summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAurelien Foret <aurelien@archlinux.org>2005-03-29 17:18:59 +0000
committerAurelien Foret <aurelien@archlinux.org>2005-03-29 17:18:59 +0000
commit6063424c82f18f3ea8bbf9a92fd30b349ec778bd (patch)
tree398d20c2637ddf5a44ddcfbeacb449c256e71c18
parent3ac94cc71905535252db84f8a0c26a4f59d8162c (diff)
downloadpacman-6063424c82f18f3ea8bbf9a92fd30b349ec778bd.tar.xz
Replaced snprintf calls by the SNPRINTF macro to avoid buffer overflows when copying strings
-rw-r--r--lib/libalpm/add.c4
-rw-r--r--lib/libalpm/alpm.c2
-rw-r--r--lib/libalpm/cache.c3
-rw-r--r--lib/libalpm/db.c8
-rw-r--r--lib/libalpm/deps.c40
-rw-r--r--lib/libalpm/group.h4
-rw-r--r--lib/libalpm/package.c20
-rw-r--r--lib/libalpm/util.c2
-rw-r--r--lib/libalpm/util.h5
9 files changed, 48 insertions, 40 deletions
diff --git a/lib/libalpm/add.c b/lib/libalpm/add.c
index dd99313a..1651304f 100644
--- a/lib/libalpm/add.c
+++ b/lib/libalpm/add.c
@@ -349,7 +349,7 @@ int add_commit(pmdb_t *db, pmtrans_t *trans)
info->reason = PM_PKG_REASON_DEPEND;
}*/
/* make an install date (in UTC) */
- strncpy(info->installdate, asctime(gmtime(&t)), sizeof(info->installdate));
+ STRNCPY(info->installdate, asctime(gmtime(&t)), sizeof(info->installdate));
if(db_write(db, info, INFRQ_ALL)) {
_alpm_log(PM_LOG_ERROR, "could not update database entry %s/%s-%s", db->treename, info->name, info->version);
alpm_logaction(NULL, "error updating database for %s-%s!", info->name, info->version);
@@ -415,7 +415,7 @@ int add_commit(pmdb_t *db, pmtrans_t *trans)
char pathname[PATH_MAX];
struct stat buf;
- strncpy(pathname, th_get_pathname(tar), PATH_MAX);
+ STRNCPY(pathname, th_get_pathname(tar), PATH_MAX);
if(!strcmp(pathname, ".PKGINFO") || !strcmp(pathname, ".FILELIST")) {
tar_skip_regfile(tar);
diff --git a/lib/libalpm/alpm.c b/lib/libalpm/alpm.c
index b7987e9d..da879569 100644
--- a/lib/libalpm/alpm.c
+++ b/lib/libalpm/alpm.c
@@ -74,7 +74,7 @@ int alpm_initialize(char *root)
}
}
- strncpy(str, (root) ? root : PM_ROOT, PATH_MAX);
+ STRNCPY(str, (root) ? root : PM_ROOT, PATH_MAX);
/* add a trailing '/' if there isn't one */
if(str[strlen(str)-1] != '/') {
strcat(str, "/");
diff --git a/lib/libalpm/cache.c b/lib/libalpm/cache.c
index 09d508a8..34f3d07c 100644
--- a/lib/libalpm/cache.c
+++ b/lib/libalpm/cache.c
@@ -28,6 +28,7 @@
#include <sys/stat.h>
/* pacman */
#include "list.h"
+#include "util.h"
#include "package.h"
#include "group.h"
#include "db.h"
@@ -125,7 +126,7 @@ int db_load_grpcache(pmdb_t *db)
if(!pm_list_is_strin(i->data, db->grpcache)) {
pmgrp_t *grp = grp_new();
- strncpy(grp->name, (char *)i->data, 256);
+ STRNCPY(grp->name, (char *)i->data, GRP_NAME_LEN);
grp->packages = pm_list_add_sorted(grp->packages, pkg->name, grp_cmp);
db->grpcache = pm_list_add_sorted(db->grpcache, grp, grp_cmp);
} else {
diff --git a/lib/libalpm/db.c b/lib/libalpm/db.c
index b29e1f5c..d45162ad 100644
