diff --git a/Makefile b/Makefile index 724d559..1a3046b 100644 --- a/Makefile +++ b/Makefile @@ -268,6 +268,7 @@ login: docker test_on_docker: docker docker exec -t libnss-stns make test + docker exec -t libnss-stns make flawfinder docker exec -t libnss-stns make integration github_release: ## Create some distribution packages @@ -283,6 +284,7 @@ parson: mv /tmp/parson/parson.c ./ cleanup: rm -rf /var/cache/stns + rm -rf /var/tmp/.stns.lock flawfinder: - ls stns*c |grep -v test | xargs flawfinder + ls stns*c |grep -v test | xargs flawfinder --error-level 3 --minlevel 3 .PHONY: test testdev build parson diff --git a/stns.c b/stns.c index 4c2bdda..6350bad 100644 --- a/stns.c +++ b/stns.c @@ -478,7 +478,7 @@ int stns_import_file(char *file, stns_response_t *res) } else { res->data = (char *)realloc(res->data, total_len + len + 1); } - strcpy(res->data + total_len, buf); + strncpy(res->data + total_len, buf, len + 1); total_len += len; } fclose(fp); @@ -656,6 +656,7 @@ int stns_exec_cmd(char *cmd, char *arg, stns_response_t *r) syslog(LOG_ERR, "%s(stns)[L%d] after malloc", __func__, __LINE__); #endif + /* Flawfinder: ignore */ if ((fp = popen(c, "r")) == NULL) { goto err; } @@ -675,7 +676,7 @@ int stns_exec_cmd(char *cmd, char *arg, stns_response_t *r) #ifdef DEBUG syslog(LOG_ERR, "%s(stns)[L%d] after malloc", __func__, __LINE__); #endif - strcpy(r->data + total_len, buf); + strncpy(r->data + total_len, buf, len + 1); total_len += len; } pclose(fp); diff --git a/stns_group.c b/stns_group.c index 17c0095..7e0babc 100644 --- a/stns_group.c +++ b/stns_group.c @@ -43,7 +43,7 @@ pthread_mutex_t grent_mutex = PTHREAD_MUTEX_INITIALIZER; pthread_mutex_unlock(&grent_mutex); \ return NSS_STATUS_TRYAGAIN; \ } \ - strcpy(next_member, user); \ + strncpy(next_member, user, user_length); \ rbuf->gr_mem[i] = next_member; \ next_member += user_length; \ buflen -= user_length; \ diff --git a/stns_key_wrapper.c b/stns_key_wrapper.c index 3adeadc..8caf16d 100644 --- a/stns_key_wrapper.c +++ b/stns_key_wrapper.c @@ -13,12 +13,18 @@ int main(int argc, char *argv[]) int ret; signal(SIGPIPE, SIG_IGN); + /* Flawfinder: ignore */ while ((ret = getopt(argc, argv, "c:")) != -1) { if (ret == -1) break; switch (ret) { case 'c': - conf_path = optarg; + int len = strnlen(optarg, MAXBUF) + 1; + if (len >= MAXBUF) { + fprintf(stderr, "conf path too long\n"); + return -1; + } + strncpy(conf_path, optarg, len); break; default: break; @@ -38,8 +44,12 @@ int main(int argc, char *argv[]) if (ret != 0) return -1; + if (strnlen(argv[optind], MAX_USERNAME_LENGTH) >= MAX_USERNAME_LENGTH) { + fprintf(stderr, "user name too long\n"); + return -1; + } snprintf(url, sizeof(url), "users?name=%s", argv[optind]); - r.data = (char *)malloc(STNS_DEFAULT_BUFFER_SIZE); + r.data = (char *)malloc(STNS_DEFAULT_BUFFER_SIZE); curl_result = stns_request(&c, url, &r); if (curl_result != CURLE_OK) { fprintf(stderr, "http request failed user: %s\n", argv[optind]); @@ -102,7 +112,8 @@ int main(int argc, char *argv[]) if (stns_exec_cmd(c.chain_ssh_wrapper, argv[optind], &cr) == 0) { key_size = cr.size; keys = (char *)realloc(keys, key_size + strnlen(keys, STNS_MAX_BUFFER_SIZE) + 1); - strcpy(&(keys[size]), cr.data); + int len = strnlen(cr.data, STNS_MAX_BUFFER_SIZE); + strncpy(&(keys[size]), cr.data, len + 1); size += key_size; } free(cr.data);