[packages/autofs.git] / autofs-5.0.4-make-MAX_ERR_BUF-and-PARSE_MAX_BUF-use-easier-to-audit.patch

autofs-5.0.4 - make MAX_ERR_BUF and PARSE_MAX_BUF use easier to audit

From: Valerie Aurora Henson <vaurora@redhat.com>

Non-critical changes to make auditing buffer lengths easier.

* Some buffers were the wrong (too big) size, some were used twice for
  different purposes.
* Use sizeof(buf) instead of repeating the *MAX* define in functions
  that need to know the size of a statically allocated buffer.
* Fix a compiler warning about discarding the const on a string.
---

 CHANGELOG             |    1 +
 modules/lookup_ldap.c |   51 ++++++++++++++++++++++---------------------------
 2 files changed, 24 insertions(+), 28 deletions(-)


diff --git a/CHANGELOG b/CHANGELOG
index afd1335..417a001 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -15,6 +15,7 @@
 - add "forcestart" and "forcerestart" init script options to allow
   use of 5.0.3 strartup behavior if required.
 - always read entire file map into cache to speed lookups.
+- make MAX_ERR_BUF and PARSE_MAX_BUF use easier to audit.
 
 4/11/2008 autofs-5.0.4
 -----------------------
diff --git a/modules/lookup_ldap.c b/modules/lookup_ldap.c
index bee97ae..d8a60d3 100644
--- a/modules/lookup_ldap.c
+++ b/modules/lookup_ldap.c
@@ -272,7 +272,7 @@ LDAP *init_ldap_connection(unsigned logopt, const char *uri, struct lookup_conte
 
 static int get_query_dn(unsigned logopt, LDAP *ldap, struct lookup_context *ctxt, const char *class, const char *key)
 {
-	char buf[PARSE_MAX_BUF];
+	char buf[MAX_ERR_BUF];
 	char *query, *dn, *qdn;
 	LDAPMessage *result, *e;
 	struct ldap_searchdn *sdns = NULL;
@@ -296,7 +296,7 @@ static int get_query_dn(unsigned logopt, LDAP *ldap, struct lookup_context *ctxt
 
 	query = alloca(l);
 	if (query == NULL) {
-		char *estr = strerror_r(errno, buf, MAX_ERR_BUF);
+		char *estr = strerror_r(errno, buf, sizeof(buf));
 		crit(logopt, MODPREFIX "alloca: %s", estr);
 		return NSS_STATUS_UNAVAIL;
 	}
@@ -1082,7 +1082,7 @@ static int parse_server_string(unsigned logopt, const char *url, struct lookup_c
 			}
 			if (!tmp) {
 				char *estr;
-				estr = strerror_r(errno, buf, MAX_ERR_BUF);
+				estr = strerror_r(errno, buf, sizeof(buf));
 				logerr(MODPREFIX "malloc: %s", estr);
 				return 0;
 			}
@@ -1104,7 +1104,7 @@ static int parse_server_string(unsigned logopt, const char *url, struct lookup_c
 			tmp = malloc(l + 1);
 			if (!tmp) {
 				char *estr;
-				estr = strerror_r(errno, buf, MAX_ERR_BUF);
+				estr = strerror_r(errno, buf, sizeof(buf));
 				crit(logopt, MODPREFIX "malloc: %s", estr);
 				return 0;
 			}
@@ -1139,7 +1139,7 @@ static int parse_server_string(unsigned logopt, const char *url, struct lookup_c
 		/* Isolate the server's name. */
 		if (!tmp) {
 			char *estr;
-			estr = strerror_r(errno, buf, MAX_ERR_BUF);
+			estr = strerror_r(errno, buf, sizeof(buf));
 			logerr(MODPREFIX "malloc: %s", estr);
 			return 0;
 		}
@@ -1180,7 +1180,7 @@ static int parse_server_string(unsigned logopt, const char *url, struct lookup_c
 				ctxt->mapname = map;
 			else {
 				char *estr;
-				estr = strerror_r(errno, buf, MAX_ERR_BUF);
+				estr = strerror_r(errno, buf, sizeof(buf));
 				logerr(MODPREFIX "malloc: %s", estr);
 				if (ctxt->server)
 					free(ctxt->server);
@@ -1191,7 +1191,7 @@ static int parse_server_string(unsigned logopt, const char *url, struct lookup_c
 			base = malloc(l + 1);
 			if (!base) {
 				char *estr;
-				estr = strerror_r(errno, buf, MAX_ERR_BUF);
+				estr = strerror_r(errno, buf, sizeof(buf));
 				logerr(MODPREFIX "malloc: %s", estr);
 				if (ctxt->server)
 					free(ctxt->server);
@@ -1205,7 +1205,7 @@ static int parse_server_string(unsigned logopt, const char *url, struct lookup_c
 		char *map = malloc(l + 1);
 		if (!map) {
 			char *estr;
-			estr = strerror_r(errno, buf, MAX_ERR_BUF);
+			estr = strerror_r(errno, buf, sizeof(buf));
 			logerr(MODPREFIX "malloc: %s", estr);
 			if (ctxt->server)
 				free(ctxt->server);
@@ -1318,7 +1318,7 @@ int lookup_init(const char *mapfmt, int argc, const char *const *argv, void **co
 	/* If we can't build a context, bail. */
 	ctxt = malloc(sizeof(struct lookup_context));
 	if (!ctxt) {
-		char *estr = strerror_r(errno, buf, MAX_ERR_BUF);
+		char *estr = strerror_r(errno, buf, sizeof(buf));
 		logerr(MODPREFIX "malloc: %s", estr);
 		return 1;
 	}
@@ -1419,8 +1419,9 @@ int lookup_read_master(struct master *master, time_t age, void *context)
 	unsigned int timeout = master->default_timeout;
 	unsigned int logging = master->default_logging;
 	unsigned int logopt = master->logopt;
-	int rv, l, count, blen;
-	char buf[PARSE_MAX_BUF];
+	int rv, l, count;
+	char buf[MAX_ERR_BUF];
+	char parse_buf[PARSE_MAX_BUF];
 	char *query;
 	LDAPMessage *result, *e;
 	char *class, *info, *entry;
@@ -1442,7 +1443,7 @@ int lookup_read_master(struct master *master, time_t age, void *context)
 
