[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#404235: segfault patch for 404235



Hi,
the provided patch is actually not fixing the issue really.
I attached 2 patches for trr_update and trr_format which 
should fix this.
Please test them before you upload the changes since I don't 
use emacs and have no idea of the program.
But it would be a good idea to do a complete rewrite of the 
code, its really ugly.
Kind regards
NIco

-- 
Nico Golde - http://www.ngolde.de
JAB: nion@jabber.ccc.de - GPG: 0x73647CFF
Forget about that mouse with 3/4/5 buttons,
gimme a keyboard with 103/104/105 keys!
--- /home/nion/build/trr19-1.0beta5/trr_format.c	2006-12-29 17:54:11.000000000 +0100
+++ trr_format.c	2006-12-29 18:27:26.000000000 +0100
@@ -18,6 +18,7 @@
 
 #include <stdlib.h>
 #include <stdio.h>
+#include <limits.h>
 #include <signal.h>
 #include <errno.h>
 #include <pwd.h>
@@ -40,27 +41,25 @@
 
 
 main(int argc, char **argv){
-  char textfile[256], formattedfile[256], lockfile[256], *tmpfname;
-  char command[256], line[1024];
+  char textfile[_POSIX_PATH_MAX], formattedfile[_POSIX_PATH_MAX], lockfile[_POSIX_PATH_MAX], *tmpfname;
+  char command[_POSIX_PATH_MAX], line[_POSIX_PATH_MAX];
   FILE *fd, *tmpfd;
   int i;
   struct passwd *pw = NULL;
 
-
   /* ignore signals */
   signal(SIGHUP, SIG_IGN);
   signal(SIGINT, SIG_IGN);
   signal(SIGQUIT, SIG_IGN);
   signal(SIGTERM, SIG_IGN);
+  if(argc<2){
+    fprintf(stderr, "no file specified..\n");
+    exit(EXIT_FAILURE);
+  }
 
-  strcpy(textfile, TEXT_DIR);
-  strcat(textfile, argv[1]);
-  strcpy(formattedfile, textfile);
-  strcat(formattedfile, ".formed");
-  strcpy(lockfile, textfile);
-  strcat(lockfile, ".lock");
+  snprintf(line, sizeof(line),  "%s%s%s.formed%s.lock", TEXT_DIR, argv[1], textfile, textfile);
 
-  umask(18);
+  umask(022);
 
   /* if previous process is formatting same target text,
      wait for that process to finish formatting. */
@@ -91,7 +90,7 @@
     /* format a text - fork and exec the processes so we can drop privileges */
     switch( fork() ) {
       case -1:          /* Error */
-	perror(fork);
+	perror("fork");
 	exit(1);
 	break;
       case 0:           /* Child */
@@ -100,9 +99,13 @@
 
 	/* Drop group privileges */
 	pw = getpwuid(getuid());
+    if(!pw){
+        fprintf(stderr, "You don't exist..go away\n");
+        exit(EXIT_FAILURE);
+    }
 	setgid(pw->pw_gid);
 
-	sprintf(command, "%s -v '^[ \t]*$' %s | %s 's/\\([.?!;]\\) *$/\\1/' | %s 's/^  *\\(.*\\)$/\\1/' > %s",
+	snprintf(command, sizeof(command), "%s -v '^[ \t]*$' %s | %s 's/\\([.?!;]\\) *$/\\1/' | %s 's/^  *\\(.*\\)$/\\1/' > %s"
 		GREP, textfile, SED, SED, tmpfname);
 	system(command);
 	break;
@@ -111,15 +114,23 @@
     }
 
     tmpfd = fopen(tmpfname, "r");
+    if(!tmpfd){
+        perror("fopen");
+        exit(EXIT_FAILURE);
+    }
     fd = fopen(formattedfile, "w");
+    if(!fd){
+        perror("fopen");
+        exit(EXIT_FAILURE);
+    }
 
