diff options
author | Bill Nottingham <notting@redhat.com> | 2003-06-13 21:46:08 +0000 |
---|---|---|
committer | Bill Nottingham <notting@redhat.com> | 2003-06-13 21:46:08 +0000 |
commit | a1264de80fbb439076f4314b16e869fc198fb388 (patch) | |
tree | dc5c973c1fbdf36a20a776055a5c9b24a8f94b6b /src | |
parent | 781b0f41187b41c3cf1d2e0f570ec2432b146660 (diff) | |
download | initscripts-a1264de80fbb439076f4314b16e869fc198fb388.tar initscripts-a1264de80fbb439076f4314b16e869fc198fb388.tar.gz initscripts-a1264de80fbb439076f4314b16e869fc198fb388.tar.bz2 initscripts-a1264de80fbb439076f4314b16e869fc198fb388.tar.xz initscripts-a1264de80fbb439076f4314b16e869fc198fb388.zip |
fix leaked fd, potential usernetctl badness, and initlog/process bogons (<linux_4ever@yahoo.com>)
Diffstat (limited to 'src')
-rw-r--r-- | src/initlog.c | 10 | ||||
-rw-r--r-- | src/ppp-watch.c | 3 | ||||
-rw-r--r-- | src/process.c | 5 | ||||
-rw-r--r-- | src/usernetctl.c | 10 |
4 files changed, 21 insertions, 7 deletions
diff --git a/src/initlog.c b/src/initlog.c index 39579eeb..ee7dbd42 100644 --- a/src/initlog.c +++ b/src/initlog.c @@ -272,8 +272,9 @@ int logEvent(char *cmd, int eventtype,char *string) { if (cmd) { logentry.cmd = strdup(basename(cmd)); - if ((logentry.cmd[0] =='K' || logentry.cmd[0] == 'S') && ( 30 <= logentry.cmd[1] <= 39 ) - && ( 30 <= logentry.cmd[2] <= 39 ) ) + if ((logentry.cmd[0] =='K' || logentry.cmd[0] == 'S') && + ( logentry.cmd[1] >= '0' && logentry.cmd[1] <= '9' ) && + ( logentry.cmd[2] >= '0' && logentry.cmd[2] <= '9' ) ) logentry.cmd+=3; } else logentry.cmd = strdup(_("(none)")); @@ -298,8 +299,9 @@ int logString(char *cmd, char *string) { if (cmd) { logentry.cmd = strdup(basename(cmd)); - if ((logentry.cmd[0] =='K' || logentry.cmd[0] == 'S') && ( 30 <= logentry.cmd[1] <= 39 ) - && ( 30 <= logentry.cmd[2] <= 39 ) ) + if ((logentry.cmd[0] =='K' || logentry.cmd[0] == 'S') && + ( logentry.cmd[1] >= '0' && logentry.cmd[1] <= 0x39 ) && + ( logentry.cmd[2] >= '0' && logentry.cmd[2] <= 0x39 ) ) logentry.cmd+=3; } else logentry.cmd = strdup(_("")); diff --git a/src/ppp-watch.c b/src/ppp-watch.c index c611d7e4..6a304179 100644 --- a/src/ppp-watch.c +++ b/src/ppp-watch.c @@ -162,6 +162,9 @@ detach(char *device) { * of the pppd process to its parent (i.e., it reads nothing). */ close (pipeArray[0]); + /* Don't leak this into programs we call. */ + fcntl(pipeArray[1], F_SETFD, FD_CLOEXEC); + /* Redirect stdio to /dev/null. */ fd = open("/dev/null", O_RDONLY); dup2(fd, STDIN_FILENO); diff --git a/src/process.c b/src/process.c index 585123c4..6948b8a4 100644 --- a/src/process.c +++ b/src/process.c @@ -266,8 +266,9 @@ int runCommand(char *cmd, int reexec, int quiet, int debug) { cmdname = basename(args[0]); else cmdname = basename(args[1]); - if ((cmdname[0] =='K' || cmdname[0] == 'S') && ( '0' <= cmdname[1] <= '9' ) - && ( '0' <= cmdname[2] <= '9' ) ) + if ((cmdname[0] =='K' || cmdname[0] == 'S') && + ( cmdname[1] >= '0' && cmdname[1] <= '9' ) && + ( cmdname[2] >= '0' && cmdname[2] <= '9' ) ) cmdname+=3; if (!reexec) { pid=forkCommand(args,&fds[0],&fds[1],NULL,quiet); diff --git a/src/usernetctl.c b/src/usernetctl.c index e6bc4a22..6ace9e90 100644 --- a/src/usernetctl.c +++ b/src/usernetctl.c @@ -7,6 +7,7 @@ #include <string.h> #include <sys/stat.h> #include <unistd.h> +#include <limits.h> /* This will be running setuid root, so be careful! */ static char * safeEnviron[] = { @@ -156,8 +157,15 @@ main(int argc, char ** argv) { /* automatically prepend "ifcfg-" if it is not specified */ if (strncmp(ifaceConfig, "ifcfg-", 6)) { char *temp; + size_t len = strlen(ifaceConfig); - temp = (char *) alloca(strlen(ifaceConfig) + 7); + /* Make sure a wise guys hasn't tried an integer wrap-around or + stack overflow attack. There's no way it could refer to anything + bigger than the largest filename, so cut 'em off there. */ + if (len > PATH_MAX) + exit(1); + + temp = (char *) alloca(len + 7); strcpy(temp, "ifcfg-"); /* strcat is safe because we got the length from strlen */ strcat(temp, ifaceConfig); |