 	query = alloca(l);
 	if (query == NULL) {
-		char *estr = strerror_r(errno, buf, MAX_ERR_BUF);
+		char *estr = strerror_r(errno, buf, sizeof(buf));
 		logerr(MODPREFIX "alloca: %s", estr);
 		return NSS_STATUS_UNAVAIL;
 	}
@@ -1532,19 +1533,13 @@ int lookup_read_master(struct master *master, time_t age, void *context)
 			goto next;
 		}
 
-		blen = strlen(*keyValue) + 1 + strlen(*values) + 2;
-		if (blen > PARSE_MAX_BUF) {
+		if (snprintf(parse_buf, sizeof(parse_buf), "%s %s",
+			     *keyValue, *values) >= sizeof(parse_buf)) {
 			error(logopt, MODPREFIX "map entry too long");
 			ldap_value_free(values);
 			goto next;
 		}
-		memset(buf, 0, PARSE_MAX_BUF);
-
-		strcpy(buf, *keyValue);
-		strcat(buf, " ");
-		strcat(buf, *values);
-
-		master_parse_entry(buf, timeout, logging, age);
+		master_parse_entry(parse_buf, timeout, logging, age);
 next:
 		ldap_value_free(keyValue);
 		e = ldap_next_entry(ldap, e);
@@ -1561,7 +1556,7 @@ static int get_percent_decoded_len(const char *name)
 {
 	int escapes = 0;
 	int escaped = 0;
-	char *tmp = name;
+	const char *tmp = name;
 	int look_for_close = 0;
 
 	while (*tmp) {
@@ -2060,7 +2055,7 @@ static int do_get_entries(struct ldap_search_params *sp, struct map_source *sour
 				mapent = malloc(v_len + 1);
 				if (!mapent) {
 					char *estr;
-					estr = strerror_r(errno, buf, MAX_ERR_BUF);
+					estr = strerror_r(errno, buf, sizeof(buf));
 					logerr(MODPREFIX "malloc: %s", estr);
 					ldap_value_free_len(bvValues);
 					goto next;
@@ -2080,7 +2075,7 @@ static int do_get_entries(struct ldap_search_params *sp, struct map_source *sour
 					mapent_len = new_size;
 				} else {
 					char *estr;
-					estr = strerror_r(errno, buf, MAX_ERR_BUF);
+					estr = strerror_r(errno, buf, sizeof(buf));
 					logerr(MODPREFIX "realloc: %s", estr);
 				}
 			}
@@ -2181,7 +2176,7 @@ static int read_one_map(struct autofs_point *ap,
 
 	sp.query = alloca(l);
 	if (sp.query == NULL) {
-		char *estr = strerror_r(errno, buf, MAX_ERR_BUF);
+		char *estr = strerror_r(errno, buf, sizeof(buf));
 		logerr(MODPREFIX "malloc: %s", estr);
 		return NSS_STATUS_UNAVAIL;
 	}
@@ -2335,7 +2330,7 @@ static int lookup_one(struct autofs_point *ap,
 
 	query = alloca(l);
 	if (query == NULL) {
-		char *estr = strerror_r(errno, buf, MAX_ERR_BUF);
+		char *estr = strerror_r(errno, buf, sizeof(buf));
 		crit(ap->logopt, MODPREFIX "malloc: %s", estr);
 		if (enc_len1) {
 			free(enc_key1);
@@ -2507,7 +2502,7 @@ static int lookup_one(struct autofs_point *ap,
 				mapent = malloc(v_len + 1);
 				if (!mapent) {
 					char *estr;
-					estr = strerror_r(errno, buf, MAX_ERR_BUF);
+					estr = strerror_r(errno, buf, sizeof(buf));
 					logerr(MODPREFIX "malloc: %s", estr);
 					ldap_value_free_len(bvValues);
 					goto next;
@@ -2527,7 +2522,7 @@ static int lookup_one(struct autofs_point *ap,
 					mapent_len = new_size;
 				} else {
 					char *estr;
-					estr = strerror_r(errno, buf, MAX_ERR_BUF);
+					estr = strerror_r(errno, buf, sizeof(buf));
 					logerr(MODPREFIX "realloc: %s", estr);
 				}
 			}
Commit	Line	Data
e5fd101c PS	1	autofs-5.0.4 - make MAX_ERR_BUF and PARSE_MAX_BUF use easier to audit
	2
	3	From: Valerie Aurora Henson <vaurora@redhat.com>
	4
	5	Non-critical changes to make auditing buffer lengths easier.
	6
	7	* Some buffers were the wrong (too big) size, some were used twice for
	8	different purposes.
	9	* Use sizeof(buf) instead of repeating the MAX define in functions
	10	that need to know the size of a statically allocated buffer.
	11	* Fix a compiler warning about discarding the const on a string.
	12	---
	13
	14	CHANGELOG \| 1 +
	15	modules/lookup_ldap.c \| 51 ++++++++++++++++++++++---------------------------
	16	2 files changed, 24 insertions(+), 28 deletions(-)
	17
	18
	19	diff --git a/CHANGELOG b/CHANGELOG
	20	index afd1335..417a001 100644
	21	--- a/CHANGELOG
	22	+++ b/CHANGELOG
	23	@@ -15,6 +15,7 @@
	24	- add "forcestart" and "forcerestart" init script options to allow
	25	use of 5.0.3 strartup behavior if required.
	26	- always read entire file map into cache to speed lookups.
	27	+- make MAX_ERR_BUF and PARSE_MAX_BUF use easier to audit.
	28
	29	4/11/2008 autofs-5.0.4
	30	-----------------------
	31	diff --git a/modules/lookup_ldap.c b/modules/lookup_ldap.c
	32	index bee97ae..d8a60d3 100644
	33	--- a/modules/lookup_ldap.c
	34	+++ b/modules/lookup_ldap.c
	35	@@ -272,7 +272,7 @@ LDAP init_ldap_connection(unsigned logopt, const char uri, struct lookup_conte
	36
	37	static int get_query_dn(unsigned logopt, LDAP ldap, struct lookup_context ctxt, const char class, const char key)
	38	{
	39	- char buf[PARSE_MAX_BUF];
	40	+ char buf[MAX_ERR_BUF];
	41	char query, dn, *qdn;
	42	LDAPMessage result, e;
	43	struct ldap_searchdn *sdns = NULL;
	44	@@ -296,7 +296,7 @@ static int get_query_dn(unsigned logopt, LDAP ldap, struct lookup_context ctxt
	45
	46	query = alloca(l);
	47	if (query == NULL) {
	48	- char *estr = strerror_r(errno, buf, MAX_ERR_BUF);
	49	+ char *estr = strerror_r(errno, buf, sizeof(buf));
