|
| 1 | +From e3ce6864f6ac66c69d46f0ba6f6f0c2ca32838dd Mon Sep 17 00:00:00 2001 |
| 2 | +From: Vladislav Nepogodin < [email protected]> |
| 3 | +Date: Mon, 22 Jan 2024 01:54:36 +0400 |
| 4 | +Subject: [PATCH] use snprintf instead of sprintf |
| 5 | + |
| 6 | +sprintf does not check for buffer overflows (CWE-120) |
| 7 | +--- |
| 8 | + lib/libalpm/alpm.c | 5 +++-- |
| 9 | + lib/libalpm/be_local.c | 4 ++-- |
| 10 | + lib/libalpm/be_sync.c | 2 +- |
| 11 | + lib/libalpm/conflict.c | 5 +++-- |
| 12 | + lib/libalpm/db.c | 4 ++-- |
| 13 | + lib/libalpm/signing.c | 6 +++--- |
| 14 | + lib/libalpm/sync.c | 6 ++++-- |
| 15 | + lib/libalpm/trans.c | 2 +- |
| 16 | + src/pacman/callback.c | 2 +- |
| 17 | + src/pacman/query.c | 2 +- |
| 18 | + 11 files changed, 22 insertions(+), 18 deletions(-) |
| 19 | + |
| 20 | +diff --git a/lib/libalpm/alpm.c b/lib/libalpm/alpm.c |
| 21 | +index fe151d0e1..95bc223b5 100644 |
| 22 | +--- a/lib/libalpm/alpm.c |
| 23 | ++++ b/lib/libalpm/alpm.c |
| 24 | +@@ -54,8 +54,9 @@ alpm_handle_t SYMEXPORT *alpm_initialize(const char *root, const char *dbpath, |
| 25 | + /* to concatenate myhandle->root (ends with a slash) with SYSHOOKDIR (starts |
| 26 | + * with a slash) correctly, we skip SYSHOOKDIR[0]; the regular +1 therefore |
| 27 | + * disappears from the allocation */ |
| 28 | +- MALLOC(hookdir, strlen(myhandle->root) + strlen(SYSHOOKDIR), goto nomem); |
| 29 | +- sprintf(hookdir, "%s%s", myhandle->root, &SYSHOOKDIR[1]); |
| 30 | ++ size_t len = strlen(myhandle->root) + strlen(SYSHOOKDIR); |
| 31 | ++ MALLOC(hookdir, len, goto nomem); |
| 32 | ++ snprintf(hookdir, len, "%s%s", myhandle->root, &SYSHOOKDIR[1]); |
| 33 | + myhandle->hookdirs = alpm_list_add(NULL, hookdir); |
| 34 | + |
| 35 | + /* set default database extension */ |
| 36 | +diff --git a/lib/libalpm/be_local.c b/lib/libalpm/be_local.c |
| 37 | +index e117b69df..1a149b224 100644 |
| 38 | +--- a/lib/libalpm/be_local.c |
| 39 | ++++ b/lib/libalpm/be_local.c |
| 40 | +@@ -663,7 +663,7 @@ char *_alpm_local_db_pkgpath(alpm_db_t *db, alpm_pkg_t *info, |
| 41 | + len = strlen(dbpath) + strlen(info->name) + strlen(info->version) + 3; |
| 42 | + len += filename ? strlen(filename) : 0; |
| 43 | + MALLOC(pkgpath, len, RET_ERR(db->handle, ALPM_ERR_MEMORY, NULL)); |
| 44 | +- sprintf(pkgpath, "%s%s-%s/%s", dbpath, info->name, info->version, |
| 45 | ++ snprintf(pkgpath, len, "%s%s-%s/%s", dbpath, info->name, info->version, |
| 46 | + filename ? filename : ""); |
| 47 | + return pkgpath; |
| 48 | + } |
| 49 | +@@ -1145,7 +1145,7 @@ int _alpm_local_db_remove(alpm_db_t *db, alpm_pkg_t *info) |
| 50 | + /* file path is too long to remove, hmm. */ |
| 51 | + ret = -1; |
| 52 | + } else { |
| 53 | +- sprintf(name, "%s/%s", pkgpath, dp->d_name); |
| 54 | ++ snprintf(name, PATH_MAX, "%s/%s", pkgpath, dp->d_name); |
| 55 | + if(unlink(name)) { |
| 56 | + ret = -1; |
| 57 | + } |
| 58 | +diff --git a/lib/libalpm/be_sync.c b/lib/libalpm/be_sync.c |
| 59 | +index 81676be96..262b5410e 100644 |
| 60 | +--- a/lib/libalpm/be_sync.c |
| 61 | ++++ b/lib/libalpm/be_sync.c |
| 62 | +@@ -48,7 +48,7 @@ static char *get_sync_dir(alpm_handle_t *handle) |
| 63 | + struct stat buf; |
| 64 | + |
| 65 | + MALLOC(syncpath, len, RET_ERR(handle, ALPM_ERR_MEMORY, NULL)); |
| 66 | +- sprintf(syncpath, "%s%s", handle->dbpath, "sync/"); |
| 67 | ++ snprintf(syncpath, len, "%s%s", handle->dbpath, "sync/"); |
