Skip to content

Commit

Permalink
Fix: Use source size copying strings with memcpy
Browse files Browse the repository at this point in the history
  • Loading branch information
timopollmeier authored and nichtsfrei committed Mar 21, 2023
1 parent 2da57b3 commit 297cee3
Show file tree
Hide file tree
Showing 5 changed files with 29 additions and 9 deletions.
5 changes: 4 additions & 1 deletion base/networking.c
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,9 @@ gvm_source_iface_init (const char *iface)
if (iface == NULL)
return ret;

if (strlen (iface) >= sizeof (global_source_iface))
return ret;

if (getifaddrs (&ifaddr) == -1)
return ret;

Expand Down Expand Up @@ -111,7 +114,7 @@ gvm_source_iface_init (const char *iface)

/* At least one address for the interface was found. */
if (ret == 0)
memcpy (global_source_iface, iface, sizeof (global_source_iface) - 1);
memcpy (global_source_iface, iface, strlen (iface));

freeifaddrs (ifaddr);
return ret;
Expand Down
7 changes: 2 additions & 5 deletions base/prefs.c
Original file line number Diff line number Diff line change
Expand Up @@ -170,14 +170,11 @@ void
prefs_config (const char *config)
{
settings_iterator_t settings;
char buffer[2048];

if (!global_prefs)
prefs_init ();

memset (buffer, 0, sizeof (buffer));
memcpy (buffer, config, sizeof (buffer) - 1);
if (!init_settings_iterator_from_file (&settings, buffer, "Misc"))
if (!init_settings_iterator_from_file (&settings, config, "Misc"))
{
while (settings_iterator_next (&settings))
prefs_set (settings_iterator_name (&settings),
Expand All @@ -186,7 +183,7 @@ prefs_config (const char *config)
cleanup_settings_iterator (&settings);
}

prefs_set ("config_file", buffer);
prefs_set ("config_file", config);
}

/**
Expand Down
2 changes: 1 addition & 1 deletion base/proctitle.c
Original file line number Diff line number Diff line change
Expand Up @@ -129,7 +129,7 @@ proctitle_set_args (const char *new_title, va_list args)
formatted = g_strdup_vprintf (new_title, args);

tmp = strlen (formatted);
if (tmp > max_prog_name)
if (tmp >= max_prog_name)
{
formatted[max_prog_name] = '\0';
tmp = max_prog_name;
Expand Down
9 changes: 8 additions & 1 deletion osp/osp.c
Original file line number Diff line number Diff line change
Expand Up @@ -143,6 +143,13 @@ osp_connection_new (const char *host, int port, const char *cacert,
struct sockaddr_un addr;
int len;

if (strlen (host) >= sizeof (addr.sun_path))
{
g_warning ("%s: given host / socket path too long (%lu > %lu bytes)",
__func__, strlen (host), sizeof (addr.sun_path) - 1);
return NULL;
}

connection = g_malloc0 (sizeof (*connection));
connection->socket = socket (AF_UNIX, SOCK_STREAM, 0);
if (connection->socket == -1)
Expand All @@ -153,7 +160,7 @@ osp_connection_new (const char *host, int port, const char *cacert,

addr.sun_family = AF_UNIX;
memset (addr.sun_path, 0, sizeof (addr.sun_path));
memcpy (addr.sun_path, host, sizeof (addr.sun_path) - 1);
memcpy (addr.sun_path, host, strlen (host));
len = strlen (addr.sun_path) + sizeof (addr.sun_family);
if (connect (connection->socket, (struct sockaddr *) &addr, len) == -1)
{
Expand Down
15 changes: 14 additions & 1 deletion util/passwordbasedauthentication.c
Original file line number Diff line number Diff line change
Expand Up @@ -231,16 +231,28 @@ pba_verify_hash (const struct PBASettings *setting, const char *hash,
struct crypt_data *data = NULL;
int i = 0;
enum pba_rc result = ERR;

char *invalid_hash = calloc (1, CRYPT_OUTPUT_SIZE);
memset (invalid_hash, 0, CRYPT_OUTPUT_SIZE);
memcpy (invalid_hash, INVALID_HASH, strlen (INVALID_HASH));

if (!setting)
goto exit;
if (!is_prefix_supported (setting->prefix))
goto exit;
if (pba_is_phc_compliant (hash) != 0)
{
int hash_size;
hash_size = hash ? strlen (hash) : strlen (invalid_hash);

data = calloc (1, sizeof (struct crypt_data));
// manipulate hash to reapply pepper
tmp = calloc (1, CRYPT_OUTPUT_SIZE);
memcpy (tmp, hash ? hash : INVALID_HASH, CRYPT_OUTPUT_SIZE);

memset (tmp, 0, CRYPT_OUTPUT_SIZE);
memcpy (tmp, hash ? hash : invalid_hash,
(hash_size < CRYPT_OUTPUT_SIZE) ? hash_size
: CRYPT_OUTPUT_SIZE - 1);
cmp = strrchr (tmp, '$');
for (i = MAX_PEPPER_SIZE - 1; i > -1; i--)
{
Expand Down Expand Up @@ -273,6 +285,7 @@ pba_verify_hash (const struct PBASettings *setting, const char *hash,
result = INVALID;
}
exit:
free (invalid_hash);
if (data != NULL)
free (data);
if (tmp != NULL)
Expand Down

0 comments on commit 297cee3

Please sign in to comment.