* direntry.c (vfs_s_readlink): Use g_strlcpy instead strncpy.
* ftpfs.c (ftpfs_get_reply): Use g_strlcpy instead strncpy. * extfs.c (extfs_readlink): Fix return value. Use g_strlcpy instead strncpy. * mcfs.c (mcfs_readlink): Fix return value. Use g_strlcpy instead strncpy. * tar.c (tar_read_header): Add additional check for consistency. Fix memory leak. * cpio.c (cpio_defer_find): Remove recursion. (cpio_free_archive): Fix memory leak. (cpio_read_bin_head): Use union for simplicity using of header structure. Add additional check for consistency. (cpio_read_oldc_head): Add additional check for consistency.
Этот коммит содержится в:
родитель
1b80f9ceac
Коммит
15c6e5cae6
@ -1,3 +1,21 @@
|
||||
2004-09-02 Pavel S. Shirshov <pavelsh@mail.ru>
|
||||
|
||||
* direntry.c (vfs_s_readlink): Use g_strlcpy instead strncpy.
|
||||
* ftpfs.c (ftpfs_get_reply): Use g_strlcpy instead strncpy.
|
||||
* extfs.c (extfs_readlink): Fix return value. Use g_strlcpy
|
||||
instead strncpy.
|
||||
* mcfs.c (mcfs_readlink): Fix return value. Use g_strlcpy
|
||||
instead strncpy.
|
||||
* tar.c (tar_read_header): Add additional check for consistency.
|
||||
Fix memory leak.
|
||||
* cpio.c (cpio_defer_find): Remove recursion.
|
||||
(cpio_free_archive): Fix memory leak.
|
||||
(cpio_read_bin_head): Use union for simplicity using of header
|
||||
structure. Add additional check for consistency.
|
||||
(cpio_read_oldc_head): Add additional check for consistency.
|
||||
|
||||
Based on patches from Jakub Jelinek <jakub@redhat.com>
|
||||
|
||||
2004-09-01 Pavel S. Shirshov <pavelsh@mail.ru>
|
||||
|
||||
* fish.c (fish_get_reply): Use g_strlcpy instead
|
||||
|
72
vfs/cpio.c
72
vfs/cpio.c
@ -102,10 +102,9 @@ static int cpio_read(void *fh, char *buffer, int count);
|
||||
static struct defer_inode *
|
||||
cpio_defer_find (struct defer_inode *l, struct defer_inode *i)
|
||||
{
|
||||
if (!l)
|
||||
return NULL;
|
||||
return l->inumber == i->inumber
|
||||
&& l->device == i->device ? l : cpio_defer_find (l->next, i);
|
||||
while (l && (l->inumber != i->inumber || l->device != i->device))
|
||||
l = l->next;
|
||||
return l;
|
||||
}
|
||||
|
||||
static int cpio_skip_padding(struct vfs_s_super *super)
|
||||
@ -127,8 +126,15 @@ static int cpio_skip_padding(struct vfs_s_super *super)
|
||||
|
||||
static void cpio_free_archive(struct vfs_class *me, struct vfs_s_super *super)
|
||||
{
|
||||
struct defer_inode *l, *lnext;
|
||||
if(super->u.arch.fd != -1)
|
||||
mc_close(super->u.arch.fd);
|
||||
super->u.arch.fd = -1;
|
||||
for (l = super->u.arch.deferred; l; l = lnext) {
|
||||
lnext = l->next;
|
||||
g_free (l);
|
||||
}
|
||||
super->u.arch.deferred = NULL;
|
||||
}
|
||||
|
||||
static int
|
||||
@ -247,26 +253,35 @@ static int cpio_find_head(struct vfs_class *me, struct vfs_s_super *super)
|
||||
#define HEAD_LENGTH (26)
|
||||
static int cpio_read_bin_head(struct vfs_class *me, struct vfs_s_super *super)
|
||||
{
|
||||