| 68 | + |
| 69 | + if(stat(syncpath, &buf) != 0) { |
| 70 | + _alpm_log(handle, ALPM_LOG_DEBUG, "database dir '%s' does not exist, creating it\n", |
| 71 | +diff --git a/lib/libalpm/conflict.c b/lib/libalpm/conflict.c |
| 72 | +index d1e64e756..bd25226cd 100644 |
| 73 | +--- a/lib/libalpm/conflict.c |
| 74 | ++++ b/lib/libalpm/conflict.c |
| 75 | +@@ -612,8 +612,9 @@ alpm_list_t *_alpm_db_find_fileconflicts(alpm_handle_t *handle, |
| 76 | + /* check if all files of the dir belong to the installed pkg */ |
| 77 | + if(!resolved_conflict && S_ISDIR(lsbuf.st_mode)) { |
| 78 | + alpm_list_t *owners; |
| 79 | +- char *dir = malloc(strlen(relative_path) + 2); |
| 80 | +- sprintf(dir, "%s/", relative_path); |
| 81 | ++ size_t dir_len = strlen(relative_path) + 2; |
| 82 | ++ char *dir = malloc(dir_len); |
| 83 | ++ snprintf(dir, dir_len, "%s/", relative_path); |
| 84 | + |
| 85 | + owners = alpm_db_find_file_owners(handle->db_local, dir); |
| 86 | + if(owners) { |
| 87 | +diff --git a/lib/libalpm/db.c b/lib/libalpm/db.c |
| 88 | +index 82b552153..d75a6dfb2 100644 |
| 89 | +--- a/lib/libalpm/db.c |
| 90 | ++++ b/lib/libalpm/db.c |
| 91 | +@@ -417,14 +417,14 @@ const char *_alpm_db_path(alpm_db_t *db) |
| 92 | + if(db->status & DB_STATUS_LOCAL) { |
| 93 | + pathsize = strlen(dbpath) + strlen(db->treename) + 2; |
| 94 | + CALLOC(db->_path, 1, pathsize, RET_ERR(db->handle, ALPM_ERR_MEMORY, NULL)); |
| 95 | +- sprintf(db->_path, "%s%s/", dbpath, db->treename); |
| 96 | ++ snprintf(db->_path, pathsize, "%s%s/", dbpath, db->treename); |
| 97 | + } else { |
| 98 | + const char *dbext = db->handle->dbext; |
| 99 | + |
| 100 | + pathsize = strlen(dbpath) + 5 + strlen(db->treename) + strlen(dbext) + 1; |
| 101 | + CALLOC(db->_path, 1, pathsize, RET_ERR(db->handle, ALPM_ERR_MEMORY, NULL)); |
| 102 | + /* all sync DBs now reside in the sync/ subdir of the dbpath */ |
| 103 | +- sprintf(db->_path, "%ssync/%s%s", dbpath, db->treename, dbext); |
| 104 | ++ snprintf(db->_path, pathsize, "%ssync/%s%s", dbpath, db->treename, dbext); |
| 105 | + } |
| 106 | + _alpm_log(db->handle, ALPM_LOG_DEBUG, "database path for tree %s set to %s\n", |
| 107 | + db->treename, db->_path); |
| 108 | +diff --git a/lib/libalpm/signing.c b/lib/libalpm/signing.c |
| 109 | +index 8a7fd87c6..02604c2b5 100644 |
| 110 | +--- a/lib/libalpm/signing.c |
| 111 | ++++ b/lib/libalpm/signing.c |
| 112 | +@@ -316,7 +316,7 @@ static int key_search_keyserver(alpm_handle_t *handle, const char *fpr, |
| 113 | + * key fingerprint with 0x, or the lookup will fail. */ |
| 114 | + fpr_len = strlen(fpr); |
| 115 | + MALLOC(full_fpr, fpr_len + 3, RET_ERR(handle, ALPM_ERR_MEMORY, -1)); |
| 116 | +- sprintf(full_fpr, "0x%s", fpr); |
| 117 | ++ snprintf(full_fpr, fpr_len + 3, "0x%s", fpr); |
| 118 | + |
| 119 | + gpg_err = gpgme_new(&ctx); |
| 120 | + CHECK_ERR(); |
| 121 | +@@ -816,7 +816,7 @@ char *_alpm_sigpath(alpm_handle_t *handle, const char *path) |
| 122 | + } |
| 123 | + len = strlen(path) + 5; |
| 124 | + CALLOC(sigpath, len, sizeof(char), RET_ERR(handle, ALPM_ERR_MEMORY, NULL)); |
| 125 | +- sprintf(sigpath, "%s.sig", path); |
| 126 | ++ snprintf(sigpath, len, "%s.sig", path); |
| 127 | + return sigpath; |
| 128 | + } |
| 129 | + |
| 130 | +@@ -1085,7 +1085,7 @@ static int parse_subpacket(alpm_handle_t *handle, const char *identifier, |
| 131 | + return -1; |
| 132 | + } |