-    while(fgets(line, 1024, tmpfd))
+    while(fgets(line, sizeof(line), tmpfd))
       fputs(line, fd);
 
     fclose(tmpfd);
     fclose(fd);
     unlink(tmpfname);
-
+    free(line);
     /* release lock */
     unlink(lockfile);
     return 0;
--- /home/nion/build/trr19-1.0beta5/trr_update.c	1996-07-03 06:52:08.000000000 +0200
+++ trr_update.c	2006-12-29 19:05:35.000000000 +0100
@@ -21,6 +21,7 @@
 #include <stdlib.h>
 #include <signal.h>
 #include <errno.h>
+#include <limits.h>
 
 #if defined(HAVE_STRING_H)
 #include <string.h>
@@ -45,10 +46,10 @@
 #endif /* HAVE_FCNTL_H */
 
 main(int argc, char **argv){
-  char scorefile[256], lockfile[256], datestr[64];
-  char line[256], savedline[256];
-  const char *user, *scores, *step, *times, *ttime, *token;
-  FILE *fd, *tmpf;
+  char scorefile[_POSIX_PATH_MAX], lockfile[_POSIX_PATH_MAX], datestr[64];
+  char line[_POSIX_PATH_MAX], savedline[_POSIX_PATH_MAX];
+  const char *user=NULL, *scores=NULL, *step=NULL, *times=NULL, *ttime=NULL, *token=NULL;
+  FILE *fd=NULL, *tmpf=NULL;
   int score, tmpscore, i, myself, inserted;
   long datev;
 
@@ -58,25 +59,34 @@
   signal(SIGQUIT, SIG_IGN);
   signal(SIGTERM, SIG_IGN);
 
-  umask(18);
-  strcpy(scorefile, RECORD_DIR);
+  snprintf(lockfile, sizeof(lockfile), "%s.lock", scorefile);
 
-  /* create a new record file */
-  if (argc == 2){
-    strcat(scorefile, argv[1]);
+  if (argc<2) {
+       fprintf(stderr,"too few arguments\n");
+       exit(EXIT_FAILURE);
+  }
 
-    if ((fd = fopen(scorefile, "w")) == NULL){
-      perror(scorefile);
-      exit(1);
-    } else
+  umask(022);
+  snprintf(scorefile, sizeof(scorefile), RECORD_DIR "%s", argv[1]);
+
+   /* create a new record file */
+   if (argc == 2){
+
+     if ((fd = fopen(scorefile, "w")) == NULL){
+       perror(scorefile);
+       exit(1);
+     } else
       fclose(fd);
-    exit(0);
+      exit(0);
   }
 
-  /* upfate high score file */
-  strcat(scorefile, argv[1]);
-  strcpy(lockfile, scorefile);
-  strcat(lockfile, ".lock");
+   /* upate high score file */
+  snprintf(lockfile,sizeof(lockfile),"%s.lock",scorefile);
+
+  if(argc < 7){
+      fprintf(stderr, "not enough arguments given..\n");
+      exit(EXIT_FAILURE);
+  }
   user = argv[2];
   scores = argv[3];
   score = atoi(argv[3]);
@@ -85,7 +95,7 @@
   ttime = argv[6];
 
   time(&datev);
-  strftime(datestr, 63, "%y.%m.%d, %H:%M", localtime(&datev));
+  strftime(datestr, sizeof(datestr), "%y.%m.%d, %H:%M", localtime(&datev));
 
   /* lock */
   i = 0;
@@ -110,13 +120,17 @@
   inserted = 0;
 
   /* sorting ... */
-  while (fgets(line, 256, fd)){
+  while (fgets(line, sizeof(line), fd)){
     myself = 0;
-    strcpy(savedline, line);
+    strncpy(savedline, sizeof(savedline), line);
     token = (char*)strtok(line, " \t");
-    if (! strcmp(user, token))
+    if (token && !strcmp(user, token))
       myself = 1;
     token = (char*)strtok(NULL, " \t");
+    if(!token) {
+        perror("strtok");
+        exit(EXIT_FAILURE);
+    }
     tmpscore = atoi(token);
     if ((! inserted) && (tmpscore <= score)){
       inserted = 1;
@@ -146,7 +160,7 @@
     unlink(lockfile);
     exit(1);
   }
-  while (fgets(line, 256, tmpf))
+  while (fgets(line, sizeof(line), tmpf))
     fputs(line, fd);
 
   fclose(tmpf);

Attachment: pgp8RetOl7rv9.pgp
Description: PGP signature


Reply to: