bryson/pacman
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

use snprintf instead of sprintf

Browse source 
sprintf does not check for buffer overflows (CWE-120)

	modified:   src/pacman/callback.c
This commit is contained in:
Vladislav Nepogodin 2024-01-22 01:54:36 +04:00 committed by Allan McRae
parent b2bb2e2482
commit 01e64e8b6a
11 changed files with 23 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
lib/libalpm/alpm.c
View file

@ -38,7 +38,7 @@ alpm_handle_t SYMEXPORT *alpm_initialize(const char *root, const char *dbpath,
alpm_errno_t myerr; alpm_errno_t myerr;
const char *lf = "db.lck"; const char *lf = "db.lck";
char *hookdir; char *hookdir;
size_t lockfilelen; size_t hookdirlen, lockfilelen;
alpm_handle_t *myhandle = _alpm_handle_new(); alpm_handle_t *myhandle = _alpm_handle_new();
if(myhandle == NULL) { if(myhandle == NULL) {
@ -54,8 +54,9 @@ alpm_handle_t SYMEXPORT *alpm_initialize(const char *root, const char *dbpath,
/* to concatenate myhandle->root (ends with a slash) with SYSHOOKDIR (starts /* to concatenate myhandle->root (ends with a slash) with SYSHOOKDIR (starts
* with a slash) correctly, we skip SYSHOOKDIR[0]; the regular +1 therefore * with a slash) correctly, we skip SYSHOOKDIR[0]; the regular +1 therefore
* disappears from the allocation */ * disappears from the allocation */
MALLOC(hookdir, strlen(myhandle->root) + strlen(SYSHOOKDIR), goto nomem); hookdirlen = strlen(myhandle->root) + strlen(SYSHOOKDIR);
sprintf(hookdir, "%s%s", myhandle->root, &SYSHOOKDIR[1]); MALLOC(hookdir, hookdirlen, goto nomem);
snprintf(hookdir, hookdirlen, "%s%s", myhandle->root, &SYSHOOKDIR[1]);
myhandle->hookdirs = alpm_list_add(NULL, hookdir); myhandle->hookdirs = alpm_list_add(NULL, hookdir);
/* set default database extension */ /* set default database extension */

4
lib/libalpm/be_local.c
View file

@ -677,7 +677,7 @@ char *_alpm_local_db_pkgpath(alpm_db_t *db, alpm_pkg_t *info,
len = strlen(dbpath) + strlen(info->name) + strlen(info->version) + 3; len = strlen(dbpath) + strlen(info->name) + strlen(info->version) + 3;
len += filename ? strlen(filename) : 0; len += filename ? strlen(filename) : 0;
MALLOC(pkgpath, len, RET_ERR(db->handle, ALPM_ERR_MEMORY, NULL)); MALLOC(pkgpath, len, RET_ERR(db->handle, ALPM_ERR_MEMORY, NULL));
sprintf(pkgpath, "%s%s-%s/%s", dbpath, info->name, info->version, snprintf(pkgpath, len, "%s%s-%s/%s", dbpath, info->name, info->version,
filename ? filename : ""); filename ? filename : "");
return pkgpath; return pkgpath;
} }
@ -1164,7 +1164,7 @@ int _alpm_local_db_remove(alpm_db_t *db, alpm_pkg_t *info)
/* file path is too long to remove, hmm. */ /* file path is too long to remove, hmm. */
ret = -1; ret = -1;
} else { } else {
sprintf(name, "%s/%s", pkgpath, dp->d_name); snprintf(name, PATH_MAX, "%s/%s", pkgpath, dp->d_name);
if(unlink(name)) { if(unlink(name)) {
ret = -1; ret = -1;
} }

2
lib/libalpm/be_sync.c
View file

@ -48,7 +48,7 @@ static char *get_sync_dir(alpm_handle_t *handle)
struct stat buf; struct stat buf;
MALLOC(syncpath, len, RET_ERR(handle, ALPM_ERR_MEMORY, NULL)); MALLOC(syncpath, len, RET_ERR(handle, ALPM_ERR_MEMORY, NULL));
sprintf(syncpath, "%s%s", handle->dbpath, "sync/"); snprintf(syncpath, len, "%s%s", handle->dbpath, "sync/");
if(stat(syncpath, &buf) != 0) { if(stat(syncpath, &buf) != 0) {
_alpm_log(handle, ALPM_LOG_DEBUG, "database dir '%s' does not exist, creating it\n", _alpm_log(handle, ALPM_LOG_DEBUG, "database dir '%s' does not exist, creating it\n",

