summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlex Dowad <alexinbeijing@gmail.com>2014-05-01 13:45:32 +0200
committerTimo Teräs <timo.teras@iki.fi>2014-05-01 17:47:27 +0300
commit618bdff5f21b7b90c40fba93bafa88ceb3e522dc (patch)
tree04d5bd74aadf9e0c187bd7489eb0a00d870608f2
parentb64c621c9de3fa72ff1f1688d8453d99f5cf7352 (diff)
downloadsquark-618bdff5f21b7b90c40fba93bafa88ceb3e522dc.tar.bz2
squark-618bdff5f21b7b90c40fba93bafa88ceb3e522dc.tar.xz
squark-filter, squark-auth-ip: avoid overflow of login_name buffer
-rw-r--r--src/authdb.c2
-rw-r--r--src/squark-auth-ip.c4
-rw-r--r--src/squark-filter.c4
3 files changed, 7 insertions, 3 deletions
diff --git a/src/authdb.c b/src/authdb.c
index ed171a7..d16ba3a 100644
--- a/src/authdb.c
+++ b/src/authdb.c
@@ -223,7 +223,7 @@ int authdb_check_login(void *token, struct authdb_entry *e,
/* check username */
if (!blob_is_null(username) &&
- blob_cmp(username, BLOB_STRLEN(e->p.login_name)) != 0)
+ blob_cmp(username, BLOB_CHAR_ARRAY(e->p.login_name)) != 0)
return 0;
/* and dates */
diff --git a/src/squark-auth-ip.c b/src/squark-auth-ip.c
index 94c450f..74e0583 100644
--- a/src/squark-auth-ip.c
+++ b/src/squark-auth-ip.c
@@ -60,7 +60,7 @@ static void handle_line(blob_t line)
blob_push(&b, id);
if (auth_ok) {
blob_push(&b, BLOB_STR(" OK user="));
- blob_push(&b, BLOB_STRLEN(entry.p.login_name));
+ blob_push(&b, BLOB_CHAR_ARRAY(entry.p.login_name));
blob_push(&b, BLOB_PTR_LEN("\n", 1));
} else {
blob_push(&b, BLOB_STR(" ERR\n"));
@@ -210,6 +210,8 @@ int main(int argc, char **argv)
return 2;
}
authdb_clear_entry(&entry);
+ if (username.len > sizeof(entry.p.login_name))
+ username.len = sizeof(entry.p.login_name); /* avoid buffer overflow */
memcpy(entry.p.login_name, username.ptr, username.len);
authdb_commit_login(token, &entry, now, &adbc);
break;
diff --git a/src/squark-filter.c b/src/squark-filter.c
index b938355..827540e 100644
--- a/src/squark-filter.c
+++ b/src/squark-filter.c
@@ -434,11 +434,13 @@ static void read_input(struct sqdb *db)
} else {
if (authdb_check_login(token, &entry, username, now, &adbc)) {
auth_ok = 1;
- username = BLOB_STRLEN(entry.p.login_name);
+ username = BLOB_CHAR_ARRAY(entry.p.login_name);
} else if ((!adbc.require_auth) ||
(!blob_is_null(username) && blob_cmp(username, dash) != 0)) {
auth_ok = 1;
authdb_clear_entry(&entry);
+ if (username.len > sizeof(entry.p.login_name))
+ username.len = sizeof(entry.p.login_name); /* avoid buffer overflow */
memcpy(entry.p.login_name, username.ptr, username.len);
authdb_commit_login(token, &entry, now, &adbc);
} else {