| 133 | + for (i = 0; i < 8; i++) { |
| 134 | +- sprintf(&key[i * 2], "%02X", sig[spos + i + 1]); |
| 135 | ++ snprintf(&key[i * 2], 3, "%02X", sig[spos + i + 1]); |
| 136 | + } |
| 137 | + *keys = alpm_list_add(*keys, strdup(key)); |
| 138 | + break; |
| 139 | +diff --git a/lib/libalpm/sync.c b/lib/libalpm/sync.c |
| 140 | +index cf436a848..6d1128d7b 100644 |
| 141 | +--- a/lib/libalpm/sync.c |
| 142 | ++++ b/lib/libalpm/sync.c |
| 143 | +@@ -314,6 +314,7 @@ static int compute_download_size(alpm_pkg_t *newpkg) |
| 144 | + off_t size = 0; |
| 145 | + alpm_handle_t *handle = newpkg->handle; |
| 146 | + int ret = 0; |
| 147 | ++ size_t fnamepartlen = 0; |
| 148 | + |
| 149 | + if(newpkg->origin != ALPM_PKG_FROM_SYNCDB) { |
| 150 | + newpkg->infolevel |= INFRQ_DSIZE; |
| 151 | +@@ -331,8 +332,9 @@ static int compute_download_size(alpm_pkg_t *newpkg) |
| 152 | + goto finish; |
| 153 | + } |
| 154 | + |
| 155 | +- CALLOC(fnamepart, strlen(fname) + 6, sizeof(char), return -1); |
| 156 | +- sprintf(fnamepart, "%s.part", fname); |
| 157 | ++ fnamepartlen = strlen(fname) + 6; |
| 158 | ++ CALLOC(fnamepart, fnamepartlen, sizeof(char), return -1); |
| 159 | ++ snprintf(fnamepart, fnamepartlen, "%s.part", fname); |
| 160 | + fpath = _alpm_filecache_find(handle, fnamepart); |
| 161 | + if(fpath) { |
| 162 | + struct stat st; |
| 163 | +diff --git a/lib/libalpm/trans.c b/lib/libalpm/trans.c |
| 164 | +index 7048a059e..8800177e5 100644 |
| 165 | +--- a/lib/libalpm/trans.c |
| 166 | ++++ b/lib/libalpm/trans.c |
| 167 | +@@ -99,7 +99,7 @@ static alpm_list_t *check_arch(alpm_handle_t *handle, alpm_list_t *pkgs) |
| 168 | + const char *pkgver = pkg->version; |
| 169 | + size_t len = strlen(pkgname) + strlen(pkgver) + strlen(pkgarch) + 3; |
| 170 | + MALLOC(string, len, RET_ERR(handle, ALPM_ERR_MEMORY, invalid)); |
| 171 | +- sprintf(string, "%s-%s-%s", pkgname, pkgver, pkgarch); |
| 172 | ++ snprintf(string, len, "%s-%s-%s", pkgname, pkgver, pkgarch); |
| 173 | + invalid = alpm_list_add(invalid, string); |
| 174 | + } |
| 175 | + } |
| 176 | +diff --git a/src/pacman/callback.c b/src/pacman/callback.c |
| 177 | +index 84a587aa0..f8766ef29 100644 |
| 178 | +--- a/src/pacman/callback.c |
| 179 | ++++ b/src/pacman/callback.c |
| 180 | +@@ -801,7 +801,7 @@ static void draw_pacman_progress_bar(struct pacman_progress_bar *bar) |
| 181 | + // fname + digits + ( /) + \0 |
| 182 | + size_t needed = strlen(fname) + (digits * 2) + 4 + 1; |
| 183 | + char *name = malloc(needed); |
| 184 | +- sprintf(name, "%s (%*zu/%*zu)", fname, digits, bar->downloaded, digits, bar->howmany); |
| 185 | ++ snprintf(name, needed, "%s (%*zu/%*zu)", fname, digits, bar->downloaded, digits, bar->howmany); |
| 186 | + free(fname); |
| 187 | + fname = name; |
| 188 | + } |
| 189 | +diff --git a/src/pacman/query.c b/src/pacman/query.c |
| 190 | +index d75c4c801..2790465ec 100644 |
| 191 | +--- a/src/pacman/query.c |
| 192 | ++++ b/src/pacman/query.c |
| 193 | +@@ -66,7 +66,7 @@ static int search_path(char **filename, struct stat *bufptr) |
| 194 | + free(envpath); |
| 195 | + return -1; |
| 196 | + } |
| 197 | +- sprintf(fullname, "%s/%s", path, *filename); |
| 198 | ++ snprintf(fullname, plen + flen + 2, "%s/%s", path, *filename); |
| 199 | + |
| 200 | + if(lstat(fullname, bufptr) == 0) { |
| 201 | + free(*filename); |
| 202 | +-- |
| 203 | +GitLab |
| 204 | + |
0 commit comments