5
lib/libalpm/conflict.c
View file

@ -612,8 +612,9 @@ alpm_list_t *_alpm_db_find_fileconflicts(alpm_handle_t *handle,
/* check if all files of the dir belong to the installed pkg */ /* check if all files of the dir belong to the installed pkg */
if(!resolved_conflict && S_ISDIR(lsbuf.st_mode)) { if(!resolved_conflict && S_ISDIR(lsbuf.st_mode)) {
alpm_list_t *owners; alpm_list_t *owners;
char *dir = malloc(strlen(relative_path) + 2); size_t dir_len = strlen(relative_path) + 2;
sprintf(dir, "%s/", relative_path); char *dir = malloc(dir_len);
snprintf(dir, dir_len, "%s/", relative_path);
owners = alpm_db_find_file_owners(handle->db_local, dir); owners = alpm_db_find_file_owners(handle->db_local, dir);
if(owners) { if(owners) {

4
lib/libalpm/db.c
View file

@ -417,14 +417,14 @@ const char *_alpm_db_path(alpm_db_t *db)
if(db->status & DB_STATUS_LOCAL) { if(db->status & DB_STATUS_LOCAL) {
pathsize = strlen(dbpath) + strlen(db->treename) + 2; pathsize = strlen(dbpath) + strlen(db->treename) + 2;
CALLOC(db->_path, 1, pathsize, RET_ERR(db->handle, ALPM_ERR_MEMORY, NULL)); CALLOC(db->_path, 1, pathsize, RET_ERR(db->handle, ALPM_ERR_MEMORY, NULL));
sprintf(db->_path, "%s%s/", dbpath, db->treename); snprintf(db->_path, pathsize, "%s%s/", dbpath, db->treename);
} else { } else {
const char *dbext = db->handle->dbext; const char *dbext = db->handle->dbext;
pathsize = strlen(dbpath) + 5 + strlen(db->treename) + strlen(dbext) + 1; pathsize = strlen(dbpath) + 5 + strlen(db->treename) + strlen(dbext) + 1;
CALLOC(db->_path, 1, pathsize, RET_ERR(db->handle, ALPM_ERR_MEMORY, NULL)); CALLOC(db->_path, 1, pathsize, RET_ERR(db->handle, ALPM_ERR_MEMORY, NULL));
/* all sync DBs now reside in the sync/ subdir of the dbpath */ /* all sync DBs now reside in the sync/ subdir of the dbpath */
sprintf(db->_path, "%ssync/%s%s", dbpath, db->treename, dbext); snprintf(db->_path, pathsize, "%ssync/%s%s", dbpath, db->treename, dbext);
} }
_alpm_log(db->handle, ALPM_LOG_DEBUG, "database path for tree %s set to %s\n", _alpm_log(db->handle, ALPM_LOG_DEBUG, "database path for tree %s set to %s\n",
db->treename, db->_path); db->treename, db->_path);

6
lib/libalpm/signing.c
View file

@ -316,7 +316,7 @@ static int key_search_keyserver(alpm_handle_t *handle, const char *fpr,
* key fingerprint with 0x, or the lookup will fail. */ * key fingerprint with 0x, or the lookup will fail. */
fpr_len = strlen(fpr); fpr_len = strlen(fpr);
MALLOC(full_fpr, fpr_len + 3, RET_ERR(handle, ALPM_ERR_MEMORY, -1)); MALLOC(full_fpr, fpr_len + 3, RET_ERR(handle, ALPM_ERR_MEMORY, -1));
sprintf(full_fpr, "0x%s", fpr); snprintf(full_fpr, fpr_len + 3, "0x%s", fpr);
gpg_err = gpgme_new(&ctx); gpg_err = gpgme_new(&ctx);
CHECK_ERR(); CHECK_ERR();
@ -816,7 +816,7 @@ char *_alpm_sigpath(alpm_handle_t *handle, const char *path)
} }
len = strlen(path) + 5; len = strlen(path) + 5;
CALLOC(sigpath, len, sizeof(char), RET_ERR(handle, ALPM_ERR_MEMORY, NULL)); CALLOC(sigpath, len, sizeof(char), RET_ERR(handle, ALPM_ERR_MEMORY, NULL));
sprintf(sigpath, "%s.sig", path); snprintf(sigpath, len, "%s.sig", path);
return sigpath; return sigpath;
} }
@ -1085,7 +1085,7 @@ static int parse_subpacket(alpm_handle_t *handle, const char *identifier,
return -1; return -1;
} }
for (i = 0; i < 8; i++) { for (i = 0; i < 8; i++) {
sprintf(&key[i * 2], "%02X", sig[spos + i + 1]); snprintf(&key[i * 2], 3, "%02X", sig[spos + i + 1]);
} }
*keys = alpm_list_add(*keys, strdup(key)); *keys = alpm_list_add(*keys, strdup(key));
break; break;

