0; /* Currently running as daemon. */
#endif #endif
static int in_config = 0; /* Reading config file. */
static int debug = 0; /* Extra debug gdomap_logging. */ static int debug = 0; /* Extra debug gdomap_logging. */
static int nobcst = 0; /* turn off broadcast probing. */ static int nobcst = 0; /* turn off broadcast probing. */
static int nofork = 0; /* turn off fork() for debugging. */ static int nofork = 0; /* turn off fork() for debugging. */
@ -283,6 +284,15 @@ static int log_priority;
static void static void
gdomap_log (int prio) gdomap_log (int prio)
{ {
if (in_config)
{
#ifndef __MINGW__
if (geteuid () != getuid ())
{
strcpy(ebuf, "problem with config file");
}
#endif
}
if (is_daemon) if (is_daemon)
{ {
syslog (log_priority | prio, "%s", ebuf); syslog (log_priority | prio, "%s", ebuf);
@ -1444,6 +1454,7 @@ load_iface(const char* from)
int line = 0; int line = 0;
int num_iface = 0; int num_iface = 0;
in_config = 1;
if (access(from, R_OK) != 0) if (access(from, R_OK) != 0)
{ {
snprintf(ebuf, sizeof(ebuf), snprintf(ebuf, sizeof(ebuf),
@ -1504,7 +1515,12 @@ load_iface(const char* from)
{ {
continue; continue;
} }
num_iface++; if (num_iface++ > 1000)
{
snprintf(ebuf, sizeof(ebuf), "Too many network interfaces found");
gdomap_log(LOG_CRIT);
exit(EXIT_FAILURE);
}
} }
fseek(fptr, 0, 0); fseek(fptr, 0, 0);
@ -1604,15 +1620,17 @@ load_iface(const char* from)
} }
if (addr[interfaces].s_addr == (uint32_t)-1) if (addr[interfaces].s_addr == (uint32_t)-1)
{ {
snprintf(ebuf, sizeof(ebuf), "line %d of '%s' without valid address", snprintf(ebuf, sizeof(ebuf), "line %d of '%s' bad address (%s)",
line, from); line, from, buf);
gdomap_log(LOG_ERR); gdomap_log(LOG_CRIT);
exit(EXIT_FAILURE);
} }
else if (mask[interfaces].s_addr == (uint32_t)-1) else if (mask[interfaces].s_addr == (uint32_t)-1)
{ {
snprintf(ebuf, sizeof(ebuf), "line %d of '%s' without valid netmask", snprintf(ebuf, sizeof(ebuf), "line %d of '%s' bad netmask (%s)",
line, from); line, from, ptr);
gdomap_log(LOG_ERR); gdomap_log(LOG_CRIT);
exit(EXIT_FAILURE);
} }
else else
{ {
@ -1620,6 +1638,7 @@ load_iface(const char* from)
} }
} }
fclose(fptr); fclose(fptr);
in_config = 0;
} }
/* /*
@ -4567,19 +4586,25 @@ printf(
{ {
FILE *fptr; FILE *fptr;
int line = 0; int line = 0;
int count = 0;
char buf[128]; char buf[128];
in_config = 1;
if (access(optarg, R_OK) != 0) if (access(optarg, R_OK) != 0)
{ {
fprintf(stderr, "Unable to access probe config - '%s'\n", snprintf(ebuf, sizeof(ebuf),
"Unable to access probe config - '%s'\n",
optarg); optarg);
gdomap_log(LOG_CRIT);
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
fptr = fopen(optarg, "rt"); fptr = fopen(optarg, "rt");
if (fptr == 0) if (fptr == 0)
{ {
fprintf(stderr, "Unable to open probe config - '%s'\n", snprintf(ebuf, sizeof(ebuf),
"Unable to open probe config - '%s'\n",
optarg); optarg);
gdomap_log(LOG_CRIT);
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
while (fgets(buf, sizeof(buf), fptr) != 0) while (fgets(buf, sizeof(buf), fptr) != 0)
@ -4628,15 +4653,24 @@ printf(
continue; continue;
} }
if (count++ > 1000)
{
snprintf(ebuf, sizeof(ebuf),
"Too many probe configurations found");
gdomap_log(LOG_CRIT);
exit(EXIT_FAILURE);
}
prb = (plentry*)malloc(sizeof(plentry)); prb = (plentry*)malloc(sizeof(plentry));
memset((char*)prb, '\0', sizeof(plentry)); memset((char*)prb, '\0', sizeof(plentry));
prb->addr.s_addr = inet_addr(buf); prb->addr.s_addr = inet_addr(buf);
if (prb->addr.s_addr == (uint32_t)-1) if (prb->addr.s_addr == (uint32_t)-1)
{ {
fprintf(stderr, snprintf(ebuf, sizeof(ebuf),
"line %d of '%s' is not a valid address\n", "line %d of '%s' (%s) is not a valid address\n",
line, optarg); line, optarg, buf);
free(prb); free(prb);
gdomap_log(LOG_CRIT);
exit(EXIT_FAILURE);
} }
else else
{ {
@ -4655,9 +4689,12 @@ printf(
{ {
if (tmp->addr.s_addr == prb->addr.s_addr) if (tmp->addr.s_addr == prb->addr.s_addr)
{ {
fprintf(stderr, "'%s' repeat in '%s'\n", snprintf(ebuf, sizeof(ebuf),
"'%s' repeat in '%s'\n",
buf, optarg); buf, optarg);
free(prb); free(prb);
gdomap_log(LOG_CRIT);
exit(EXIT_FAILURE);
break; break;
} }
tmp = tmp->next; tmp = tmp->next;
@ -4670,6 +4707,7 @@ printf(
} }
} }
fclose(fptr); fclose(fptr);
in_config = 0;
} }
break; break;