From c4c2e753712521425758c1b56f4c8ee4fd2ca385 Mon Sep 17 00:00:00 2001 From: Thomas Schmitt Date: Mon, 15 Oct 2007 20:36:33 +0000 Subject: [PATCH] Some safety precautions against malicious input, enabled -cdx, -cdi for -add --- libisoburn/trunk/test/xorriso.c | 144 +++++++++++++++++----- libisoburn/trunk/test/xorriso_timestamp.h | 2 +- 2 files changed, 114 insertions(+), 32 deletions(-) diff --git a/libisoburn/trunk/test/xorriso.c b/libisoburn/trunk/test/xorriso.c index 676bfaf7..488c32c0 100644 --- a/libisoburn/trunk/test/xorriso.c +++ b/libisoburn/trunk/test/xorriso.c @@ -210,6 +210,28 @@ int Sfile_add_to_path(char path[SfileadrL], char *addon, int flag) } +int Sfile_prepend_path(char *prefix, char path[SfileadrL], int flag) +{ + int l, i; + + l= strlen(path)+strlen(prefix)+1; + if(l>=SfileadrL) { + + /* >>> */ + fprintf(stderr, + "--- Combination of wd and relative address too long (%d > %d)\n", + l,SfileadrL-1); + + return(-1); + } + l-= strlen(path); + for(i= strlen(path)+1; i>=0; i--) + path[i+l]= path[i]; + strcpy(path,prefix); + path[l-1]= '/'; + return(1); +} + int Sfile_being_group_member(struct stat *stbuf, int flag) { int i, suppl_groups; @@ -621,6 +643,27 @@ int Sfile_make_argv(char *progname, char *line, int *argc, char ***argv, } +/* @param flag bit0= append */ +int Sfile_str(char target[SfileadrL], char *source, int flag) +{ + int l; + + l= strlen(source); + if(flag&1) + l+= strlen(target); + if(l>=SfileadrL) { + fprintf(stderr, "--- Path string overflow (%d > %d). Malicious input ?\n", + l,SfileadrL-1); + return(0); + } + if(flag&1) + strcat(target, source); + else + strcpy(target, source); + return(1); +} + + /** Combine environment variable HOME with given filename @param filename Address relative to $HOME @param fileadr Resulting combined address @@ -1580,8 +1623,10 @@ return: Sort_argv(o->buffer_fill,o->buffer,0); } if(o->buffer_rptbuffer_fill && !(flag&4)) { - strcpy(reply,o->buffer[o->buffer_rpt]); + ret= Sfile_str(reply,o->buffer[o->buffer_rpt],0); Sregex_string(&(o->buffer[o->buffer_rpt]),NULL,0); + if(ret<=0) + return(-1); (o->buffer_rpt)++; if(!(flag&2)) o->count++; @@ -1603,7 +1648,8 @@ return: break; /* skip "." and ".." */ } while(name[0]=='.' && ((name[1]=='.' && name[2]==0) || name[1]==0)); - strcpy(reply,name); + if(Sfile_str(reply,name,0)<=0) + return(-1); if(!(flag&2)) o->count++; return(1); @@ -1670,8 +1716,10 @@ int Xorriso_new(struct XorrisO ** xorriso,char *progname, int flag) *xorriso= m= TSOB_FELD(struct XorrisO,1); if(m==NULL) return(-1); - strcpy(m->progname,progname); - m->initial_wdx[0]= 0; + strncpy(m->progname,progname,sizeof(m->progname)-1); + m->progname[sizeof(m->progname)-1]= 0; + if(getcwd(m->initial_wdx,sizeof(m->initial_wdx)-1)==NULL) + m->initial_wdx[0]= 0; m->no_rc= 0; m->rc_filename_count= Xorriso_rc_nuM; @@ -1680,7 +1728,7 @@ int Xorriso_new(struct XorrisO ** xorriso,char *progname, int flag) m->rc_filenames[m->rc_filename_count-1][0]= 0; m->wdi[0]= 0; - m->wdx[0]= 0; + strcpy(m->wdx, m->initial_wdx); m->did_something_useful= 0; m->do_joliet= 0; m->do_follow_links= 0; @@ -1882,7 +1930,8 @@ int Xorriso_request_confirmation(struct XorrisO *xorriso, int flag) */ { int ret; - char line[SfileadrL],*cpt,previous_line[SfileadrL],*abort_req_text,*abort_really_text; + char line[SfileadrL],*cpt,previous_line[SfileadrL]; + char *abort_req_text,*abort_really_text; if(flag&8) { abort_req_text= "request to end"; @@ -2146,7 +2195,8 @@ int Xorriso_restxt(struct XorrisO *xorriso, char *text) { int ret; - strcpy(xorriso->result_line,text); + strncpy(xorriso->result_line,text,sizeof(xorriso->result_line)-1); + xorriso->result_line[sizeof(xorriso->result_line)-1]= 0; ret= Xorriso_result(xorriso,0); return(ret); } @@ -2314,8 +2364,12 @@ no_regex_available:; for(i= 0;i=sizeof(adr_part)) + return(-1); strcpy(adr_part,cpt); } else { + if(npt-cpt>=sizeof(adr_part)) + return(-1); strncpy(adr_part,cpt,npt-cpt); adr_part[npt-cpt]= 0; } @@ -2392,8 +2446,11 @@ next_adr_part:; } else if(xorriso->search_mode==3 || xorriso->search_mode==4) { ret= Xorriso__bourne_to_reg(adr,xorriso->reg_expr,0); is_constant= (ret==2); - } else + } else { + if(strlen(adr)>=sizeof(xorriso->reg_expr)) + return(-1); strcpy(xorriso->reg_expr,adr); + } xorriso->re_count= 