--- a/lib/libalpm/db.c
+++ b/lib/libalpm/db.c
@@ -55,7 +55,7 @@ pmdb_t *db_open(char *root, char *dbpath, char *treename)
return(NULL);
}
- strncpy(db->treename, treename, DB_TREENAME_LEN-1);
+ STRNCPY(db->treename, treename, DB_TREENAME_LEN);
db->pkgcache = NULL;
db->grpcache = NULL;
@@ -121,7 +121,7 @@ int db_getlastupdate(pmdb_t *db, char *ts)
} else {
char line[256];
if(fgets(line, sizeof(line), fp)) {
- strncpy(ts, line, 15); /* YYYYMMDDHHMMSS */
+ STRNCPY(ts, line, 15); /* YYYYMMDDHHMMSS */
ts[14] = '\0';
} else {
fclose(fp);
@@ -169,7 +169,7 @@ pmpkg_t *db_scan(pmdb_t *db, char *target, unsigned int inforeq)
struct dirent *ent = NULL;
struct stat sbuf;
char path[PATH_MAX];
- char name[PKG_NAME_LEN+PKG_VERSION_LEN];
+ char name[(PKG_NAME_LEN-1)+1+(PKG_VERSION_LEN-1)+1];
char *ptr = NULL;
int ret, found = 0;
pmpkg_t *pkg;
@@ -185,7 +185,7 @@ pmpkg_t *db_scan(pmdb_t *db, char *target, unsigned int inforeq)
if(!strcmp(ent->d_name, ".") || !strcmp(ent->d_name, "..")) {
continue;
}
- strncpy(name, ent->d_name, PKG_NAME_LEN+PKG_VERSION_LEN-1);
+ STRNCPY(name, ent->d_name, PKG_NAME_LEN+PKG_VERSION_LEN);
/* stat the entry, make sure it's a directory */
snprintf(path, PATH_MAX, "%s/%s", db->path, name);
if(stat(path, &sbuf) || !S_ISDIR(sbuf.st_mode)) {
diff --git a/lib/libalpm/deps.c b/lib/libalpm/deps.c
index 29033f88..838c7bbe 100644
--- a/lib/libalpm/deps.c
+++ b/lib/libalpm/deps.c
@@ -208,9 +208,9 @@ PMList *checkdeps(pmdb_t *db, unsigned short op, PMList *packages)
MALLOC(miss, sizeof(pmdepmissing_t));
miss->type = PM_DEP_REQUIRED;
miss->depend.mod = depend.mod;
- strncpy(miss->target, p->name, 256);
- strncpy(miss->depend.name, depend.name, 256);
- strncpy(miss->depend.version, depend.version, 64);
+ STRNCPY(miss->target, p->name, PKG_NAME_LEN);
+ STRNCPY(miss->depend.name, depend.name, PKG_NAME_LEN);
+ STRNCPY(miss->depend.version, depend.version, PKG_VERSION_LEN);
if(!pm_list_is_ptrin(baddeps, miss)) {
baddeps = pm_list_add(baddeps, miss);
}
@@ -237,8 +237,8 @@ PMList *checkdeps(pmdb_t *db, unsigned short op, PMList *packages)
miss->type = PM_DEP_CONFLICT;
miss->depend.mod = PM_DEP_ANY;
miss->depend.version[0] = '\0';
- strncpy(miss->target, tp->name, 256);
- strncpy(miss->depend.name, dp->name, 256);
+ STRNCPY(miss->target, tp->name, PKG_NAME_LEN);
+ STRNCPY(miss->depend.name, dp->name, PKG_NAME_LEN);
if(!pm_list_is_ptrin(baddeps, miss)) {
baddeps = pm_list_add(baddeps, miss);
}
@@ -252,8 +252,8 @@ PMList *checkdeps(pmdb_t *db, unsigned short op, PMList *packages)
miss->type = PM_DEP_CONFLICT;
miss->depend.mod = PM_DEP_ANY;
miss->depend.version[0] = '\0';
- strncpy(miss->target, tp->name, 256);
- strncpy(miss->depend.name, a->name, 256);
+ STRNCPY(miss->target, tp->name, PKG_NAME_LEN);
+ STRNCPY(miss->depend.name, a->name, PKG_NAME_LEN);
if(!pm_list_is_ptrin(baddeps, miss)) {
baddeps = pm_list_add(baddeps, miss);
}
