From 373493d3d8478cf5e5c2936df986dd0c046213e3 Mon Sep 17 00:00:00 2001 From: Bill Nottingham Date: Fri, 13 Jun 2003 21:52:17 +0000 Subject: initlog, usernetctl, and ppp-watch fixes () --- src/initlog.c | 10 ++++++---- src/ppp-watch.c | 3 +++ src/process.c | 5 +++-- src/usernetctl.c | 10 +++++++++- 4 files changed, 21 insertions(+), 7 deletions(-) diff --git a/src/initlog.c b/src/initlog.c index 39579eeb..ee7dbd42 100644 --- a/src/initlog.c +++ b/src/initlog.c @@ -272,8 +272,9 @@ int logEvent(char *cmd, int eventtype,char *string) { if (cmd) { logentry.cmd = strdup(basename(cmd)); - if ((logentry.cmd[0] =='K' || logentry.cmd[0] == 'S') && ( 30 <= logentry.cmd[1] <= 39 ) - && ( 30 <= logentry.cmd[2] <= 39 ) ) + if ((logentry.cmd[0] =='K' || logentry.cmd[0] == 'S') && + ( logentry.cmd[1] >= '0' && logentry.cmd[1] <= '9' ) && + ( logentry.cmd[2] >= '0' && logentry.cmd[2] <= '9' ) ) logentry.cmd+=3; } else logentry.cmd = strdup(_("(none)")); @@ -298,8 +299,9 @@ int logString(char *cmd, char *string) { if (cmd) { logentry.cmd = strdup(basename(cmd)); - if ((logentry.cmd[0] =='K' || logentry.cmd[0] == 'S') && ( 30 <= logentry.cmd[1] <= 39 ) - && ( 30 <= logentry.cmd[2] <= 39 ) ) + if ((logentry.cmd[0] =='K' || logentry.cmd[0] == 'S') && + ( logentry.cmd[1] >= '0' && logentry.cmd[1] <= 0x39 ) && + ( logentry.cmd[2] >= '0' && logentry.cmd[2] <= 0x39 ) ) logentry.cmd+=3; } else logentry.cmd = strdup(_("")); diff --git a/src/ppp-watch.c b/src/ppp-watch.c index e383694c..8d947b9d 100644 --- a/src/ppp-watch.c +++ b/src/ppp-watch.c @@ -162,6 +162,9 @@ detach(char *device) { * of the pppd process to its parent (i.e., it reads nothing). */ close (pipeArray[0]); + /* Don't leak this into programs we call. */ + fcntl(pipeArray[1], F_SETFD, FD_CLOEXEC); + /* Redirect stdio to /dev/null. */ fd = open("/dev/null", O_RDONLY); dup2(fd, STDIN_FILENO); diff --git a/src/process.c b/src/process.c index 585123c4..6948b8a4 100644 --- a/src/process.c +++ b/src/process.c @@ -266,8 +266,9 @@ int runCommand(char *cmd, int reexec, int quiet, int debug) { cmdname = basename(args[0]); else cmdname = basename(args[1]); - if ((cmdname[0] =='K' || cmdname[0] == 'S') && ( '0' <= cmdname[1] <= '9' ) - && ( '0' <= cmdname[2] <= '9' ) ) + if ((cmdname[0] =='K' || cmdname[0] == 'S') && + ( cmdname[1] >= '0' && cmdname[1] <= '9' ) && + ( cmdname[2] >= '0' && cmdname[2] <= '9' ) ) cmdname+=3; if (!reexec) { pid=forkCommand(args,&fds[0],&fds[1],NULL,quiet); diff --git a/src/usernetctl.c b/src/usernetctl.c index 238c0aee..2a92fed7 100644 --- a/src/usernetctl.c +++ b/src/usernetctl.c @@ -7,6 +7,7 @@ #include #include #include +#include /* This will be running setuid root, so be careful! */ static char * safeEnviron[] = { @@ -153,8 +154,15 @@ main(int argc, char ** argv) { /* automatically prepend "ifcfg-" if it is not specified */ if (strncmp(ifaceConfig, "ifcfg-", 6)) { char *temp; + size_t len = strlen(ifaceConfig); - temp = (char *) alloca(strlen(ifaceConfig) + 7); + /* Make sure a wise guys hasn't tried an integer wrap-around or + stack overflow attack. There's no way it could refer to anything + bigger than the largest filename, so cut 'em off there. */ + if (len > PATH_MAX) + exit(1); + + temp = (char *) alloca(len + 7); strcpy(temp, "ifcfg-"); /* strcat is safe because we got the length from strlen */ strcat(temp, ifaceConfig); -- cgit v1.2.1