aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorBill Nottingham <notting@redhat.com>2003-06-13 21:46:08 +0000
committerBill Nottingham <notting@redhat.com>2003-06-13 21:46:08 +0000
commita1264de80fbb439076f4314b16e869fc198fb388 (patch)
treedc5c973c1fbdf36a20a776055a5c9b24a8f94b6b /src
parent781b0f41187b41c3cf1d2e0f570ec2432b146660 (diff)
downloadinitscripts-a1264de80fbb439076f4314b16e869fc198fb388.tar
initscripts-a1264de80fbb439076f4314b16e869fc198fb388.tar.gz
initscripts-a1264de80fbb439076f4314b16e869fc198fb388.tar.bz2
initscripts-a1264de80fbb439076f4314b16e869fc198fb388.tar.xz
initscripts-a1264de80fbb439076f4314b16e869fc198fb388.zip
fix leaked fd, potential usernetctl badness, and initlog/process bogons (<linux_4ever@yahoo.com>)
Diffstat (limited to 'src')
-rw-r--r--src/initlog.c10
-rw-r--r--src/ppp-watch.c3
-rw-r--r--src/process.c5
-rw-r--r--src/usernetctl.c10
4 files changed, 21 insertions, 7 deletions
diff --git a/src/initlog.c b/src/initlog.c
index 39579eeb..ee7dbd42 100644
--- a/src/initlog.c
+++ b/src/initlog.c
@@ -272,8 +272,9 @@ int logEvent(char *cmd, int eventtype,char *string) {
if (cmd) {
logentry.cmd = strdup(basename(cmd));
- if ((logentry.cmd[0] =='K' || logentry.cmd[0] == 'S') && ( 30 <= logentry.cmd[1] <= 39 )
- && ( 30 <= logentry.cmd[2] <= 39 ) )
+ if ((logentry.cmd[0] =='K' || logentry.cmd[0] == 'S') &&
+ ( logentry.cmd[1] >= '0' && logentry.cmd[1] <= '9' ) &&
+ ( logentry.cmd[2] >= '0' && logentry.cmd[2] <= '9' ) )
logentry.cmd+=3;
} else
logentry.cmd = strdup(_("(none)"));
@@ -298,8 +299,9 @@ int logString(char *cmd, char *string) {
if (cmd) {
logentry.cmd = strdup(basename(cmd));
- if ((logentry.cmd[0] =='K' || logentry.cmd[0] == 'S') && ( 30 <= logentry.cmd[1] <= 39 )
- && ( 30 <= logentry.cmd[2] <= 39 ) )
+ if ((logentry.cmd[0] =='K' || logentry.cmd[0] == 'S') &&
+ ( logentry.cmd[1] >= '0' && logentry.cmd[1] <= 0x39 ) &&
+ ( logentry.cmd[2] >= '0' && logentry.cmd[2] <= 0x39 ) )
logentry.cmd+=3;
} else
logentry.cmd = strdup(_(""));
diff --git a/src/ppp-watch.c b/src/ppp-watch.c
index c611d7e4..6a304179 100644
--- a/src/ppp-watch.c
+++ b/src/ppp-watch.c
@@ -162,6 +162,9 @@ detach(char *device) {
* of the pppd process to its parent (i.e., it reads nothing). */
close (pipeArray[0]);
+ /* Don't leak this into programs we call. */
+ fcntl(pipeArray[1], F_SETFD, FD_CLOEXEC);
+
/* Redirect stdio to /dev/null. */
fd = open("/dev/null", O_RDONLY);
dup2(fd, STDIN_FILENO);
diff --git a/src/process.c b/src/process.c
index 585123c4..6948b8a4 100644
--- a/src/process.c
+++ b/src/process.c
@@ -266,8 +266,9 @@ int runCommand(char *cmd, int reexec, int quiet, int debug) {
cmdname = basename(args[0]);
else
cmdname = basename(args[1]);
- if ((cmdname[0] =='K' || cmdname[0] == 'S') && ( '0' <= cmdname[1] <= '9' )
- && ( '0' <= cmdname[2] <= '9' ) )
+ if ((cmdname[0] =='K' || cmdname[0] == 'S') &&
+ ( cmdname[1] >= '0' && cmdname[1] <= '9' ) &&
+ ( cmdname[2] >= '0' && cmdname[2] <= '9' ) )
cmdname+=3;
if (!reexec) {
pid=forkCommand(args,&fds[0],&fds[1],NULL,quiet);
diff --git a/src/usernetctl.c b/src/usernetctl.c
index e6bc4a22..6ace9e90 100644
--- a/src/usernetctl.c
+++ b/src/usernetctl.c
@@ -7,6 +7,7 @@
#include <string.h>
#include <sys/stat.h>
#include <unistd.h>
+#include <limits.h>
/* This will be running setuid root, so be careful! */
static char * safeEnviron[] = {
@@ -156,8 +157,15 @@ main(int argc, char ** argv) {
/* automatically prepend "ifcfg-" if it is not specified */
if (strncmp(ifaceConfig, "ifcfg-", 6)) {
char *temp;
+ size_t len = strlen(ifaceConfig);
- temp = (char *) alloca(strlen(ifaceConfig) + 7);
+ /* Make sure a wise guys hasn't tried an integer wrap-around or
+ stack overflow attack. There's no way it could refer to anything
+ bigger than the largest filename, so cut 'em off there. */
+ if (len > PATH_MAX)
+ exit(1);
+
+ temp = (char *) alloca(len + 7);
strcpy(temp, "ifcfg-");
/* strcat is safe because we got the length from strlen */
strcat(temp, ifaceConfig);