Hello community, here is the log from the commit of package sblim-sfcb checked in at Mon Oct 27 17:15:41 CET 2008. -------- --- sblim-sfcb/sblim-sfcb.changes 2008-10-15 11:09:25.000000000 +0200 +++ /mounts/work_src_done/STABLE/sblim-sfcb/sblim-sfcb.changes 2008-10-24 08:32:46.563580000 +0200 @@ -1,0 +2,15 @@ +Wed Oct 22 14:57:46 MDT 2008 - bwhiteley@suse.de + +- The following bugs from the sblim tracker address bnc#425457 + - [ 2164750 ] sfcb does not handle some malformed HTTP requests correctly + - [ 2172888 ] http content-length is not constrained + - [ 2169514 ] spRcvMsg doesn't check malloc return + - [ 2169527 ] Some XML parsing error strings do not have sufficient space + - [ 2169607 ] sqlLexer assumes line lengths under MAXBUF + - [ 2175426 ] possible int overflow + - [ 2158198 ] syslog call incorrect + - [ 2172023 ] mlogf call cleanups + - [ 2175507 ] sockaddr_un not allocated for localconnect server +- Some code cleanup. + +------------------------------------------------------------------- calling whatdependson for head-i586 Old: ---- sblim-sfcb-1.3.0-root_only_auth.patch sblim-sfcb-1.3.0-uds_auth.patch sblim-sfcb-1.3.2-automake.patch sblim-sfcb-1.3.2-Werror.patch sblim-sfcb-align.patch New: ---- 0001-uds_auth.patch 0002-root_only_auth.patch 0003-align.patch 0006-Werror.patch 0007-automake.patch 0008-enable-hex-trace-mask.patch 0009-clean-up-semaphore-array-index-calculation.patch 0011-check-prevent-various-buffer-overflows.patch 0015-fix-potential-memory-leak.patch 0016-check-result-from-_methProvider.patch 0017-abort-on-socket-error-with-better-error-msg.patch 0018-buffer-size-check-in-localConnectServer.patch 0019-internal_provider.patch 0100-check_length_sanity.patch 0110-2164750-sfcb_handle_malformed_requests.patch 0120-max_content_length.patch 0130-2169514-check_malloc.patch 0140-2169527-attrsOk_alloca_fix.patch 0150-2169607-strcpy.patch 0160-2158198-syslog.patch 0170-2172023-mlogf.patch 0180-2175507-alloca_sockaddr.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ sblim-sfcb.spec ++++++ --- /var/tmp/diff_new_pack.z32654/_old 2008-10-27 17:14:46.000000000 +0100 +++ /var/tmp/diff_new_pack.z32654/_new 2008-10-27 17:14:46.000000000 +0100 @@ -21,7 +21,7 @@ Name: sblim-sfcb Version: 1.3.2 -Release: 7 +Release: 8 Group: System/Management License: Other uncritical OpenSource License; CPL 1.0 Url: http://sblim.sf.net/ @@ -31,11 +31,28 @@ Source2: sblim-sfcb.init %endif Source3: autoconfiscate.sh-mofc -Patch1: sblim-sfcb-1.3.0-uds_auth.patch -Patch2: sblim-sfcb-1.3.0-root_only_auth.patch -Patch3: sblim-sfcb-align.patch -Patch4: sblim-sfcb-1.3.2-Werror.patch -Patch5: sblim-sfcb-1.3.2-automake.patch +Patch1: 0001-uds_auth.patch +Patch2: 0002-root_only_auth.patch +Patch3: 0003-align.patch +Patch6: 0006-Werror.patch +Patch7: 0007-automake.patch +Patch8: 0008-enable-hex-trace-mask.patch +Patch9: 0009-clean-up-semaphore-array-index-calculation.patch +Patch11: 0011-check-prevent-various-buffer-overflows.patch +Patch15: 0015-fix-potential-memory-leak.patch +Patch16: 0016-check-result-from-_methProvider.patch +Patch17: 0017-abort-on-socket-error-with-better-error-msg.patch +Patch18: 0018-buffer-size-check-in-localConnectServer.patch +Patch19: 0019-internal_provider.patch +Patch100: 0100-check_length_sanity.patch +Patch110: 0110-2164750-sfcb_handle_malformed_requests.patch +Patch120: 0120-max_content_length.patch +Patch130: 0130-2169514-check_malloc.patch +Patch140: 0140-2169527-attrsOk_alloca_fix.patch +Patch150: 0150-2169607-strcpy.patch +Patch160: 0160-2158198-syslog.patch +Patch170: 0170-2172023-mlogf.patch +Patch180: 0180-2175507-alloca_sockaddr.patch Provides: cimserver Provides: cim-server %if 0%{?suse_version} >= 1030 @@ -66,11 +83,28 @@ %prep %setup -q -%patch1 -b .uds_auth.patch -%patch2 -b .root_only_auth.patch -%patch3 -%patch4 -%patch5 +%patch1 -p1 -b .0001-uds_auth.patch +%patch2 -p1 -b .0002-root_only_auth.patch +%patch3 -p1 -b .0003-align.patch +%patch6 -p1 -b .0006-Werror.patch +%patch7 -p1 -b .0007-automake.patch +%patch8 -p1 -b .0008-enable-hex-trace-mask.patch +%patch9 -p1 -b .0009-clean-up-semaphore-array-index-calculation.patch +%patch11 -p1 -b .0011-check-prevent-various-buffer-overflows.patch +%patch15 -p1 -b .0015-fix-potential-memory-leak.patch +%patch16 -p1 -b .0016-check-result-from-_methProvider.patch +%patch17 -p1 -b .0017-abort-on-socket-error-with-better-error-msg.patch +%patch18 -p1 -b .0018-buffer-size-check-in-localConnectServer.patch +%patch19 -p0 -b .0019-internal_provider.patch +%patch100 -p0 -b .0100-check_length_sanity.patch +%patch110 -p0 -b .0110-2164750-sfcb_handle_malformed_requests.patch +%patch120 -p0 -b .0120-max_content_length.patch +%patch130 -p0 -b .0130-2169514-check_malloc.patch +%patch140 -p0 -b .0140-2169527-attrsOk_alloca_fix.patch +%patch150 -p0 -b .0150-2169607-strcpy.patch +%patch160 -p0 -b .0160-2158198-syslog.patch +%patch170 -p0 -b .0170-2172023-mlogf.patch +%patch180 -p0 -b .0180-2175507-alloca_sockaddr.patch export PATCH_GET=0 %build @@ -78,9 +112,10 @@ cp %SOURCE1 . cp %SOURCE3 mofc/autoconfiscate.sh chmod +x mofc/autoconfiscate.sh -sh autoconfiscate.sh +sh ./autoconfiscate.sh #if test -d mofc; then cd mofc && autoreconf -f -i; fi #%%configure --enable-debug --enable-ssl --enable-pam --enable-ipv6 CIMSCHEMA_SOURCE=%{SOURCE1} CIMSCHEMA_MOF=cimv216.mof CIMSCHEMA_SUBDIRS=y +mkdir -p m4 %configure --enable-debug --enable-ssl --enable-pam --enable-ipv6 make @@ -156,6 +191,18 @@ %files -f _pkg_list %changelog +* Wed Oct 22 2008 bwhiteley@suse.de +- The following bugs from the sblim tracker address bnc#425457 + - [ 2164750 ] sfcb does not handle some malformed HTTP