0; /* tells matcher that this is not structured */ xorriso->re_constants= TSOB_FELD(char *,1); if(xorriso->re_constants==NULL) @@ -2879,7 +2936,8 @@ int Xorriso_option_abort_on(struct XorrisO *xorriso, char *severity, int flag) return(0); } - strcpy(xorriso->abort_on_severity,severity); + if(Sfile_str(xorriso->abort_on_severity,severity,0)<=0) + return(-1); return(1); } @@ -2889,29 +2947,44 @@ int Xorriso_option_add(struct XorrisO *xorriso, int argc, char **argv, int *idx, int flag) { int i, end_idx, ret; - char *target, *source, *ept, *path= NULL; + char target[SfileadrL], source[SfileadrL], *ept; end_idx= Xorriso__end_idx(argc, argv, *idx, 0); for(i= *idx; iallow_graft_points) { - if(Sregex_string(&path,argv[i],0)<=0) { - - /* >>> out of memory */; - - {ret= -1; goto ex;} - } - ret= Fileliste__target_source_limit(path, '=', &ept, 0); + ret= Fileliste__target_source_limit(target, '=', &ept, 0); if(ret>0) { *ept= 0; - source= ept+1; + strcpy(source, ept+1); } } + if(target[0]!='/') { + ret= Sfile_prepend_path(xorriso->wdi, target, 0); + if(ret<=0) + goto ex; + } + +#ifdef No_morE + /* now done in Xorriso_graft_in */ + + l= strlen(target); + while(l>1) /* >>> ??? >0 ? */ + if(target[l-1]=='/') + target[--l]= 0; + else + break; +#endif /* <<< */ + + if(source[0]!='/') { + ret= Sfile_prepend_path(xorriso->wdx, source, 0); + if(ret<=0) + goto ex; + } ret= Xorriso_graft_in(xorriso, source, target, 0); - if(path!=NULL) - Sregex_string(&path,NULL,0); - path= NULL; if(ret<=0) goto ex; } @@ -2991,7 +3064,8 @@ int Xorriso_option_cdi(struct XorrisO *xorriso, char *iso_rr_path, int flag) Xorriso_info(xorriso,0); return(0); } - strcpy(xorriso->wdi,iso_rr_path); + if(Sfile_str(xorriso->wdi,iso_rr_path,0)<=0) + return(-1); l= strlen(xorriso->wdi); while(l>0) if(xorriso->wdi[l-1]=='/') @@ -3037,7 +3111,8 @@ int Xorriso_option_cdx(struct XorrisO *xorriso, char *disk_path, int flag) Xorriso_info(xorriso,0); return(0); } - strcpy(xorriso->wdx,disk_path); + if(Sfile_str(xorriso->wdx,disk_path,0)<=0) + return(-1); l= strlen(xorriso->wdx); while(l>0) if(xorriso->wdx[l-1]=='/') @@ -3196,8 +3271,10 @@ int Xorriso_option_dev(struct XorrisO *xorriso, char *adr, int flag) ret= Xorriso_aquire_drive(xorriso, adr, flag&3); if(ret<=0) return(ret); - strcpy(xorriso->indev, adr); - strcpy(xorriso->outdev, adr); + if(Sfile_str(xorriso->indev, adr, 0)<=0) + return(-1); + if(Sfile_str(xorriso->outdev, adr, 0)<=0) + return(-1); return(1); } @@ -3265,7 +3342,9 @@ int Xorriso_option_end(struct XorrisO *xorriso, int flag) if(ret<=0) return(ret); } - Xorriso_give_up_drive(xorriso, 3); + ret= Xorriso_give_up_drive(xorriso, 3); + if(ret<=0) + return(ret); return(1); } @@ -3685,7 +3764,8 @@ logfile_wrong_form:; fileadr,(errno>0?strerror(errno):"-unknown error-")); Xorriso_info(xorriso,0); } else if(!(hflag&(1<<15))) - strcpy(xorriso->logfile[channel_no], fileadr); + if(Sfile_str(xorriso->logfile[channel_no], fileadr, 0)<=0) + return(-1); return(ret>0); } @@ -3696,7 +3776,7 @@ int Xorriso_option_mark(struct XorrisO *xorriso, char *mark, int flag) if(mark[0]==0) xorriso->mark_text[0]= 0; else - strncpy(xorriso->mark_text,mark,sizeof(xorriso->mark_text)-1); + strncpy(xorriso->mark_text,mark,sizeof(xorriso->mark_text)-1); xorriso->mark_text[sizeof(xorriso->mark_text)-1]= 0; return(1); } @@ -3896,7 +3976,8 @@ int Xorriso_option_prog(struct XorrisO *xorriso, char *name, int flag) Xorriso_info(xorriso,1); return(0); } - strcpy(xorriso->progname,name); + if(Sfile_str(xorriso->progname,name,0)<=0) + return(-1); return(1); } @@ -3920,7 +4001,8 @@ int Xorriso_option_prompt(struct XorrisO *xorriso, char *text, int flag) int ret; char line[80]; - strcpy(xorriso->result_line,text); + strncpy(xorriso->result_line,text,sizeof(xorriso->result_line)-1); + xorriso->result_line[sizeof(xorriso->result_line)-1]= 0; Xorriso_result(xorriso,0); ret= Xorriso_dialog_input(xorriso, line, sizeof(line),1); return(ret); diff --git a/libisoburn/trunk/test/xorriso_timestamp.h b/libisoburn/trunk/test/xorriso_timestamp.h index 75e70657..3d48c192 100644 --- a/libisoburn/trunk/test/xorriso_timestamp.h +++ b/libisoburn/trunk/test/xorriso_timestamp.h @@ -1 +1 @@ -#define Xorriso_timestamP "2007.10.15.160303" +#define Xorriso_timestamP "2007.10.15.203554"