	50	crit(logopt, MODPREFIX "alloca: %s", estr);
	51	return NSS_STATUS_UNAVAIL;
	52	}
	53	@@ -1082,7 +1082,7 @@ static int parse_server_string(unsigned logopt, const char *url, struct lookup_c
	54	}
	55	if (!tmp) {
	56	char *estr;
	57	- estr = strerror_r(errno, buf, MAX_ERR_BUF);
	58	+ estr = strerror_r(errno, buf, sizeof(buf));
	59	logerr(MODPREFIX "malloc: %s", estr);
	60	return 0;
	61	}
	62	@@ -1104,7 +1104,7 @@ static int parse_server_string(unsigned logopt, const char *url, struct lookup_c
	63	tmp = malloc(l + 1);
	64	if (!tmp) {
65	char *estr;
66	- estr = strerror_r(errno, buf, MAX_ERR_BUF);
67	+ estr = strerror_r(errno, buf, sizeof(buf));
68	crit(logopt, MODPREFIX "malloc: %s", estr);
69	return 0;
70	}
71	@@ -1139,7 +1139,7 @@ static int parse_server_string(unsigned logopt, const char *url, struct lookup_c
72	/* Isolate the server's name. */
73	if (!tmp) {
74	char *estr;
75	- estr = strerror_r(errno, buf, MAX_ERR_BUF);
76	+ estr = strerror_r(errno, buf, sizeof(buf));
77	logerr(MODPREFIX "malloc: %s", estr);
78	return 0;
79	}
80	@@ -1180,7 +1180,7 @@ static int parse_server_string(unsigned logopt, const char *url, struct lookup_c
81	ctxt->mapname = map;
82	else {
83	char *estr;
84	- estr = strerror_r(errno, buf, MAX_ERR_BUF);
85	+ estr = strerror_r(errno, buf, sizeof(buf));
86	logerr(MODPREFIX "malloc: %s", estr);
87	if (ctxt->server)
88	free(ctxt->server);
89	@@ -1191,7 +1191,7 @@ static int parse_server_string(unsigned logopt, const char *url, struct lookup_c
90	base = malloc(l + 1);
91	if (!base) {
92	char *estr;
93	- estr = strerror_r(errno, buf, MAX_ERR_BUF);
94	+ estr = strerror_r(errno, buf, sizeof(buf));
95	logerr(MODPREFIX "malloc: %s", estr);
96	if (ctxt->server)
97	free(ctxt->server);
98	@@ -1205,7 +1205,7 @@ static int parse_server_string(unsigned logopt, const char *url, struct lookup_c
99	char *map = malloc(l + 1);
100	if (!map) {
101	char *estr;
102	- estr = strerror_r(errno, buf, MAX_ERR_BUF);
103	+ estr = strerror_r(errno, buf, sizeof(buf));
104	logerr(MODPREFIX "malloc: %s", estr);
105	if (ctxt->server)
106	free(ctxt->server);
107	@@ -1318,7 +1318,7 @@ int lookup_init(const char mapfmt, int argc, const char const argv, void *co
108	/* If we can't build a context, bail. */
109	ctxt = malloc(sizeof(struct lookup_context));
110	if (!ctxt) {
111	- char *estr = strerror_r(errno, buf, MAX_ERR_BUF);
112	+ char *estr = strerror_r(errno, buf, sizeof(buf));
113	logerr(MODPREFIX "malloc: %s", estr);
114	return 1;
115	}
116	@@ -1419,8 +1419,9 @@ int lookup_read_master(struct master master, time_t age, void context)
117	unsigned int timeout = master->default_timeout;
118	unsigned int logging = master->default_logging;
119	unsigned int logopt = master->logopt;
120	- int rv, l, count, blen;
121	- char buf[PARSE_MAX_BUF];
122	+ int rv, l, count;
123	+ char buf[MAX_ERR_BUF];
124	+ char parse_buf[PARSE_MAX_BUF];
125	char *query;
126	LDAPMessage result, e;
127	char class, info, *entry;
128	@@ -1442,7 +1443,7 @@ int lookup_read_master(struct master master, time_t age, void context)
129
130	query = alloca(l);
131	if (query == NULL) {
