pkgtools

morpheus pkg tools
git clone git://git.2f30.org/pkgtools.git
Log | Files | Refs | README | LICENSE

commit b8fa41fe4c24b03f6f401d48bed66ae410168955
parent b80f67639e26331fd944620c057663c0e5072ab0
Author: sin <sin@2f30.org>
Date:   Mon Jun  9 18:39:52 +0100

Check strl{cpy,cat}() calls for truncation

Diffstat:
infopkg.c | 20++++++++++++++++----
installpkg.c | 15++++++++++++---
removepkg.c | 30++++++++++++++++++++++++------
3 files changed, 52 insertions(+), 13 deletions(-)
diff --git a/infopkg.c b/infopkg.c @@ -68,7 +68,10 @@ main(int argc, char *argv[]) if (strcmp(dp->d_name, ".") == 0 || strcmp(dp->d_name, "..") == 0) continue; - strlcpy(path, dp->d_name, sizeof(path)); + if (strlcpy(path, dp->d_name, sizeof(path)) >= sizeof(path)) { + fprintf(stderr, "path too long\n"); + exit(EXIT_FAILURE); + } ownpkg(basename(path), argv[i]); } rewinddir(dir); @@ -90,7 +93,10 @@ ownpkg(const char *pkg, const char *f) for (; *f == '/'; f++) ; - strlcpy(filename, f, sizeof(filename)); + if (strlcpy(filename, f, sizeof(filename)) >= sizeof(filename)) { + fprintf(stderr, "path too long\n"); + exit(EXIT_FAILURE); + } r = lstat(filename, &sb1); if (r < 0) { @@ -102,8 +108,14 @@ ownpkg(const char *pkg, const char *f) exit(EXIT_FAILURE); } - strlcpy(path, "var/pkg/", sizeof(path)); - strlcat(path, pkg, sizeof(path)); + if (strlcpy(path, "var/pkg/", sizeof(path)) >= sizeof(path)) { + fprintf(stderr, "path too long\n"); + exit(EXIT_FAILURE); + } + if (strlcat(path, pkg, sizeof(path)) >= sizeof(path)) { + fprintf(stderr, "path too long\n"); + exit(EXIT_FAILURE); + } fp = fopen(path, "r"); if (!fp) { diff --git a/installpkg.c b/installpkg.c @@ -129,9 +129,18 @@ updatedb(const char *prefix, const char *f) exit(EXIT_FAILURE); } - strlcpy(path, "var/pkg/", sizeof(path)); - strlcpy(filename, f, sizeof(filename)); - strlcat(path, basename(filename), sizeof(path)); + if (strlcpy(path, "var/pkg/", sizeof(path)) >= sizeof(path)) { + fprintf(stderr, "path too long\n"); + exit(EXIT_FAILURE); + } + if (strlcpy(filename, f, sizeof(filename)) >= sizeof(filename)) { + fprintf(stderr, "path too long\n"); + exit(EXIT_FAILURE); + } + if (strlcat(path, basename(filename), sizeof(path)) >= sizeof(path)) { + fprintf(stderr, "path too long\n"); + exit(EXIT_FAILURE); + } fp = fopen(path, "w"); if (!fp) { diff --git a/removepkg.c b/removepkg.c @@ -74,7 +74,10 @@ main(int argc, char *argv[]) } for (i = 0; i < argc; i++) { - strlcpy(filename, argv[i], sizeof(filename)); + if (strlcpy(filename, argv[i], sizeof(filename)) >= sizeof(filename)) { + fprintf(stderr, "path too long\n"); + exit(EXIT_FAILURE); + } found = 0; while ((dp = readdir(dir))) { @@ -126,8 +129,14 @@ numrefs(const char *f) strcmp(dp->d_name, "..") == 0) continue; - strlcpy(path, "var/pkg/", sizeof(path)); - strlcat(path, dp->d_name, sizeof(path)); + if (strlcpy(path, "var/pkg/", sizeof(path)) >= sizeof(path)) { + fprintf(stderr, "path too long\n"); + exit(EXIT_FAILURE); + } + if (strlcat(path, dp->d_name, sizeof(path)) >= sizeof(path)) { + fprintf(stderr, "path too long\n"); + exit(EXIT_FAILURE); + } fp = fopen(path, "r"); if (!fp) { @@ -183,9 +192,18 @@ removepkg(const char *f) char path[PATH_MAX], filename[PATH_MAX]; int r; - strlcpy(path, "var/pkg/", sizeof(path)); - strlcpy(filename, f, sizeof(filename)); - strlcat(path, basename(filename), sizeof(path)); + if (strlcpy(path, "var/pkg/", sizeof(path)) >= sizeof(path)) { + fprintf(stderr, "path too long\n"); + exit(EXIT_FAILURE); + } + if (strlcpy(filename, f, sizeof(filename)) >= sizeof(filename)) { + fprintf(stderr, "path too long\n"); + exit(EXIT_FAILURE); + } + if (strlcat(path, basename(filename), sizeof(path)) >= sizeof(path)) { + fprintf(stderr, "path too long\n"); + exit(EXIT_FAILURE); + } fp = fopen(path, "r"); if (!fp) {