struct old_cpio_header buf;
|
||||
union {
|
||||
struct old_cpio_header buf;
|
||||
short shorts[HEAD_LENGTH >> 1];
|
||||
} u;
|
||||
int len;
|
||||
char *name;
|
||||
struct stat st;
|
||||
|
||||
if((len = mc_read(super->u.arch.fd, (char *)&buf, HEAD_LENGTH)) < HEAD_LENGTH)
|
||||
if((len = mc_read(super->u.arch.fd, (char *)&u.buf, HEAD_LENGTH)) < HEAD_LENGTH)
|
||||
return STATUS_EOF;
|
||||
CPIO_POS(super) += len;
|
||||
if(super->u.arch.type == CPIO_BINRE) {
|
||||
int i;
|
||||
for(i = 0; i < (HEAD_LENGTH >> 1); i++)
|
||||
((short *)&buf)[i] = GUINT16_SWAP_LE_BE(((short *)&buf)[i]);
|
||||
u.shorts[i] = GUINT16_SWAP_LE_BE(u.shorts[i]);
|
||||
}
|
||||
g_assert(buf.c_magic == 070707);
|
||||
g_assert(u.buf.c_magic == 070707);
|
||||
|
||||
name = g_malloc(buf.c_namesize);
|
||||
if((len = mc_read(super->u.arch.fd, name, buf.c_namesize)) < buf.c_namesize) {
|
||||
if (u.buf.c_namesize == 0 || u.buf.c_namesize > MC_MAXPATHLEN) {
|
||||
message (1, MSG_ERROR, _("Corrupted cpio header encountered in\n%s"),
|
||||
super->name);
|
||||
return STATUS_FAIL;
|
||||
}
|
||||
name = g_malloc(u.buf.c_namesize);
|
||||
if((len = mc_read(super->u.arch.fd, name, u.buf.c_namesize)) < u.buf.c_namesize) {
|
||||
g_free(name);
|
||||
return STATUS_EOF;
|
||||
}
|
||||
name[u.buf.c_namesize - 1] = '\0';
|
||||
CPIO_POS(super) += len;
|
||||
cpio_skip_padding(super);
|
||||
|
||||
@ -275,15 +290,15 @@ static int cpio_read_bin_head(struct vfs_class *me, struct vfs_s_super *super)
|
||||
return STATUS_TRAIL;
|
||||
}
|
||||
|
||||
st.st_dev = buf.c_dev;
|
||||
st.st_ino = buf.c_ino;
|
||||
st.st_mode = buf.c_mode;
|
||||
st.st_nlink = buf.c_nlink;
|
||||
st.st_uid = buf.c_uid;
|
||||
st.st_gid = buf.c_gid;
|
||||
st.st_rdev = buf.c_rdev;
|
||||
st.st_size = (buf.c_filesizes[0] << 16) | buf.c_filesizes[1];
|
||||
st.st_atime = st.st_mtime = st.st_ctime = (buf.c_mtimes[0] << 16) | buf.c_mtimes[1];
|
||||
st.st_dev = u.buf.c_dev;
|
||||
st.st_ino = u.buf.c_ino;
|
||||
st.st_mode = u.buf.c_mode;
|
||||
st.st_nlink = u.buf.c_nlink;
|
||||
st.st_uid = u.buf.c_uid;
|
||||
st.st_gid = u.buf.c_gid;
|
||||
st.st_rdev = u.buf.c_rdev;
|
||||
st.st_size = (u.buf.c_filesizes[0] << 16) | u.buf.c_filesizes[1];
|
||||
st.st_atime = st.st_mtime = st.st_ctime = (u.buf.c_mtimes[0] << 16) | u.buf.c_mtimes[1];
|
||||
|
||||
return cpio_create_entry(me, super, &st, name);
|
||||
}
|
||||
@ -307,16 +322,23 @@ static int cpio_read_oldc_head(struct vfs_class *me, struct vfs_s_super *super)
|
||||
&hd.c_dev, &hd.c_ino, &hd.c_mode, &hd.c_uid, &hd.c_gid,
|
||||
&hd.c_nlink, &hd.c_rdev, &hd.c_mtime,
|
||||
&hd.c_namesize, &hd.c_filesize) < 10) {
|
||||
message (1, MSG_ERROR, _("Corrupted cpio header encountered in\n%s"), super->name);
|
||||
message (1, MSG_ERROR, _("Corrupted cpio header encountered in\n%s"),
|
||||
super->name);
|
||||
return STATUS_FAIL;
|
||||
}
|
||||
|
||||
if (hd.c_namesize == 0 || hd.c_namesize > MC_MAXPATHLEN) {
|
||||
