Hi!
On http://www.linuxjournal.com/article.php?sid=5673 I found some source
code scanners.
I used the RATS to detect and fix some possible buffer-overlow bugs.
I haven't fixed everything, the tools are critizing, because I wouldn't
like to make too deep changes to libggi right now.
Things, I am sure, I haven't broken, are in CVS. Other things, I am not
sure, but was relatively quick to fix, are attached.
Can anyone test the patch, if it works ok, please?
Any comments?
CU,
Christoph Egger
E-Mail: [EMAIL PROTECTED]
Index: display/fbdev/mode.c
===================================================================
RCS file: /cvsroot/ggi/ggi-core/libggi/display/fbdev/mode.c,v
retrieving revision 1.8
diff -u -r1.8 mode.c
--- display/fbdev/mode.c 2001/09/20 05:10:16 1.8
+++ display/fbdev/mode.c 2002/01/26 19:37:35
@@ -98,23 +98,27 @@
return 0;
case 3: if (GT_SCHEME(LIBGGI_GT(vis)) == GT_TEXT) {
- sprintf(apiname, "generic-text-%d", size);
+ snprintf(apiname, GGI_MAX_APILEN,
+ "generic-text-%d", size);
return 0;
}
if (priv->fix.type == FB_TYPE_PLANES) {
- strcpy(apiname, "generic-planar");
+ strncpy(apiname, GGI_MAX_APILEN,
+ "generic-planar");
return 0;
}
if (priv->fix.type == FB_TYPE_INTERLEAVED_PLANES) {
- sprintf(apiname, "generic-%s",
+ snprintf(apiname, GGI_MAX_APILEN,
+ "generic-%s",
(priv->fix.type_aux == 2) ?
"iplanar-2p" : "ilbm");
return 0;
}
- sprintf(apiname, "generic-linear-%d", size);
+ snprintf(apiname, GGI_MAX_APILEN,
+ "generic-linear-%d", size);
return 0;
case 4:
@@ -123,52 +127,60 @@
in question wants a generic-linear-4r instead of
a generic-linear-4r */
if (GT_SCHEME(LIBGGI_GT(vis)) == GT_TEXT) {
- sprintf(apiname, "fb-generic-%2.2x-text-%d",
+ snprintf(apiname, GGI_MAX_APILEN,
+ "fb-generic-%2.2x-text-%d",
priv->orig_fix.accel, size);
return 0;
}
if (priv->fix.type == FB_TYPE_PLANES) {
- sprintf(apiname, "fb-generic-%2.2x-planar",
+ snprintf(apiname, GGI_MAX_APILEN,
+ "fb-generic-%2.2x-planar",
priv->orig_fix.accel);
return 0;
}
if (priv->fix.type == FB_TYPE_INTERLEAVED_PLANES) {
- sprintf(apiname, "fb-generic-%2.2x-%s",
+ snprintf(apiname, GGI_MAX_APILEN,
+ "fb-generic-%2.2x-%s",
priv->orig_fix.accel ,
(priv->fix.type_aux == 2) ?
"iplanar-2p" : "ilbm");
return 0;
}
- sprintf(apiname, "fb-generic-%2.2x-linear-%d",
+ snprintf(apiname, GGI_MAX_APILEN,
+ "fb-generic-%2.2x-linear-%d",
priv->orig_fix.accel, size);
return 0;
break;
case 5:
if (GT_SCHEME(LIBGGI_GT(vis)) == GT_TEXT) {
- sprintf(apiname, "fb-accel-%2.2x-text-%d",
+ snprintf(apiname, GGI_MAX_APILEN,
+ "fb-accel-%2.2x-text-%d",
priv->orig_fix.accel, size);
return 0;
}
if (priv->fix.type == FB_TYPE_PLANES) {
- sprintf(apiname, "fb-accel-%2.2x-planar",
+ snprintf(apiname, GGI_MAX_APILEN,
+ "fb-accel-%2.2x-planar",
priv->orig_fix.accel);
return 0;
}
if (priv->fix.type == FB_TYPE_INTERLEAVED_PLANES) {
- sprintf(apiname, "fb-accel-%2.2x-%s",
+ snprintf(apiname, GGI_MAX_APILEN,
+ "fb-accel-%2.2x-%s",
priv->orig_fix.accel ,
(priv->fix.type_aux == 2) ?
"iplanar-2p" : "ilbm");
return 0;
}
- sprintf(apiname, "fb-accel-%2.2x-linear-%d",
+ snprintf(apiname, GGI_MAX_APILEN,
+ "fb-accel-%2.2x-linear-%d",
priv->orig_fix.accel, size);
return 0;
break;
Index: display/libkgi/visual.c
===================================================================
RCS file: /cvsroot/ggi/ggi-core/libggi/display/libkgi/visual.c,v
retrieving revision 1.1
diff -u -r1.1 visual.c
--- display/libkgi/visual.c 2001/11/04 22:54:08 1.1
+++ display/libkgi/visual.c 2002/01/26 19:37:37
@@ -58,23 +58,25 @@
switch(num) {
case 0:
- sprintf(apiname, "display-libkgi");
+ snprintf(apiname, GGI_MAX_APILEN, "display-libkgi");
fprintf(stderr, "libkgi getapi returned %s\n", apiname);
return 0;
case 1:
- sprintf(apiname, "display-libkgi-%s",
+ snprintf(apiname, GGI_MAX_APILEN, "display-libkgi-%s",
LIBKGI_PRIV(vis)->suggest);
fprintf(stderr, "libkgi getapi returned %s\n", apiname);
return 0;
case 2:
- strcpy(apiname, "generic-stubs");
+ strcpy(apiname, "generic-stubs");
fprintf(stderr, "libkgi getapi returned %s\n", apiname);
return 0;
case 3:
- sprintf(apiname, "generic-linear-%d",GT_DEPTH(LIBGGI_GT(vis)));
+ snprintf(apiname, GGI_MAX_APILEN,
+ "generic-linear-%d",GT_DEPTH(LIBGGI_GT(vis)));
fprintf(stderr, "libkgi getapi returned %s\n", apiname);
return 0;
- case 4: strcpy(apiname, "generic-color");
+ case 4:
+ strcpy(apiname, "generic-color");
fprintf(stderr, "libkgi getapi returned %s\n", apiname);
return 0;
}
Index: display/tele/libtele.c
===================================================================
RCS file: /cvsroot/ggi/ggi-core/libggi/display/tele/libtele.c,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 libtele.c
--- display/tele/libtele.c 2001/05/12 23:02:31 1.1.1.1
+++ display/tele/libtele.c 2002/01/26 19:37:38
@@ -459,7 +459,7 @@
c->endianness = MY_ENDIAN;
dest_un.sun_family = AF_UNIX;
- strcpy(dest_un.sun_path, addr);
+ strncpy(dest_un.sun_path, addr, strlen(addr)+1);
c->sock_fd = socket(AF_UNIX, SOCK_STREAM, 0);
@@ -734,7 +734,8 @@
if (! s->inet) {
char filename[200];
- sprintf(filename, "%s%d", TELE_FIFO_BASE, s->display);
+ snprintf(filename, 200, "%s%d",
+ TELE_FIFO_BASE, s->display);
unlink(filename);
}