requests correctly + - [ 2172888 ] http content-length is not constrained + - [ 2169514 ] spRcvMsg doesn't check malloc return + - [ 2169527 ] Some XML parsing error strings do not have sufficient space + - [ 2169607 ] sqlLexer assumes line lengths under MAXBUF + - [ 2175426 ] possible int overflow + - [ 2158198 ] syslog call incorrect + - [ 2172023 ] mlogf call cleanups + - [ 2175507 ] sockaddr_un not allocated for localconnect server +- Some code cleanup. * Wed Oct 15 2008 kkaempf@suse.de - help Buildservice executing shell scripts. * Tue Oct 14 2008 kkaempf@suse.de @@ -173,24 +220,24 @@ - Added RTLD_GLOBAL to ldflags when loading providers. * Mon Aug 18 2008 bwhiteley@suse.de - don't remove buildroot in %%install -* Tue Aug 12 2008 bwhiteley@suse.de +* Mon Aug 11 2008 bwhiteley@suse.de - Added RequiredStart and RequiredStop to init script. -* Wed Jul 23 2008 bwhiteley@suse.de +* Tue Jul 22 2008 bwhiteley@suse.de - Fix SSL options to disable SSLv2 and weak ciphers. - Fix XML parser to unescape newlines. -* Tue Jul 22 2008 bwhiteley@suse.de +* Mon Jul 21 2008 bwhiteley@suse.de - Fixed limited length error strings in XML. -* Fri May 30 2008 bwhiteley@suse.de +* Thu May 29 2008 bwhiteley@suse.de - Enhanced to support HTTP connections over unix domain sockets, including unix socket peer credential authentication without passwords. - Changed authentication module to only allow users with uid 0 to log in. -* Sat May 17 2008 bwhiteley@suse.de +* Fri May 16 2008 bwhiteley@suse.de - Moved back to 1.3.0. 1.3.1 has problems. Removed schema package, and placed a dependency on cim-schema package instead. -* Wed May 14 2008 bwhiteley@suse.de +* Tue May 13 2008 bwhiteley@suse.de - Updated to 1.3.1. Other packaging changes. -* Sat May 03 2008 bwhiteley@suse.de +* Fri May 02 2008 bwhiteley@suse.de - Initial checkin ++++++ sblim-sfcb-1.3.0-uds_auth.patch -> 0001-uds_auth.patch ++++++ --- sblim-sfcb/sblim-sfcb-1.3.0-uds_auth.patch 2008-10-15 11:09:25.000000000 +0200 +++ /mounts/work_src_done/STABLE/sblim-sfcb/0001-uds_auth.patch 2008-10-24 08:32:27.566596000 +0200 @@ -1,5 +1,16 @@ ---- ./sfcb.cfg.pre.in.orig 2008-08-27 09:54:44.000000000 -0600 -+++ ./sfcb.cfg.pre.in 2008-08-27 09:55:06.000000000 -0600 +From 488d9b89c806e41bf0bda9979429d220139eb178 Mon Sep 17 00:00:00 2001 +From: =?utf-8?q?Klaus=20K=C3=A4mpf?= <kkaempf@suse.de> +Date: Wed, 22 Oct 2008 10:26:45 +0200 +Subject: [PATCH] uds_auth.patch + +--- + sfcb.cfg.pre.in | 2 +- + 1 files changed, 1 insertions(+), 1 deletions(-) + +diff --git a/sfcb.cfg.pre.in b/sfcb.cfg.pre.in +index b0e2de7..80c1f88 100644 +--- a/sfcb.cfg.pre.in ++++ b/sfcb.cfg.pre.in @@ -2,7 +2,7 @@ # Sample Configuration for Small Footprint CIM Broker httpPort: 5988 @@ -9,3 +20,6 @@ httpProcs: 8 httpsPort: 5989 enableHttps: @SFCB_CONF_HTTPS@ +-- +1.6.0.2 + ++++++ sblim-sfcb-1.3.0-root_only_auth.patch -> 0002-root_only_auth.patch ++++++ --- sblim-sfcb/sblim-sfcb-1.3.0-root_only_auth.patch 2008-10-15 11:09:25.000000000 +0200 +++ /mounts/work_src_done/STABLE/sblim-sfcb/0002-root_only_auth.patch 2008-10-24 08:32:28.196965000 +0200 @@ -1,5 +1,16 @@ ---- ./sfcBasicPAMAuthentication.c.orig 2008-05-29 14:17:19.000000000 -0600 -+++ ./sfcBasicPAMAuthentication.c 2008-05-29 14:40:07.000000000 -0600 +From 6458c05b58be2e39f0fb39815514671fa4f490a1 Mon Sep 17 00:00:00 2001 +From: =?utf-8?q?Klaus=20K=C3=A4mpf?= <kkaempf@suse.de> +Date: Wed, 22 Oct 2008 10:27:14 +0200 +Subject: [PATCH] root_only_auth.patch + +--- + sfcBasicPAMAuthentication.c | 20 ++++++++++++++++++++ + 1 files changed, 20 insertions(+), 0 deletions(-) + +diff --git a/sfcBasicPAMAuthentication.c b/sfcBasicPAMAuthentication.c +index c03e34d..de4786b 100644 +--- a/sfcBasicPAMAuthentication.c ++++ b/sfcBasicPAMAuthentication.c @@ -23,6 +23,10 @@ #include <stdio.h> #include <stdlib.h> @@ -11,7 +22,7 @@ #include <security/pam_appl.h> -@@ -58,7 +62,23 @@ +@@ -58,7 +62,23 @@ static int _sfcBasicAuthenticateRemote(char *user, char *pw, char *rhost) }; pam_handle_t *pamh = NULL; int rc, retval; @@ -35,3 +46,6 @@ rc = pam_start(SFCB_PAM_APP, user, &sfcConvStruct, & pamh); +-- +1.6.0.2 + ++++++ sblim-sfcb-align.patch -> 0003-align.patch ++++++ --- sblim-sfcb/sblim-sfcb-align.patch 2008-10-15 11:09:25.000000000 +0200 +++ /mounts/work_src_done/STABLE/sblim-sfcb/0003-align.patch 2008-10-24 08:32:28.723438000 +0200 @@ -1,5 +1,16 @@ ---- objectImpl.h -+++ objectImpl.h +From 9df6a7399ddb15428e6afe6f6aafb5e3f4087bbf Mon Sep 17 00:00:00 2001 +From: =?utf-8?q?Klaus=20K=C3=A4mpf?= <kkaempf@suse.de> +Date: Wed, 22 Oct 2008 10:27:43 +0200 +Subject: [PATCH] align.patch + +--- + objectImpl.h | 2 +- + 1 files changed, 1 insertions(+), 1 deletions(-) + +diff --git a/objectImpl.h b/objectImpl.h +index 7eb1298..0ad14e6 100644 +--- a/objectImpl.h ++++ b/objectImpl.h @@ -52,7 +52,7 @@ #define GetMax(f) (GetLo15b((f))) #define IsMallocedMax(x) (GetHi1b((x))) @@ -9,3 +20,6 @@ #define CLEXTRA 0 #define ALIGN(x,y) (x == 0 ? 0 : ((((x-1)/y)+1)*y)) +-- +1.6.0.2 + ++++++ sblim-sfcb-1.3.2-Werror.patch -> 0006-Werror.patch ++++++ --- sblim-sfcb/sblim-sfcb-1.3.2-Werror.patch 2008-10-15 11:09:25.000000000 +0200 +++ /mounts/work_src_done/STABLE/sblim-sfcb/0006-Werror.patch 2008-10-24 08:32:29.309853000 +0200 @@ -1,6 +1,25 @@ -diff -wruN ../orig-sblim-sfcb-1.3.2/cimcClientSfcbLocal.c ./cimcClientSfcbLocal.c ---- ../orig-sblim-sfcb-1.3.2/cimcClientSfcbLocal.c 2008-10-03 02:24:47.000000000 +0200 -+++ ./cimcClientSfcbLocal.c 2008-10-14 11:45:47.000000000 +0200 +From ab48a48bef2a5cecb35c5c72ee9b236af5f7b6cb Mon Sep 17 00:00:00 2001 +From: =?utf-8?q?Klaus=20K=C3=A4mpf?