message (1, MSG_ERROR, _("Corrupted cpio header encountered in\n%s"),
|
||||
super->name);
|
||||
return STATUS_FAIL;
|
||||
}
|
||||
name = g_malloc(hd.c_namesize);
|
||||
if((len = mc_read(super->u.arch.fd, name, hd.c_namesize)) == -1 ||
|
||||
(unsigned long) len < hd.c_namesize) {
|
||||
g_free (name);
|
||||
return STATUS_EOF;
|
||||
}
|
||||
name[hd.c_namesize - 1] = '\0';
|
||||
CPIO_POS(super) += len;
|
||||
cpio_skip_padding(super);
|
||||
|
||||
@ -367,12 +389,19 @@ static int cpio_read_crc_head(struct vfs_class *me, struct vfs_s_super *super)
|
||||
(super->u.arch.type == CPIO_CRC && hd.c_magic != 070702))
|
||||
return STATUS_FAIL;
|
||||
|
||||
if (hd.c_namesize == 0 || hd.c_namesize > MC_MAXPATHLEN) {
|
||||
message (1, MSG_ERROR, _("Corrupted cpio header encountered in\n%s"),
|
||||
super->name);
|
||||
return STATUS_FAIL;
|
||||
}
|
||||
|
||||
name = g_malloc(hd.c_namesize);
|
||||
if((len = mc_read(super->u.arch.fd, name, hd.c_namesize)) != -1 &&
|
||||
(unsigned long) len < hd.c_namesize) {
|
||||
g_free (name);
|
||||
return STATUS_EOF;
|
||||
}
|
||||
name[hd.c_namesize - 1] = '\0';
|
||||
CPIO_POS(super) += len;
|
||||
cpio_skip_padding(super);
|
||||
|
||||
@ -435,7 +464,8 @@ cpio_create_entry (struct vfs_class *me, struct vfs_s_super *super,
|
||||
("Inconsistent hardlinks of\n%s\nin cpio archive\n%s"),
|
||||
name, super->name);
|
||||
inode = NULL;
|
||||
}
|
||||
} else if (!inode->st.st_size)
|
||||
inode->st.st_size = st->st_size;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -686,8 +686,7 @@ vfs_s_readlink (struct vfs_class *me, const char *path, char *buf, int size)
|
||||
if (ino->linkname == NULL)
|
||||
ERRNOR (EFAULT, -1);
|
||||
|
||||
strncpy (buf, ino->linkname, size);
|
||||
*(buf+size-1) = 0;
|
||||
g_strlcpy (buf, ino->linkname, size);
|
||||
return strlen (buf);
|
||||
}
|
||||
|
||||
|
10
vfs/extfs.c
10
vfs/extfs.c
@ -978,7 +978,7 @@ extfs_readlink (struct vfs_class *me, const char *path, char *buf, int size)
|
||||
{
|
||||
struct archive *archive;
|
||||
char *q;
|
||||
int i;
|
||||
size_t len;
|
||||
struct entry *entry;
|
||||
char *mpath = g_strdup(path);
|
||||
int result = -1;
|
||||
@ -992,11 +992,9 @@ extfs_readlink (struct vfs_class *me, const char *path, char *buf, int size)
|
||||
me->verrno = EINVAL;
|
||||
goto cleanup;
|
||||
}
|
||||
if (size < (i = strlen (entry->inode->linkname))) {
|
||||
i = size;
|
||||
}
|
||||
strncpy (buf, entry->inode->linkname, i);
|
||||
result = i;
|
||||
len = strlen (entry->inode->linkname);
|
||||
result = len > (size - 1) ? size - 1 : len;
|
||||
g_strlcpy (buf, entry->inode->linkname, result + 1);
|
||||
cleanup:
|
||||
g_free (mpath);
|
||||
return result;
|
||||
|
12
vfs/ftpfs.c
12
vfs/ftpfs.c
@ -262,10 +262,8 @@ ftpfs_get_reply (struct vfs_class *me, int sock, char *string_buf, int string_le
|
||||
}
|
||||
switch (sscanf(answer, "%d", &code)){
|
||||
case 0:
|
||||
if (string_buf) {
|
||||