6
lib/libalpm/sync.c
View file

@ -314,6 +314,7 @@ static int compute_download_size(alpm_pkg_t *newpkg)
off_t size = 0; off_t size = 0;
alpm_handle_t *handle = newpkg->handle; alpm_handle_t *handle = newpkg->handle;
int ret = 0; int ret = 0;
size_t fnamepartlen = 0;
if(newpkg->origin != ALPM_PKG_FROM_SYNCDB) { if(newpkg->origin != ALPM_PKG_FROM_SYNCDB) {
newpkg->infolevel |= INFRQ_DSIZE; newpkg->infolevel |= INFRQ_DSIZE;
@ -331,8 +332,9 @@ static int compute_download_size(alpm_pkg_t *newpkg)
goto finish; goto finish;
} }
CALLOC(fnamepart, strlen(fname) + 6, sizeof(char), return -1); fnamepartlen = strlen(fname) + 6;
sprintf(fnamepart, "%s.part", fname); CALLOC(fnamepart, fnamepartlen, sizeof(char), return -1);
snprintf(fnamepart, fnamepartlen, "%s.part", fname);
fpath = _alpm_filecache_find(handle, fnamepart); fpath = _alpm_filecache_find(handle, fnamepart);
if(fpath) { if(fpath) {
struct stat st; struct stat st;

2
lib/libalpm/trans.c
View file

@ -99,7 +99,7 @@ static alpm_list_t *check_arch(alpm_handle_t *handle, alpm_list_t *pkgs)
const char *pkgver = pkg->version; const char *pkgver = pkg->version;
size_t len = strlen(pkgname) + strlen(pkgver) + strlen(pkgarch) + 3; size_t len = strlen(pkgname) + strlen(pkgver) + strlen(pkgarch) + 3;
MALLOC(string, len, RET_ERR(handle, ALPM_ERR_MEMORY, invalid)); MALLOC(string, len, RET_ERR(handle, ALPM_ERR_MEMORY, invalid));
sprintf(string, "%s-%s-%s", pkgname, pkgver, pkgarch); snprintf(string, len, "%s-%s-%s", pkgname, pkgver, pkgarch);
invalid = alpm_list_add(invalid, string); invalid = alpm_list_add(invalid, string);
} }
} }

2
src/pacman/callback.c
View file

@ -805,7 +805,7 @@ static void draw_pacman_progress_bar(struct pacman_progress_bar *bar)
// fname + digits + ( /) + \0 // fname + digits + ( /) + \0
size_t needed = strlen(fname) + (digits * 2) + 4 + 1; size_t needed = strlen(fname) + (digits * 2) + 4 + 1;
char *name = malloc(needed); char *name = malloc(needed);
sprintf(name, "%s (%*zu/%*zu)", fname, digits, bar->downloaded, digits, bar->howmany); snprintf(name, needed, "%s (%*zu/%*zu)", fname, digits, bar->downloaded, digits, bar->howmany);
free(fname); free(fname);
fname = name; fname = name;
} }

2
src/pacman/package.c
View file

@ -433,7 +433,7 @@ void dump_pkg_backups(alpm_pkg_t *pkg, unsigned short cols)
if(!line) { if(!line) {
goto cleanup; goto cleanup;
} }
sprintf(line, "%s%s %s", root, backup->name, value); snprintf(line, needed, "%s%s %s", root, backup->name, value);
text = alpm_list_add(text, line); text = alpm_list_add(text, line);
} }

2
src/pacman/query.c
View file

@ -66,7 +66,7 @@ static int search_path(char **filename, struct stat *bufptr)
free(envpath); free(envpath);
return -1; return -1;
} }
sprintf(fullname, "%s/%s", path, *filename); snprintf(fullname, plen + flen + 2, "%s/%s", path, *filename);
if(lstat(fullname, bufptr) == 0) { if(lstat(fullname, bufptr) == 0) {
free(*filename); free(*filename);