= <kkaempf@suse.de> +Date: Wed, 22 Oct 2008 10:32:34 +0200 +Subject: [PATCH] Werror.patch + +keep gcc happy even with -Werror +--- + cimcClientSfcbLocal.c | 2 +- + httpAdapter.c | 2 +- + httpComm.c | 2 +- + mofc/mofparse.c | 2 +- + mofc/mofs.l | 2 +- + objectImplSwapI32toP32.c | 4 ++++ + queryParser.y | 2 +- + selectcond.c | 2 +- + sfcbdumpP32onI32.c | 12 ++++++------ + 9 files changed, 17 insertions(+), 13 deletions(-) + +diff --git a/cimcClientSfcbLocal.c b/cimcClientSfcbLocal.c +index 67ad0ca..3f79540 100644 +--- a/cimcClientSfcbLocal.c ++++ b/cimcClientSfcbLocal.c @@ -29,7 +29,7 @@ @@ -10,10 +29,11 @@ (st)->msg=NewCMPIString((chars),NULL); }} #define NewCMPIString sfcb_native_new_CMPIString -diff -wruN ../orig-sblim-sfcb-1.3.2/httpAdapter.c ./httpAdapter.c ---- ../orig-sblim-sfcb-1.3.2/httpAdapter.c 2008-08-09 04:15:51.000000000 +0200 -+++ ./httpAdapter.c 2008-10-14 11:46:36.000000000 +0200 -@@ -814,7 +814,7 @@ +diff --git a/httpAdapter.c b/httpAdapter.c +index 69c8f98..8671b84 100644 +--- a/httpAdapter.c ++++ b/httpAdapter.c +@@ -814,7 +814,7 @@ static int doHttpRequest(CommHndl conn_fd) int authorized = 0; if (!discardInput && doUdsAuth) { struct ucred cr; @@ -22,10 +42,11 @@ if (getsockopt(conn_fd.socket, SOL_SOCKET, SO_PEERCRED, &cr, &cl) == 0) { if (cr.uid == 0) { authorized = 1; -diff -wruN ../orig-sblim-sfcb-1.3.2/httpComm.c ./httpComm.c ---- ../orig-sblim-sfcb-1.3.2/httpComm.c 2006-03-06 05:11:08.000000000 +0100 -+++ ./httpComm.c 2008-10-14 11:47:10.000000000 +0200 -@@ -122,7 +122,7 @@ +diff --git a/httpComm.c b/httpComm.c +index 00a70a5..66aa2b5 100644 +--- a/httpComm.c ++++ b/httpComm.c +@@ -122,7 +122,7 @@ void commFlush(CommHndl hndl) #if defined USE_SSL if (hndl.bio) { @@ -34,10 +55,11 @@ } else #endif if (hndl.file) { -diff -wruN ../orig-sblim-sfcb-1.3.2/mofc/mofparse.c ./mofc/mofparse.c ---- ../orig-sblim-sfcb-1.3.2/mofc/mofparse.c 2006-10-27 15:14:21.000000000 +0200 -+++ ./mofc/mofparse.c 2008-10-14 11:51:40.000000000 +0200 -@@ -112,7 +112,7 @@ +diff --git a/mofc/mofparse.c b/mofc/mofparse.c +index 64af1dc..af22686 100644 +--- a/mofc/mofparse.c ++++ b/mofc/mofparse.c +@@ -112,7 +112,7 @@ static void version() static void help(const char * name) { usage(name); @@ -46,9 +68,10 @@ printf(" Allowed options are\n"); printf(" -h display this message\n"); printf(" -v print some extra information\n"); -diff -wruN ../orig-sblim-sfcb-1.3.2/mofc/mofs.l ./mofc/mofs.l ---- ../orig-sblim-sfcb-1.3.2/mofc/mofs.l 2007-06-22 12:34:44.000000000 +0200 -+++ ./mofc/mofs.l 2008-10-14 11:52:07.000000000 +0200 +diff --git a/mofc/mofs.l b/mofc/mofs.l +index 5eead61..ec14b31 100644 +--- a/mofc/mofs.l ++++ b/mofc/mofs.l @@ -24,7 +24,7 @@ # include <ctype.h> # include <hash.h> @@ -58,10 +81,11 @@ # if defined SCANDEBUG /* for debugging */ # undef YY_DECL typedef YY_CHAR * TOKENTYPE; -diff -wruN ../orig-sblim-sfcb-1.3.2/objectImplSwapI32toP32.c ./objectImplSwapI32toP32.c ---- ../orig-sblim-sfcb-1.3.2/objectImplSwapI32toP32.c 2008-01-29 23:38:26.000000000 +0100 -+++ ./objectImplSwapI32toP32.c 2008-10-14 11:48:28.000000000 +0200 -@@ -262,7 +262,11 @@ +diff --git a/objectImplSwapI32toP32.c b/objectImplSwapI32toP32.c +index 68d67ea..19dea1d 100644 +--- a/objectImplSwapI32toP32.c ++++ b/objectImplSwapI32toP32.c +@@ -262,7 +262,11 @@ static long copyI32toP32Parameters(int ofs, char *to, CLP32_ClSection * ts, tp->quals = bswap_16(fp->quals); tp->parameter.type=bswap_16(fp->parameter.type); tp->parameter.arraySize=bswap_32(fp->parameter.arraySize); @@ -73,9 +97,10 @@ if (fp->qualifiers.used) l += copyI32toP32Qualifiers(ofs + l, to, &tp->qualifiers, from, &fp->qualifiers); } -diff -wruN ../orig-sblim-sfcb-1.3.2/queryParser.y ./queryParser.y ---- ../orig-sblim-sfcb-1.3.2/queryParser.y 2007-03-20 10:36:49.000000000 +0100 -+++ ./queryParser.y 2008-10-14 11:49:20.000000000 +0200 +diff --git a/queryParser.y b/queryParser.y +index 762c1db..d9212a3 100644 +--- a/queryParser.y ++++ b/queryParser.y @@ -71,7 +71,7 @@ #define YYLEX_PARAM parm #define YYERROR_VERBOSE 1 @@ -85,10 +110,11 @@ extern void sfcQueryErr(char*,char*,char*); extern void yyError(char*); extern void yyerror(char*); -diff -wruN ../orig-sblim-sfcb-1.3.2/selectcond.c ./selectcond.c ---- ../orig-sblim-sfcb-1.3.2/selectcond.c 2005-12-13 09:56:49.000000000 +0100 -+++ ./selectcond.c 2008-10-14 11:49:51.000000000 +0200 -@@ -36,7 +36,7 @@ +diff --git a/selectcond.c b/selectcond.c +index b31958d..421fdde 100644 +--- a/selectcond.c ++++ b/selectcond.c +@@ -36,7 +36,7 @@ typedef struct native_selectcond { int type; } NativeSelectCond; @@ -97,10 +123,11 @@ /*****************************************************************************/ -diff -wruN ../orig-sblim-sfcb-1.3.2/sfcbdumpP32onI32.c ./sfcbdumpP32onI32.c ---- ../orig-sblim-sfcb-1.3.2/sfcbdumpP32onI32.c 2007-09-14 14:41:34.000000000 +0200 -+++ ./sfcbdumpP32onI32.c 2008-10-14 11:51:09.000000000 +0200 -@@ -130,7 +130,7 @@ +diff --git a/sfcbdumpP32onI32.c b/sfcbdumpP32onI32.c +index fd57e3e..ec86728 100644 +--- a/sfcbdumpP32onI32.c ++++ b/sfcbdumpP32onI32.c +@@ -130,7 +130,7 @@ int main(int argc, char * argv[]) } else if (bswap_32(clv.size) != sizeof(CLP32_ClVersionRecord)) { rc = 1; fprintf(stderr, "%s: version record size mismatch, is %d expected %d\n", @@ -109,7 +136,7 @@ state = REC_QUIT; } else { printf("%s: Size of version record: %d, version: %hx\n", -@@ -149,7 +149,7 @@ +@@ -149,7 +149,7 @@ int main(int argc, char * argv[]) } else if (bswap_32(coh.size) < sizeof(CLP32_ClObjectHdr)) { rc = 1; fprintf(stderr, "%s: header record size mismatch, is %d expected at least %d\n", @@ -118,7 +145,7 @@ state = REC_QUIT; } else { printf("%s: Header size: %d, type: %hx\n", -@@ -216,8 +216,8 @@ +@@ -216,8 +216,8 @@ int main(int argc, char * argv[]) if ((numRead=read(fdSchema, fillBuf+sizeof(CLP32_ClObjectHdr), numFill)) != numFill) { rc = 1; fprintf(stderr, "%s: structure record short, is %d expected %d\n", @@ -129,7 +156,7 @@ state = REC_QUIT; } else { state = fillState; -@@ -381,7 +381,7 @@ +@@ -381,7 +381,7 @@ static int dumpArrayBuffer(const CLP32_ClObjectHdr *hdr, const char *prefix) for (i=0; i < bswap_16(ab->iUsed); i++) { printf("%s ab[%3d]=(%hx,%hx,%016llx)\n",prefix,i, bswap_16(ab->buf[bswap_32(index[i])].type), bswap_16(ab->buf[bswap_32(index[i])].state), @@ -138,7 +165,7 @@ } } } else { -@@ -391,7 +391,7 @@ +@@ -391,7 +391,7 @@ static int dumpArrayBuffer(const CLP32_ClObjectHdr *hdr, const char *prefix) } } else { fprintf(stderr,"%s invalid array buffer offset %d, must be < %d\n", @@ -147,3 +174,6 @@ rc = 2; } return rc; +-- +1.6.0.2 + ++++++ sblim-sfcb-1.3.2-automake.patch -> 0007-automake.patch ++++++ --- sblim-sfcb/sblim-sfcb-1.3.2-automake.patch 2008-10-15 11:09:25.000000000 +0200 +++ /mounts/work_src_done/STABLE/sblim-sfcb/0007-automake.patch 2008-10-24 08:32:29.925236000 +0200 @@ -1,18 +1,20 @@ -diff -wruN ../orig-sblim-sfcb-1.3.2/configure.ac ./configure.ac ---- ../orig-sblim-sfcb-1.3.2/configure.ac 2008-10-06 19:45:25.000000000 +0200 -+++ ./configure.ac 2008-10-14 11:02:05.000000000 +0200 -@@ -24,6 +24,7 @@ - - AC_INIT(Small Footprint CIM Broker, 1.3.2, sblim-devel@lists.sourceforge.net, sblim-sfcb) - AC_CONFIG_SRCDIR([providerDrv.c]) -+AC_CONFIG_MACRO_DIR([m4]) - - #disable "seems to ignore the --datarootdir setting" warnings - #AC_DEFUN([AC_DATAROOTDIR_CHECKED]) -diff -wruN ../orig-sblim-sfcb-1.3.2/Makefile.am ./Makefile.am ---- ../orig-sblim-sfcb-1.3.2/Makefile.am 2008-09-05 22:01:56.000000000 +0200 -+++ ./Makefile.am 2008-10-14 11:01:31.000000000 +0200 -@@ -35,7 +35,7 @@ +From 9cec87d244c49b85262a2424ebd1af67eb7575d3 Mon Sep 17 00:00:00 2001 +From: =?utf-8?q?Klaus=20K=C3=A4mpf?= <kkaempf@suse.de> +Date: Wed, 22 Oct 2008 10:34:02 +0200 +Subject: [PATCH] automake.patch + +Adapt to automake-1.10 and autoconf 2.63 +--- + Makefile.am | 2 +- + configure.ac | 1 + + mofc/configure.ac | 1 + + 3 files changed, 3 insertions(+), 1 deletions(-) + +diff --git a/Makefile.am b/Makefile.am +index a836389..54c967f 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -35,7 +35,7 @@ MANFILES=man/genSslCert.1 man/getSchema.1 man/sfcbd.1 man/sfcbmof.1 \ BUILT_SOURCES=queryParser.c queryLexer.c sqlParser.c sqlLexer.c cimXmlOps.c cimXmlParserProcessed.c $(MANFILES) AM_YFLAGS=-d @@ -21,13 +23,30 @@ AM_CPPFLAGS=-DSFCB_CONFDIR=\"$(sfcbconfdir)\" \ -DSFCB_STATEDIR=\"$(sfcbstatedir)\" \ -DSFCB_LIBDIR=\"$(libdir)\" \ -diff -wruN ../orig-sblim-sfcb-1.3.2/mofc/configure.ac ./mofc/configure.ac ---- ../orig-sblim-sfcb-1.3.2/mofc/configure.ac 2008-04-16 20:43:05.000000000 +0200 -+++ ./mofc/configure.ac 2008-10-14 11:03:10.000000000 +0200 -@@ -73,6 +73,7 @@ +diff --git a/configure.ac b/configure.ac +index b4d8fe6..1c5d450 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -24,6 +24,7 @@ + + AC_INIT(Small Footprint CIM Broker, 1.3.2, sblim-devel@lists.sourceforge.net, sblim-sfcb) + AC_CONFIG_SRCDIR([providerDrv.c]) ++AC_CONFIG_MACRO_DIR([m4]) + + #disable "seems to ignore the --datarootdir setting" warnings + #AC_DEFUN([AC_DATAROOTDIR_CHECKED]) +diff --git a/mofc/configure.ac b/mofc/configure.ac +index cd286b4..0362d07 100644 +--- a/mofc/configure.ac ++++ b/mofc/configure.ac +@@ -73,6 +73,7 @@ fi # Checks for programs. AC_PROG_CC +AM_PROG_CC_C_O AC_PROG_YACC AC_PROG_LEX + +-- +1.6.0.2 + ++++++ 0008-enable-hex-trace-mask.patch ++++++
From 95cda191df6e023febf55f6f9929998465a40b5b Mon Sep 17 00:00:00 2001 From: =?utf-8?q?Klaus=20K=C3=A4mpf?= <kkaempf@suse.de> Date: Wed, 22 Oct 2008 11:22:18 +0200 Subject: [PATCH] enable hex trace mask
Now trace level (-t) can be specified hexdecimal (-t 0x1234) also adds TRACE_SEMAPHORE --- sfcBroker.c | 7 ++++++- trace.h | 45 ++++++++++++++++++++++++--------------------- 2 files changed, 30 insertions(+), 22 deletions(-) diff --git a/sfcBroker.c b/sfcBroker.c index 95e3e18..827eb7b 100644 --- a/sfcBroker.c +++ b/sfcBroker.c @@ -605,8 +605,13 @@ int main(int argc, char *argv[]) if (*optarg == '?') { fprintf(stdout, "--- Traceable Components: Int Hex\n"); for (i = 0; traceIds[i].id; i++) - fprintf(stdout, "--- \t%18s: %d\t0x%05X\n", traceIds[i].id, traceIds[i].code, traceIds[i].code); + fprintf(stdout, "--- \t%18s: %d\t0x%07X\n", traceIds[i].id, traceIds[i].code, traceIds[i].code); exit(0); + } else if (*optarg == 0 && *(optarg+1) == 'x') { + if (sscanf(optarg,"0x%lx",&tmask) != 1) { + fprintf(stderr,"-t argument not proper hex value\n"); + exit(1); + } } else if (isdigit(*optarg)) { char *ep; tmask = strtol(optarg, &ep, 0); diff --git a/trace.h b/trace.h index e72fa88..f892689 100644 --- a/trace.h +++ b/trace.h @@ -123,27 +123,30 @@ int colorTrace; #define MAX_MSG_SIZE 1024 /* max length of trace message */ -#define TRACE_PROVIDERMGR 1 -#define TRACE_PROVIDERDRV 2 -#define TRACE_CIMXMLPROC 4 -#define TRACE_HTTPDAEMON 8 -#define TRACE_UPCALLS 16 -#define TRACE_ENCCALLS 32 -#define TRACE_PROVIDERINSTMGR 64 -#define TRACE_PROVIDERASSOCMGR 128 -#define TRACE_PROVIDERS 256 -#define TRACE_INDPROVIDER 512 -#define TRACE_INTERNALPROVIDER 1024 -#define TRACE_OBJECTIMPL 2048 -#define TRACE_XMLIN 4096 -#define TRACE_XMLOUT 8192 -#define TRACE_SOCKETS 16384 -#define TRACE_MEMORYMGR 32768 -#define TRACE_MSGQUEUE 65536 -#define TRACE_XMLPARSING 131072 -#define TRACE_RESPONSETIMING 262144 -#define TRACE_DBPDAEMON 524288 -#define TRACE_SLP 1048576 +#define TRACE_PROVIDERMGR 1 /* 0x00.0001 */ +#define TRACE_PROVIDERDRV 