strncpy (string_buf, answer, string_len - 1);
|
||||
*(string_buf + string_len - 1) = 0;
|
||||
}
|
||||
if (string_buf)
|
||||
g_strlcpy (string_buf, answer, string_len);
|
||||
code = 500;
|
||||
return 5;
|
||||
case 1:
|
||||
@ -282,10 +280,8 @@ ftpfs_get_reply (struct vfs_class *me, int sock, char *string_buf, int string_le
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (string_buf){
|
||||
strncpy (string_buf, answer, string_len - 1);
|
||||
*(string_buf + string_len - 1) = 0;
|
||||
}
|
||||
if (string_buf)
|
||||
g_strlcpy (string_buf, answer, string_len);
|
||||
return code / 100;
|
||||
}
|
||||
}
|
||||
|
10
vfs/mcfs.c
10
vfs/mcfs.c
@ -966,7 +966,8 @@ static int
|
||||
mcfs_readlink (struct vfs_class *me, const char *path, char *buf, int size)
|
||||
{
|
||||
char *remote_file, *stat_str;
|
||||
int status, error;
|
||||
int error;
|
||||
size_t len;
|
||||
mcfs_connection *mc;
|
||||
|
||||
if (!(remote_file = mcfs_get_path (&mc, path)))
|
||||
@ -984,10 +985,9 @@ mcfs_readlink (struct vfs_class *me, const char *path, char *buf, int size)
|
||||
if (!rpc_get (mc->sock, RPC_STRING, &stat_str, RPC_END))
|
||||
return mcfs_set_error (-1, EIO);
|
||||
|
||||
status = strlen (stat_str);
|
||||
if (status < size)
|
||||
size = status;
|
||||
strncpy (buf, stat_str, size);
|
||||
len = strlen (stat_str);
|
||||
size = len > (size - 1) ? size - 1 : len;
|
||||
g_strlcpy (buf, stat_str, size + 1);
|
||||
g_free (stat_str);
|
||||
return size;
|
||||
}
|
||||
|
21
vfs/tar.c
21
vfs/tar.c
@ -410,16 +410,23 @@ tar_read_header (struct vfs_class *me, struct vfs_s_super *archive,
|
||||
char *bp, *data;
|
||||
int size, written;
|
||||
|
||||
if (h_size > MC_MAXPATHLEN) {
|
||||
message (1, MSG_ERROR, _("Inconsistent tar archive"));
|
||||
return STATUS_BADCHECKSUM;
|
||||
}
|
||||
|
||||
longp = ((header->header.linkflag == LF_LONGNAME)
|
||||
? &next_long_name : &next_long_link);
|
||||
|
||||
if (*longp)
|
||||
g_free (*longp);
|
||||
bp = *longp = g_malloc (*h_size);
|
||||
bp = *longp = g_malloc (*h_size + 1);
|
||||
|
||||
for (size = *h_size; size > 0; size -= written) {
|
||||
data = tar_get_next_record (archive, tard)->charptr;
|
||||
if (data == NULL) {
|
||||
g_free (*longp);
|
||||
*longp = NULL;
|
||||
message (1, MSG_ERROR,
|
||||
_("Unexpected EOF on archive file"));
|
||||
return STATUS_BADCHECKSUM;
|
||||
@ -431,10 +438,14 @@ tar_read_header (struct vfs_class *me, struct vfs_s_super *archive,
|
||||
memcpy (bp, data, written);
|
||||
bp += written;
|
||||
}
|
||||
#if 0
|
||||
if (*h_size > 1)
|
||||
bp[*h_size - 1] = 0; /* just to make sure */
|
||||
#endif
|
||||
|
||||
if (bp - *longp == MC_MAXPATHLEN && bp[-1] != '\0') {
|
||||
g_free (*longp);
|
||||
*longp = NULL;
|
||||
message (1, MSG_ERROR, _("Inconsistent tar archive"));
|
||||
return STATUS_BADCHECKSUM;
|
||||
}
|
||||
*bp = 0;
|
||||
goto recurse;
|
||||
} else {
|
||||
struct stat st;
|
||||
|
Загрузка…
Ссылка в новой задаче
Block a user