132	- char *estr = strerror_r(errno, buf, MAX_ERR_BUF);
133	+ char *estr = strerror_r(errno, buf, sizeof(buf));
134	logerr(MODPREFIX "alloca: %s", estr);
135	return NSS_STATUS_UNAVAIL;
136	}
137	@@ -1532,19 +1533,13 @@ int lookup_read_master(struct master master, time_t age, void context)
138	goto next;
139	}
140
141	- blen = strlen(keyValue) + 1 + strlen(values) + 2;
142	- if (blen > PARSE_MAX_BUF) {
143	+ if (snprintf(parse_buf, sizeof(parse_buf), "%s %s",
144	+ keyValue, values) >= sizeof(parse_buf)) {
145	error(logopt, MODPREFIX "map entry too long");
146	ldap_value_free(values);
147	goto next;
148	}
149	- memset(buf, 0, PARSE_MAX_BUF);
150	-
151	- strcpy(buf, *keyValue);
152	- strcat(buf, " ");
153	- strcat(buf, *values);
154	-
155	- master_parse_entry(buf, timeout, logging, age);
156	+ master_parse_entry(parse_buf, timeout, logging, age);
157	next:
158	ldap_value_free(keyValue);
159	e = ldap_next_entry(ldap, e);
160	@@ -1561,7 +1556,7 @@ static int get_percent_decoded_len(const char *name)
161	{
162	int escapes = 0;
163	int escaped = 0;
164	- char *tmp = name;
165	+ const char *tmp = name;
166	int look_for_close = 0;
167
168	while (*tmp) {
169	@@ -2060,7 +2055,7 @@ static int do_get_entries(struct ldap_search_params sp, struct map_source sour
170	mapent = malloc(v_len + 1);
171	if (!mapent) {
172	char *estr;
173	- estr = strerror_r(errno, buf, MAX_ERR_BUF);
174	+ estr = strerror_r(errno, buf, sizeof(buf));
175	logerr(MODPREFIX "malloc: %s", estr);
176	ldap_value_free_len(bvValues);
177	goto next;
178	@@ -2080,7 +2075,7 @@ static int do_get_entries(struct ldap_search_params sp, struct map_source sour
179	mapent_len = new_size;
180	} else {
181	char *estr;
182	- estr = strerror_r(errno, buf, MAX_ERR_BUF);
183	+ estr = strerror_r(errno, buf, sizeof(buf));
184	logerr(MODPREFIX "realloc: %s", estr);
185	}
186	}
187	@@ -2181,7 +2176,7 @@ static int read_one_map(struct autofs_point *ap,
188
189	sp.query = alloca(l);
190	if (sp.query == NULL) {
191	- char *estr = strerror_r(errno, buf, MAX_ERR_BUF);
192	+ char *estr = strerror_r(errno, buf, sizeof(buf));
193	logerr(MODPREFIX "malloc: %s", estr);
194	return NSS_STATUS_UNAVAIL;
195	}
196	@@ -2335,7 +2330,7 @@ static int lookup_one(struct autofs_point *ap,
197
198	query = alloca(l);
199	if (query == NULL) {
200	- char *estr = strerror_r(errno, buf, MAX_ERR_BUF);
201	+ char *estr = strerror_r(errno, buf, sizeof(buf));
202	crit(ap->logopt, MODPREFIX "malloc: %s", estr);
203	if (enc_len1) {
204	free(enc_key1);
205	@@ -2507,7 +2502,7 @@ static int lookup_one(struct autofs_point *ap,
206	mapent = malloc(v_len + 1);
207	if (!mapent) {
208	char *estr;
209	- estr = strerror_r(errno, buf, MAX_ERR_BUF);
210	+ estr = strerror_r(errno, buf, sizeof(buf));
211	logerr(MODPREFIX "malloc: %s", estr);
212	ldap_value_free_len(bvValues);
213	goto next;
214	@@ -2527,7 +2522,7 @@ static int lookup_one(struct autofs_point *ap,
215	mapent_len = new_size;
216	} else {
217	char *estr;
218	- estr = strerror_r(errno, buf, MAX_ERR_BUF);
219	+ estr = strerror_r(errno, buf, sizeof(buf));
220	logerr(MODPREFIX "realloc: %s", estr);
221	}
222	}