2 /* 0x00.0002 */ +#define TRACE_CIMXMLPROC 4 /* 0x00.0004 */ +#define TRACE_HTTPDAEMON 8 /* 0x00.0008 */ +#define TRACE_UPCALLS 16 /* 0x00.0010 */ +#define TRACE_ENCCALLS 32 /* 0x00.0020 */ +#define TRACE_PROVIDERINSTMGR 64 /* 0x00.0040 */ +#define TRACE_PROVIDERASSOCMGR 128 /* 0x00.0080 */ +#define TRACE_PROVIDERS 256 /* 0x00.0100 */ +#define TRACE_INDPROVIDER 512 /* 0x00.0200 */ +#define TRACE_INTERNALPROVIDER 1024 /* 0x00.0400 */ +#define TRACE_OBJECTIMPL 2048 /* 0x00.0800 */ +#define TRACE_XMLIN 4096 /* 0x00.1000 */ +#define TRACE_XMLOUT 8192 /* 0x00.2000 */ +#define TRACE_SOCKETS 16384 /* 0x00.4000 */ +#define TRACE_MEMORYMGR 32768 /* 0x00.8000 */ +#define TRACE_MSGQUEUE 65536 /* 0x01.0000 */ +#define TRACE_XMLPARSING 131072 /* 0x02.0000 */ +#define TRACE_RESPONSETIMING 262144 /* 0x04.0000 */ +#define TRACE_DBPDAEMON 524288 /* 0x08.0000 */ +#define TRACE_SLP 1048576 /* 0x10.0000 */ +#define TRACE_SEMAPHORE 2097152 /* 0x20.0000 */ +/* 4194304 0x40.000 */ +/* 8388608 0x80.000 */ typedef void sigHandler(int); -- 1.6.0.2 ++++++ 0009-clean-up-semaphore-array-index-calculation.patch ++++++
From 441bc5ea7fd160643521e1a4387d229b6914265f Mon Sep 17 00:00:00 2001 From: =?utf-8?q?Klaus=20K=C3=A4mpf?= <kkaempf@suse.de> Date: Wed, 22 Oct 2008 11:39:11 +0200 Subject: [PATCH] clean up semaphore array index calculation
- make constants recognizable as such - provide macros for semaphore array index calculations --- msgqueue.c | 14 +++++++------- msgqueue.h | 21 +++++++++++++-------- providerDrv.c | 44 ++++++++++++++++++++++---------------------- providerMgr.c | 8 ++++---- 4 files changed, 46 insertions(+), 41 deletions(-) diff --git a/msgqueue.c b/msgqueue.c index 8834052..80e3354 100644 --- a/msgqueue.c +++ b/msgqueue.c @@ -130,20 +130,20 @@ int initSem(int https, int shttps, int provs) } sun.val=1; - semctl(sfcbSem,httpGuardId,SETVAL,sun); + semctl(sfcbSem,HTTP_GUARD_ID,SETVAL,sun); sun.val=https; - semctl(sfcbSem,httpProcsId,SETVAL,sun); + semctl(sfcbSem,HTTP_PROCS_ID,SETVAL,sun); sun.val=1; - semctl(sfcbSem,shttpGuardId,SETVAL,sun); + semctl(sfcbSem,SHTTP_GUARD_ID,SETVAL,sun); sun.val=shttps; - semctl(sfcbSem,shttpProcsId,SETVAL,sun); + semctl(sfcbSem,SHTTP_PROCS_ID,SETVAL,sun); for (i=0; i<provs; i++) { sun.val=1; - semctl(sfcbSem,(i*3)+provProcGuardId+provProcBaseId,SETVAL,sun); + semctl(sfcbSem,PROV_GUARD(i),SETVAL,sun); sun.val=0; - semctl(sfcbSem,(i*3)+provProcInuseId+provProcBaseId,SETVAL,sun); - semctl(sfcbSem,(i*3)+provProcAliveId+provProcBaseId,SETVAL,sun); + semctl(sfcbSem,PROV_INUSE(i),SETVAL,sun); + semctl(sfcbSem,PROV_ALIVE(i),SETVAL,sun); } return 0; } diff --git a/msgqueue.h b/msgqueue.h index 612cdb9..41b40c0 100644 --- a/msgqueue.h +++ b/msgqueue.h @@ -157,14 +157,19 @@ extern char *provPauseStr; extern int noHttpPause; extern char *httpPauseStr; -#define httpGuardId 0 -#define httpProcsId 1 -#define shttpGuardId 2 -#define shttpProcsId 3 -#define provProcBaseId 4 -#define provProcGuardId 0 -#define provProcInuseId 1 -#define provProcAliveId 2 +/* relative Ids within the semaphore set */ +#define HTTP_GUARD_ID 0 +#define HTTP_PROCS_ID 1 +#define SHTTP_GUARD_ID 2 +#define SHTTP_PROCS_ID 3 +#define PROV_PROC_BASE_ID 4 +#define PROV_PROC_GUARD_ID 0 +#define PROV_PROC_INUSE_ID 1 +#define PROV_PROC_ALIVE_ID 2 + +#define PROV_GUARD(id) ((id*3)+PROV_PROC_GUARD_ID+PROV_PROC_BASE_ID) +#define PROV_INUSE(id) ((id*3)+PROV_PROC_INUSE_ID+PROV_PROC_BASE_ID) +#define PROV_ALIVE(id) ((id*3)+PROV_PROC_ALIVE_ID+PROV_PROC_BASE_ID) extern ComSockets *sPairs; extern int ptBase,htBase,stBase,htMax,stMax; diff --git a/providerDrv.c b/providerDrv.c index 4299b4e..62aca9d 100644 --- a/providerDrv.c +++ b/providerDrv.c @@ -380,8 +380,8 @@ void* providerIdleThread() if (pInfo) { proc=curProvProc; if (proc) { - semAcquireUnDo(sfcbSem,(proc->id*3)+provProcGuardId+provProcBaseId); - if ((val=semGetValue(sfcbSem,(proc->id*3)+provProcInuseId+provProcBaseId))==0) { + semAcquireUnDo(sfcbSem,PROV_GUARD(proc->id)); + if ((val=semGetValue(sfcbSem,PROV_INUSE(proc->id)))==0) { if ((now-proc->lastActivity)>provTimeoutInterval) { ctx = native_new_CMPIContext(MEM_TRACKED,NULL); noBreak=0; @@ -416,7 +416,7 @@ void* providerIdleThread() } } } - semRelease(sfcbSem,(proc->id*3)+provProcGuardId+provProcBaseId); + semRelease(sfcbSem,PROV_GUARD(proc->id)); } } } @@ -536,9 +536,9 @@ static int getProcess(ProviderInfo * info, ProviderProcess ** proc) for (i = 0; i < provProcMax; i++) { if ((provProc+i) && provProc[i].pid && provProc[i].group && strcmp(provProc[i].group,info->group)==0) { - semAcquire(sfcbSem,(provProc[i].id*3)+provProcGuardId+provProcBaseId); - semRelease(sfcbSem,(provProc[i].id*3)+provProcInuseId+provProcBaseId); - semRelease(sfcbSem,(provProc[i].id*3)+provProcGuardId+provProcBaseId); + semAcquire(sfcbSem,PROV_GUARD(provProc[i].id)); + semRelease(sfcbSem,PROV_INUSE(provProc[i].id)); + semRelease(sfcbSem,PROV_GUARD(provProc[i].id)); info->pid=provProc[i].pid; info->providerSockets=provProc[i].providerSockets; _SFCB_TRACE(1,("--- Process %d shared by %s and %s",provProc[i].pid,info->providerName, @@ -593,12 +593,12 @@ static int getProcess(ProviderInfo * info, ProviderProcess ** proc) info->proc=*proc; info->pid=currentProc; - semSetValue(sfcbSem,((*proc)->id*3)+provProcGuardId+provProcBaseId,0); - semSetValue(sfcbSem,((*proc)->id*3)+provProcInuseId+provProcBaseId,0); - semSetValue(sfcbSem,((*proc)->id*3)+provProcAliveId+provProcBaseId,0); - semReleaseUnDo(sfcbSem,((*proc)->id*3)+provProcAliveId+provProcBaseId); - semReleaseUnDo(sfcbSem,((*proc)->id*3)+provProcInuseId+provProcBaseId); - semRelease(sfcbSem,((*proc)->id*3)+provProcGuardId+provProcBaseId); + semSetValue(sfcbSem,PROV_GUARD((*proc)->id),0); + semSetValue(sfcbSem,PROV_INUSE((*proc)->id),0); + semSetValue(sfcbSem,PROV_ALIVE((*proc)->id),0); + semReleaseUnDo(sfcbSem,PROV_ALIVE((*proc)->id)); + semReleaseUnDo(sfcbSem,PROV_INUSE((*proc)->id)); + semRelease(sfcbSem,PROV_GUARD((*proc)->id)); processProviderInvocationRequests(info->providerName); _SFCB_RETURN(0); @@ -628,15 +628,15 @@ int forkProvider(ProviderInfo * info, OperationHdr * req, char **msg) if (info->pid ) { proc=info->proc; - semAcquire(sfcbSem,(proc->id*3)+provProcGuardId+provProcBaseId); - if ((val=semGetValue(sfcbSem,(proc->id*3)+provProcAliveId+provProcBaseId))) { - semRelease(sfcbSem,(proc->id*3)+provProcInuseId+provProcBaseId); - semRelease(sfcbSem,(proc->id*3)+provProcGuardId+provProcBaseId); + semAcquire(sfcbSem,PROV_GUARD(proc->id)); + if ((val=semGetValue(sfcbSem,PROV_ALIVE(proc->id)))) { + semRelease(sfcbSem,PROV_INUSE(proc->id)); + semRelease(sfcbSem,PROV_GUARD(proc->id)); _SFCB_TRACE(1, ("--- Provider %s still loaded",info->providerName)); _SFCB_RETURN(CMPI_RC_OK) } - semRelease(sfcbSem,(proc->id*3)+provProcGuardId+provProcBaseId); + semRelease(sfcbSem,PROV_GUARD(proc->id)); _SFCB_TRACE(1, ("--- Provider has been unloaded prevously, will reload")); info->pid=0; @@ -2377,7 +2377,7 @@ static BinResponseHdr *loadProvider(BinRequestHdr * hdr, ProviderInfo * info, in BinResponseHdr *resp; char dlName[512]; - _SFCB_TRACE(1, ("--- Loading Provide %s %s %s", (char *) req->className.data, + _SFCB_TRACE(1, ("--- Loading provider %s %s %s", (char *) req->className.data, (char *) req->provName.data, (char *) req->libName.data)); info = (ProviderInfo *) calloc(1, sizeof(*info)); @@ -2518,7 +2518,7 @@ static void *processProviderInvocationRequestsThread(void *prms) int i,requestor=0,initRc=0; _SFCB_ENTER(TRACE_PROVIDERDRV, "processProviderInvocationRequestsThread"); - + for (i = 0; i < req->count; i++) if (req->object[i].length) req->object[i].data=(void*)((long)req->object[i].data+(char*)req); @@ -2567,7 +2567,7 @@ static void *processProviderInvocationRequestsThread(void *prms) } else { - _SFCB_TRACE(1, ("--- Provider request for %s %p %x", + _SFCB_TRACE(1, ("--- Provider request for op:%s pInfo:%p prov:%x", opsName[req->operation],pInfo,req->provId)); if (req->flags & FL_chunked) requestor=parms->requestor; @@ -2673,7 +2673,7 @@ void processProviderInvocationRequests(char *name) debugMode=pauseProvider(name); for (;;) { - _SFCB_TRACE(1, ("--- Waiting for provider request to %d-%lu", + _SFCB_TRACE(1, ("--- Waiting for provider request to R%d-%lu", providerSockets.receive,getInode(providerSockets.receive))); parms = (Parms *) malloc(sizeof(*parms)); @@ -2683,7 +2683,7 @@ void processProviderInvocationRequests(char *name) int debug_break = 0; if (rc!=0)mlogf(M_ERROR,M_SHOW,"oops\n"); - _SFCB_TRACE(1, ("--- Got something %d-%p on %d-%lu", + _SFCB_TRACE(1, ("--- Got something op:%d-prov:%p on R%d-%lu", parms->req->operation,parms->req->provId, providerSockets.receive,getInode(providerSockets.receive))); diff --git a/providerMgr.c b/providerMgr.c index 595c8e7..99e0292 100644 --- a/providerMgr.c +++ b/providerMgr.c @@ -922,10 +922,10 @@ static void setInuseSem(void *id) ids.ids=id; - semAcquire(sfcbSem,(ids.procId*3)+provProcGuardId+provProcBaseId); - semAcquire(sfcbSem,(ids.procId*3)+provProcInuseId+provProcBaseId); - semReleaseUnDo(sfcbSem,(ids.procId*3)+provProcInuseId+provProcBaseId); - semRelease(sfcbSem,(ids.procId*3)+provProcGuardId+provProcBaseId); + semAcquire(sfcbSem,PROV_GUARD(ids.procId)); + semAcquire(sfcbSem,PROV_INUSE(ids.procId)); + semReleaseUnDo(sfcbSem,PROV_INUSE(ids.procId)); + semRelease(sfcbSem,PROV_GUARD(ids.procId)); _SFCB_EXIT(); } -- 1.6.0.2 ++++++ 0011-check-prevent-various-buffer-overflows.patch ++++++
From 5bd0849109748dc6cdb4fcf84c2ec8719514158c Mon Sep 17 00:00:00 2001 From: =?utf-8?q?Klaus=20K=C3=A4mpf?= <kkaempf@suse.de> Date: Wed, 22 Oct 2008 11:47:58 +0200 Subject: [PATCH] check/prevent various buffer overflows
--- msgqueue.c | 3 ++- providerRegister.c | 4 ++-- support.c | 30 +++++++++++++++++++++++++----- 3 files changed, 29 insertions(+), 8 deletions(-) diff --git a/msgqueue.c b/msgqueue.c index 8834052..f08cf13 100644 --- a/msgqueue.c +++ b/msgqueue.c @@ -697,6 +697,7 @@ void localConnectServer() } /* any other error, just return (should probably be more graceful) */ else { + perror("Other accept error"); return; } } diff --git a/providerRegister.c b/providerRegister.c index 8ad6faf..3671b4c 100644 --- a/providerRegister.c +++ b/providerRegister.c @@ -130,7 +130,7 @@ ProviderRegister *newProviderRegister(char *fn) dir = "/var/lib/sfcb/registration"; } - strcpy(fin, dir); + strncpy(fin, dir, sizeof(fin)-18); /* 18 = strlen("/providerRegister")+1 */ strcat(fin, "/providerRegister"); in = fopen(fin, "r"); if (in == NULL) @@ -144,7 +144,7 @@ ProviderRegister *newProviderRegister(char *fn) bb->ht = UtilFactory->newHashTable(61, UtilHashTable_charKey | UtilHashTable_ignoreKeyCase); - while (fgets(fin, 1024, in)) { + while (fgets(fin, sizeof(fin), in)) { n++; if (stmt) free(stmt); stmt = strdup(fin); diff --git a/support.c b/support.c index 2f53812..144b4f7 100644 --- a/support.c +++ b/support.c @@ -52,7 +52,11 @@ int localClientMode=0; /**< flag determining whether local client connect void *loadLibib(const char *libname) { char filename[255]; - sprintf(filename, "lib%s.so", libname); + if (snprintf(filename, 255, "lib%s.so", libname) >= 255) + { + mlogf(M_ERROR,M_SHOW,"--- loadLibib: output truncated\n"); + return NULL; + } return dlopen(filename, RTLD_LAZY); } @@ -61,7 +65,11 @@ static void *getGenericEntryPoint(void *library, const char *ptype) { char entry_point[255]; void *sym; - sprintf(entry_point, "_Generic_Create_%sMI", ptype); + if (snprintf(entry_point, 255, "_Generic_Create_%sMI", ptype) >= 255) + { + mlogf(M_ERROR,M_SHOW,"--- getGenericEntryPoint: output truncated\n"); + return NULL; + } sym = dlsym(library, entry_point); return sym; } @@ -72,7 +80,11 @@ static void *getFixedEntryPoint(const char *provider, { char entry_point[255]; void *sym; - sprintf(entry_point, "%s_Create_%sMI", provider, ptype); + if (snprintf(entry_point, 255, "%s_Create_%sMI", provider, ptype) >= 255) + { + mlogf(M_ERROR,M_SHOW,"--- getFixedEntryPoint: output truncated\n"); + return NULL; + } sym = dlsym(library, entry_point); return sym; } @@ -366,7 +378,11 @@ int memAdd(void *ptr, int *memId); void *tool_mm_load_lib(const char *libname) { char filename[255]; - sprintf(filename, "lib%s.so", libname); + if (snprintf(filename, 255, "lib%s.so", libname) >= 255) + { + mlogf(M_ERROR,M_SHOW,"--- tool_mm_load_lib: output truncated\n"); + return NULL; + } return dlopen(filename, RTLD_LAZY); } @@ -919,7 +935,11 @@ void dumpTiming(int pid) if (collectStat==0) return; - sprintf(buffer,"/proc/%d/stat",pid); + if (snprintf(buffer,4096,"/proc/%d/stat",pid) >= 4096) + { + mlogf(M_ERROR,M_SHOW,"--- dumpTiming: output truncated\n"); + return; + } f=fopen(buffer,"r"); l=fread(buffer,1,4095,f); fclose(f); -- 1.6.0.2 ++++++ 0015-fix-potential-memory-leak.patch ++++++
From c803538579ac7d8d852c42085b43d75da6b2215d Mon Sep 17 00:00:00 2001 From: =?utf-8?q?Klaus=20K=C3=A4mpf?= <kkaempf@suse.de> Date: Wed, 22 Oct 2008 13:40:02 +0200 Subject: [PATCH] fix potential memory leak
forkProvider is passed a 'msg' pointer address which is set by strdup but never used. Make this parameter optional (in providerDrv.c) and pass NULL for each call (in providerMgr.c) --- providerDrv.c | 8 +++++--- providerMgr.c | 39 +++++++++++---------------------------- 2 files changed, 16 insertions(+), 31 deletions(-) diff --git a/providerDrv.c b/providerDrv.c index 62aca9d..d06a91f 100644 --- a/providerDrv.c +++ b/providerDrv.c @@ -676,10 +676,12 @@ int forkProvider(ProviderInfo * info, OperationHdr * req, char **msg) resp = invokeProvider(&binCtx); resp->rc--; - if (resp->rc) { - *msg = strdup((char *) resp->object[0].data); + if (msg) { + if (resp->rc) { + *msg = strdup((char *) resp->object[0].data); + } + else *msg = NULL; } - else *msg = NULL; rc=resp->rc; _SFCB_TRACE(1, ("--- rc: %d", resp->rc)); diff --git a/providerMgr.c b/providerMgr.c index 99e0292..b300937 100644 --- a/providerMgr.c +++ b/providerMgr.c @@ -371,7 +371,6 @@ static void lookupProviderList(long type, int *requestor, OperationHdr * req) unsigned long count,n; ProviderInfo *info; int dmy = 0, rc,indFound=0; - char *msg = NULL; CMPIStatus st = {CMPI_RC_OK, NULL}; providers = lookupProviders(type,className,nameSpace,&st); @@ -383,7 +382,7 @@ static void lookupProviderList(long type, int *requestor, OperationHdr * req) for (info = providers->ft->getFirst(providers); info; info = providers->ft->getNext(providers), n--) { if (info->type!=FORCE_PROVIDER_NOTFOUND && - (rc = forkProvider(info, req, &msg)) == CMPI_RC_OK) { + (rc = forkProvider(info, req, NULL)) == CMPI_RC_OK) { _SFCB_TRACE(1,("--- responding with %s %p %d",info->providerName,info,count)); spSendCtlResult(requestor, &info->providerSockets.send, MSG_X_PROVIDER, count--, getProvIds(info).ids, req->options); @@ -395,7 +394,6 @@ static void lookupProviderList(long type, int *requestor, OperationHdr * req) }; spSendCtlResult(requestor, &dmy, MSG_X_PROVIDER_NOT_FOUND, 0, NULL, req->options); - if (msg) free(msg); break; } } @@ -414,7 +412,6 @@ static void findProvider(long type, int *requestor, OperationHdr * req) char *className = (char *) req->className.data; char *nameSpace = (char *) req->nameSpace.data; ProviderInfo *info; - char *msg=NULL; int rc; CMPIStatus st; @@ -422,14 +419,13 @@ static void findProvider(long type, int *requestor, OperationHdr * req) if ((info = lookupProvider(type,className,nameSpace,&st)) != NULL) { if (info->type!=FORCE_PROVIDER_NOTFOUND && - (rc = forkProvider(info, req, &msg)) == CMPI_RC_OK) { + (rc = forkProvider(info, req, NULL)) == CMPI_RC_OK) { spSendCtlResult(requestor, &info->providerSockets.send, MSG_X_PROVIDER, 0, getProvIds(info).ids, req->options); } else { spSendCtlResult(requestor, &sfcbSockets.send, MSG_X_PROVIDER_NOT_FOUND, 0, NULL, req->options); - if (msg) free(msg); } } else { @@ -599,7 +595,6 @@ static void assocProviderList(int *requestor, OperationHdr * req) long count = 0; ProviderInfo *info; int dmy = 0, rc; - char *msg=NULL; if (className==NULL || *className == 0) className = "$ASSOCCLASSES$"; @@ -611,7 +606,7 @@ static void assocProviderList(int *requestor, OperationHdr * req) for (info = providers->ft->getFirst(providers); info; info = providers->ft->getNext(providers)) { if (info->type!