Search
j0ke.net Open Build Service
>
Projects
>
GFS
>
net-snmp
> net-snmp-5.3.0.1-audit.diff
Sign Up
|
Log In
Username
Password
Cancel
Overview
Repositories
Revisions
Requests
Users
Advanced
Attributes
Meta
File net-snmp-5.3.0.1-audit.diff of Package net-snmp (Revision 2)
Currently displaying revision
2
,
show latest
Index: agent/mibgroup/examples/ucdDemoPublic.c =================================================================== --- agent/mibgroup/examples/ucdDemoPublic.c.orig +++ agent/mibgroup/examples/ucdDemoPublic.c @@ -219,7 +219,11 @@ } if (action == COMMIT) { if (var_val_len != 0) { - strcpy(publicString, var_val); + strncpy(publicString, var_val, sizeof(publicString)-1); + /* XXX thomas: just some sanity checks */ + if(strlen(var_val) > sizeof(publicString)-1 || strlen(var_val) != var_val_len) + publicString[sizeof(publicString)-1] = '\0'; + else publicString[var_val_len] = '\0'; } else publicString[0] = '\0'; Index: agent/mibgroup/mibII/system_mib.c =================================================================== --- agent/mibgroup/mibII/system_mib.c.orig +++ agent/mibgroup/mibII/system_mib.c @@ -126,7 +126,7 @@ char tmpbuf[1024]; if (strlen(cptr) >= sizeof(sysLocation)) { - snprintf(tmpbuf, 1024, + snprintf(tmpbuf, sizeof(tmpbuf), "syslocation token too long (must be < %lu):\n\t%s", (unsigned long)sizeof(sysLocation), cptr); config_perror(tmpbuf); @@ -173,7 +173,7 @@ char tmpbuf[1024]; if (strlen(cptr) >= sizeof(sysContact)) { - snprintf(tmpbuf, 1024, + snprintf(tmpbuf, sizeof(tmpbuf), "syscontact token too long (must be < %lu):\n\t%s", (unsigned long)sizeof(sysContact), cptr); config_perror(tmpbuf); @@ -220,7 +220,7 @@ char tmpbuf[1024]; if (strlen(cptr) >= sizeof(sysName)) { - snprintf(tmpbuf, 1024, + snprintf(tmpbuf, sizeof(tmpbuf), "sysname token too long (must be < %lu):\n\t%s", (unsigned long)sizeof(sysName), cptr); config_perror(tmpbuf); Index: agent/mibgroup/mibII/var_route.c =================================================================== --- agent/mibgroup/mibII/var_route.c.orig +++ agent/mibgroup/mibII/var_route.c @@ -1328,7 +1328,7 @@ /* * Sort it! */ - qsort((char *) rthead, rtsize, sizeof(rthead[0]), qsort_compare); + qsort((char *) rthead, rtsize, sizeof(rthead[0]), (int (*) (const void*, const void*)) qsort_compare); } #endif #endif Index: agent/mibgroup/util_funcs.c =================================================================== --- agent/mibgroup/util_funcs.c.orig +++ agent/mibgroup/util_funcs.c @@ -139,6 +139,10 @@ } #endif if (fd >= 0) { + if(fchmod(fd, 0600) != 0) { + close(fd); + return NULL; + } close(fd); DEBUGMSGTL(("make_tempfile", "temp file created: %s\n", name)); return name; Index: agent/auto_nlist.c =================================================================== --- agent/auto_nlist.c.orig +++ agent/auto_nlist.c @@ -64,6 +64,7 @@ it->nl[0].n_name = (char *) malloc(strlen(string) + 2); #ifdef aix4 strcpy(it->nl[0].n_name, string); + it->nl[0].n_name[strlen(string)+1] = '\0'; #else sprintf(it->nl[0].n_name, "_%s", string); #endif @@ -72,6 +73,7 @@ #ifndef aix4 if (it->nl[0].n_type == 0) { strcpy(it->nl[0].n_name, string); + it->nl[0].n_name[strlen(string)+1] = '\0'; init_nlist(it->nl); } #endif Index: agent/snmp_agent.c =================================================================== --- agent/snmp_agent.c.orig +++ agent/snmp_agent.c @@ -1169,9 +1169,9 @@ * No, so just specify the default port. */ if (netsnmp_ds_get_int(NETSNMP_DS_APPLICATION_ID, NETSNMP_DS_AGENT_FLAGS) & SNMP_FLAGS_STREAM_SOCKET) { - sprintf(buf, "tcp:%d", SNMP_PORT); + snprintf(buf, sizeof(buf), "tcp:%d", SNMP_PORT); } else { - sprintf(buf, "udp:%d", SNMP_PORT); + snprintf(buf, sizeof(buf), "udp:%d", SNMP_PORT); } } Index: apps/snmptest.c =================================================================== --- apps/snmptest.c.orig +++ apps/snmptest.c @@ -456,6 +456,7 @@ goto getValue; } memcpy(vp->val.string, buf, strlen(buf) - 1); + vp->val.string[sizeof(vp->val.string)-1] = 0; vp->val_len = strlen(buf) - 1; } else if (ch == 'x') { size_t buf_len = 256; Index: apps/snmptrapd_handlers.c =================================================================== --- apps/snmptrapd_handlers.c.orig +++ apps/snmptrapd_handlers.c @@ -24,6 +24,9 @@ #include <sys/wait.h> #endif +#include <sys/stat.h> +#include <fcntl.h> + #include <net-snmp/config_api.h> #include <net-snmp/output_api.h> #include <net-snmp/mib_api.h> @@ -788,10 +791,11 @@ #else char command_buf[128]; char file_buf[L_tmpnam]; + int win_fd; tmpnam(file_buf); - file = fopen(file_buf, "w"); - if (!file) { + win_fd = open(file_buf, O_RDWR | O_CREAT | O_EXCL, 0600); + if (win_fd < 0 || (file = fdopen(win_fd, "w")) == NULL) fprintf(stderr, "fopen: %s: %s\n", file_buf, strerror(errno)); } else { send_handler_data(file, host, pdu, transport); Index: snmplib/parse.c =================================================================== --- snmplib/parse.c.orig +++ snmplib/parse.c @@ -4161,7 +4161,7 @@ parse(FILE * fp, struct node *root) { char token[MAXTOKEN]; - char name[MAXTOKEN]; + char name[MAXTOKEN+1]; int type = LABEL; int lasttype = LABEL; @@ -4253,7 +4253,8 @@ case ENDOFFILE: continue; default: - strcpy(name, token); + strncpy(name, token, sizeof(name)); + name[sizeof(name)-1] = '\0'; type = get_token(fp, token, MAXTOKEN); nnp = NULL; if (type == MACRO) { @@ -4270,7 +4271,8 @@ print_error(name, "is a reserved word", lasttype); continue; /* see if we can parse the rest of the file */ } - strcpy(name, token); + strncpy(name, token, sizeof(name)); + name[sizeof(name)-1] = '\0'; type = get_token(fp, token, MAXTOKEN); nnp = NULL; Index: snmplib/tools.c =================================================================== --- snmplib/tools.c.orig +++ snmplib/tools.c @@ -695,7 +695,7 @@ /* * s += snprintf(s, remaining_len+3, "\"%s\"", esp); */ - s += sprintf(s, "\"%s\"", esp); + s += sprintf(s, "\"%.*s\"", sizeof(buf)-strlen(buf)-3, esp); goto dump_snmpEngineID_quit; break; /*NOTREACHED*/ case 5: /* Octets. */ Index: testing/TESTCONF.sh =================================================================== --- testing/TESTCONF.sh.orig +++ testing/TESTCONF.sh @@ -77,8 +77,8 @@ fi SNMP_TMP_PERSISTENTDIR=$SNMP_TMPDIR/persist export SNMP_TMP_PERSISTENTDIR - mkdir $SNMP_TMPDIR - mkdir $SNMP_TMP_PERSISTENTDIR + mkdir -m 0700 $SNMP_TMPDIR + mkdir -m 0700 $SNMP_TMP_PERSISTENTDIR fi if [ "x$SNMP_SAVE_TMPDIR" = "x" ]; then Index: testing/eval_suite.sh =================================================================== --- testing/eval_suite.sh.orig +++ testing/eval_suite.sh @@ -79,7 +79,11 @@ PROGRAM= ARGUMENTS="$*" -TMPFILE=/tmp/eval_suite.sh$$ +umask 0077 # just to be on the save side +TMPDIR=/tmp/ucd-snmpd-eval-dir.$$ +/bin/rm -rf $TMPDIR +/bin/mkdir -m 0700 $TMPDIR || exit -1 +TMPFILE=$TMPDIR/eval_suite.sh$$ TESTLISTFILE=eval_testlist @@ -205,6 +209,7 @@ # Cleanup, exit. # rm -f $TMPFILE +rm -rf $TMPDIR exit $TESTFAILURE