@@ -269,8 +269,8 @@ PMList *checkdeps(pmdb_t *db, unsigned short op, PMList *packages)
miss->type = PM_DEP_CONFLICT;
miss->depend.mod = PM_DEP_ANY;
miss->depend.version[0] = '\0';
- strncpy(miss->target, tp->name, 256);
- strncpy(miss->depend.name, info->name, 256);
+ STRNCPY(miss->target, tp->name, PKG_NAME_LEN);
+ STRNCPY(miss->depend.name, info->name, PKG_NAME_LEN);
if(!pm_list_is_ptrin(baddeps, miss)) {
baddeps = pm_list_add(baddeps, miss);
}
@@ -295,8 +295,8 @@ PMList *checkdeps(pmdb_t *db, unsigned short op, PMList *packages)
miss->type = CONFLICT;
miss->depend.mod = PM_DEP_ANY;
miss->depend.version[0] = '\0';
- strncpy(miss->target, tp->name, 256);
- strncpy(miss->depend.name, k->data, 256);
+ STRNCPY(miss->target, tp->name, PKG_NAME_LEN);
+ STRNCPY(miss->depend.name, k->data, PKG_NAME_LEN);
if(!pm_list_is_in(baddeps, miss)) {
baddeps = pm_list_add(baddeps, miss);
}
@@ -407,9 +407,9 @@ PMList *checkdeps(pmdb_t *db, unsigned short op, PMList *packages)
MALLOC(miss, sizeof(pmdepmissing_t));
miss->type = PM_DEP_DEPEND;
miss->depend.mod = depend.mod;
- strncpy(miss->target, tp->name, 256);
- strncpy(miss->depend.name, depend.name, 256);
- strncpy(miss->depend.version, depend.version, 64);
+ STRNCPY(miss->target, tp->name, PKG_NAME_LEN);
+ STRNCPY(miss->depend.name, depend.name, PKG_NAME_LEN);
+ STRNCPY(miss->depend.version, depend.version, PKG_VERSION_LEN);
if(!pm_list_is_ptrin(baddeps, miss)) {
baddeps = pm_list_add(baddeps, miss);
}
@@ -430,8 +430,8 @@ PMList *checkdeps(pmdb_t *db, unsigned short op, PMList *packages)
miss->type = PM_DEP_REQUIRED;
miss->depend.mod = PM_DEP_ANY;
miss->depend.version[0] = '\0';
- strncpy(miss->target, tp->name, 256);
- strncpy(miss->depend.name, (char *)j->data, 256);
+ STRNCPY(miss->target, tp->name, PKG_NAME_LEN);
+ STRNCPY(miss->depend.name, (char *)j->data, PKG_NAME_LEN);
if(!pm_list_is_ptrin(baddeps, miss)) {
baddeps = pm_list_add(baddeps, miss);
}
@@ -467,8 +467,8 @@ int splitdep(char *depstr, pmdepend_t *depend)
} else {
/* no version specified - accept any */
depend->mod = PM_DEP_ANY;
- strncpy(depend->name, str, sizeof(depend->name));
- strncpy(depend->version, "", sizeof(depend->version));
+ STRNCPY(depend->name, str, PKG_NAME_LEN);
+ STRNCPY(depend->version, "", PKG_VERSION_LEN);
}
if(ptr == NULL) {
@@ -476,12 +476,12 @@ int splitdep(char *depstr, pmdepend_t *depend)
return(0);
}
*ptr = '\0';
- strncpy(depend->name, str, sizeof(depend->name));
+ STRNCPY(depend->name, str, PKG_NAME_LEN);
ptr++;
if(depend->mod != PM_DEP_EQ) {
ptr++;
}
- strncpy(depend->version, ptr, sizeof(depend->version));
+ STRNCPY(depend->version, ptr, PKG_VERSION_LEN);
FREE(str);
return(0);
diff --git a/lib/libalpm/group.h b/lib/libalpm/group.h
index a2328e0f..64b7f99e 100644
--- a/lib/libalpm/group.h
+++ b/lib/libalpm/group.h
@@ -23,9 +23,11 @@
#include "list.h"
+#define GRP_NAME_LEN 256
+
/* Groups structure */
typedef struct __pmgrp_t {
- char name[256];
+ char name[GRP_NAME_LEN];
PMList *packages; /* List of strings */
} pmgrp_t;
diff --git a/lib/libalpm/package.c b/lib/libalpm/package.c
index 418fefb1..9ffd49b6 100644
--- a/lib/libalpm/package.c
+++ b/lib/libalpm/package.c
@@ -131,28 +131,28 @@ static int parse_descfile(char *descfile, pmpkg_t *info, int output)
key = _alpm_strtoupper(key);
_alpm_strtrim(ptr);
if(!strcmp(key, "PKGNAME")) {
- strncpy(info->name, ptr, sizeof(info->name));
+ STRNCPY(info->name, ptr, sizeof(info->name));
} else if(!strcmp(key, "PKGVER")) {
- strncpy(info->version, ptr, sizeof(info->version));
+ STRNCPY(info->version, ptr, sizeof(info->version));
} else if(!strcmp(key, "PKGDESC")) {
- strncpy(info->desc, ptr, sizeof(info->desc));
+ STRNCPY(info->desc, ptr, sizeof(info->desc));
} else if(!strcmp(key, "GROUP")) {
info->groups = pm_list_add(info->groups, strdup(ptr));
} else if(!strcmp(key, "URL")) {
- strncpy(info->url, ptr, sizeof(info->url));
+ STRNCPY(info->url, ptr, sizeof(info->url));
} else if(!strcmp(key, "LICENSE")) {
- strncpy(info->license, ptr, sizeof(info->license));
+ STRNCPY(info->license, ptr, sizeof(info->license));
} else if(!strcmp(key, "BUILDDATE")) {
- strncpy(info->builddate, ptr, sizeof(info->builddate));
+ STRNCPY(info->builddate, ptr, sizeof(info->builddate));
} else if(!strcmp(key, "INSTALLDATE")) {
- strncpy(info->installdate, ptr, sizeof(info->installdate));
+ STRNCPY(info->installdate, ptr, sizeof(info->installdate));
} else if(!strcmp(key, "PACKAGER")) {
- strncpy(info->packager, ptr, sizeof(info->packager));
+ STRNCPY(info->packager, ptr, sizeof(info->packager));
} else if(!strcmp(key, "ARCH")) {
- strncpy(info->arch, ptr, sizeof(info->arch));
+ STRNCPY(info->arch, ptr, sizeof(info->arch));
} else if(!strcmp(key, "SIZE")) {
char tmp[32];
- strncpy(tmp, ptr, sizeof(tmp));
+ STRNCPY(tmp, ptr, sizeof(tmp));
info->size = atol(tmp);
} else if(!strcmp(key, "DEPEND")) {
info->depends = pm_list_add(info->depends, strdup(ptr));
diff --git a/lib/libalpm/util.c b/lib/libalpm/util.c
index 9e689685..73fed49f 100644
--- a/lib/libalpm/util.c
+++ b/lib/libalpm/util.c
@@ -378,7 +378,7 @@ int _alpm_runscriptlet(char *root, char *installfn, char *script, char *ver, cha
scriptpath = scriptfn + strlen(root) - 1;
return(0);
} else {
- strncpy(scriptfn, installfn, PATH_MAX-1);
+ STRNCPY(scriptfn, installfn, PATH_MAX);
/* chop off the root so we can find the tmpdir in the chroot */
scriptpath = scriptfn + strlen(root) - 1;
}
diff --git a/lib/libalpm/util.h b/lib/libalpm/util.h
index 3776ebbc..7393c8d5 100644
--- a/lib/libalpm/util.h
+++ b/lib/libalpm/util.h
@@ -38,6 +38,11 @@
#define ASSERT(cond, action) do { if(!(cond)) { action; } } while(0)
+#define STRNCPY(s1, s2, len) do { \
+ strncpy(s1, s2, (len)-1); \
+ s1[(len)-1] = 0; \
+} while(0)
+
long _alpm_gzopen_frontend(char *pathname, int oflags, int mode);
int _alpm_makepath(char *path);
int _alpm_copyfile(char *src, char *dest);