=FORCE_PROVIDER_NOTFOUND && - (rc = forkProvider(info, req, &msg)) == CMPI_RC_OK) { + (rc = forkProvider(info, req, NULL)) == CMPI_RC_OK) { _SFCB_TRACE(1,("--- responding with %s %p %d",info->providerName,info,count)); spSendCtlResult(requestor, &info->providerSockets.send, MSG_X_PROVIDER, count--, getProvIds(info).ids, req->options); @@ -619,10 +614,8 @@ static void assocProviderList(int *requestor, OperationHdr * req) else { spSendCtlResult(requestor, &dmy, MSG_X_PROVIDER_NOT_FOUND, 0, NULL, req->options); - if (msg) free(msg); break; } - } } else { @@ -634,7 +627,7 @@ static void assocProviderList(int *requestor, OperationHdr * req) /* When there is no provider for an assocClass we do not want to produce * an error message. So we return the default provider and expect it * to produce a nice and empty result */ - if((rc = forkProvider(defaultProvInfoPtr, req, &msg)) == CMPI_RC_OK) { + if((rc = forkProvider(defaultProvInfoPtr, req, NULL)) == CMPI_RC_OK) { _SFCB_TRACE(1,("--- responding with %s %p %d", defaultProvInfoPtr->providerName, defaultProvInfoPtr,count)); @@ -705,10 +698,8 @@ static ProviderInfo *getMethodProvider(char *className, char *nameSpace) static void classProvider(int *requestor, OperationHdr * req) { - char *msg; - _SFCB_ENTER(TRACE_PROVIDERMGR, "classProvider"); - forkProvider(classProvInfoPtr, req, &msg); + forkProvider(classProvInfoPtr, req, NULL); _SFCB_TRACE(1,("--- result %d-%lu to with %d-%lu", *requestor,getInode(*requestor), classProvInfoPtr->providerSockets.send, @@ -716,16 +707,13 @@ static void classProvider(int *requestor, OperationHdr * req) spSendCtlResult(requestor, &classProvInfoPtr->providerSockets.send, MSG_X_PROVIDER, 0, getProvIds(classProvInfoPtr).ids, req->options); - _SFCB_EXIT(); } static void qualiProvider(int *requestor, OperationHdr * req) { - char *msg; - _SFCB_ENTER(TRACE_PROVIDERMGR, "qualiProvider"); - forkProvider(qualiProvInfoPtr, req, &msg); + forkProvider(qualiProvInfoPtr, req, NULL); _SFCB_TRACE(1,("--- result %d-%lu to with %d-%lu", *requestor,getInode(*requestor), qualiProvInfoPtr->providerSockets.send, @@ -738,7 +726,6 @@ static void qualiProvider(int *requestor, OperationHdr * req) static void methProvider(int *requestor, OperationHdr * req) { - char *msg=NULL; int rc; char *className = (char *) req->className.data; char *nameSpace = (char *) req->nameSpace.data; @@ -749,7 +736,7 @@ static void methProvider(int *requestor, OperationHdr * req) classProvider(requestor, req); else if ((info = getMethodProvider(className,nameSpace)) != NULL) { if (info->type!=FORCE_PROVIDER_NOTFOUND && - (rc = forkProvider(info, req, &msg)) == CMPI_RC_OK) { + (rc = forkProvider(info, req, NULL)) == CMPI_RC_OK) { _SFCB_TRACE(1,("--- responding with %s %p",info->providerName,info)); spSendCtlResult(requestor, &info->providerSockets.send, MSG_X_PROVIDER, 0, getProvIds(info).ids, req->options); @@ -757,7 +744,6 @@ static void methProvider(int *requestor, OperationHdr * req) else { spSendCtlResult(requestor, &sfcbSockets.send, MSG_X_PROVIDER_NOT_FOUND, 0, NULL, req->options); - if (msg) free(msg); } } else @@ -773,32 +759,30 @@ static int _methProvider(BinRequestContext * ctx, OperationHdr * req) char *nameSpace = (char *) req->nameSpace.data; ProviderInfo *info; int rc; - char *msg; ctx->chunkedMode=ctx->xmlAs=0; if (strcmp(className, "$ClassProvider$") == 0) { - forkProvider(classProvInfoPtr, req, &msg); + forkProvider(classProvInfoPtr, req, NULL); ctx->provA.ids = getProvIds(classProvInfoPtr); ctx->provA.socket = classProvInfoPtr->providerSockets.send; ctx->pAs=NULL; _SFCB_RETURN(MSG_X_PROVIDER); } else if (strcmp(className, "$InterOpProvider$") == 0) { - forkProvider(interOpProvInfoPtr, req, &msg); + forkProvider(interOpProvInfoPtr, req, NULL); ctx->provA.ids = getProvIds(interOpProvInfoPtr); ctx->provA.socket = interOpProvInfoPtr->providerSockets.send; ctx->pAs=NULL; _SFCB_RETURN(MSG_X_PROVIDER); } else if ((info = getMethodProvider(className,nameSpace)) != NULL) { - if ((rc = forkProvider(info, req, &msg)) == CMPI_RC_OK) { + if ((rc = forkProvider(info, req, NULL)) == CMPI_RC_OK) { ctx->provA.ids = getProvIds(info); ctx->provA.socket = info->providerSockets.send; ctx->pAs=NULL; _SFCB_RETURN(MSG_X_PROVIDER); } else { - free(msg); _SFCB_RETURN(MSG_X_PROVIDER_NOT_FOUND); } } @@ -1324,7 +1308,6 @@ static CMPIConstClass *_getConstClass(const char *ns, const char *cn, CMPIStatus BinRequestContext binCtx; OperationHdr req = { OPS_GetClass, 2 }; int irc; - char *msg; path = NewCMPIObjectPath(ns, cn, st); sreq.objectPath = setObjectPathMsgSegment(path); @@ -1333,7 +1316,7 @@ static CMPIConstClass *_getConstClass(const char *ns, const char *cn, CMPIStatus req.nameSpace = setCharsMsgSegment((char *) ns); req.className = setCharsMsgSegment((char *) cn); - forkProvider(classProvInfoPtr, &req, &msg); + forkProvider(classProvInfoPtr, &req, NULL); memset(&binCtx,0,sizeof(BinRequestContext)); binCtx.oHdr = &req; -- 1.6.0.2 ++++++ 0016-check-result-from-_methProvider.patch ++++++
From 320252d97c88e90e3e15350209ffdedf1f5331b7 Mon Sep 17 00:00:00 2001 From: =?utf-8?q?Klaus=20K=C3=A4mpf?= <kkaempf@suse.de> Date: Wed, 22 Oct 2008 14:43:19 +0200 Subject: [PATCH] check result from _methProvider
--- providerMgr.c | 8 ++++---- 1 files changed, 4 insertions(+), 4 deletions(-) diff --git a/providerMgr.c b/providerMgr.c index b300937..97ec578 100644 --- a/providerMgr.c +++ b/providerMgr.c @@ -1414,7 +1414,7 @@ int isChild(const char *ns, const char *parent, const char* child) irc = _methProvider(&binCtx, &req); - if (irc) { + if (irc == MSG_X_PROVIDER) { localInvokeMethod(&binCtx, path, "ischild", in, &out, &rc,0); irc=(rc.rc==CMPI_RC_OK); } @@ -1444,7 +1444,7 @@ static int startUpProvider(const char* ns, const char *name) irc = _methProvider(&binCtx, &req); - if (irc) { + if (irc == MSG_X_PROVIDER) { localInvokeMethod(&binCtx, path, "_startup", in, &out, &rc, 1); irc=(rc.rc==CMPI_RC_OK); } @@ -1480,7 +1480,7 @@ static UtilList *_getConstClassChildren(const char *ns, const char *cn) irc = _methProvider(&binCtx, &req); - if (irc) { + if (irc == MSG_X_PROVIDER) { data = localInvokeMethod(&binCtx, path, "getchildren", in, &out, &rc, 0); if (out) { ar = CMGetArg(out, "children", &rc).value.array; @@ -1522,7 +1522,7 @@ static UtilList *_getAssocClassNames(const char *ns) memset(&binCtx,0,sizeof(BinRequestContext)); irc = _methProvider(&binCtx, &req); - if (irc) { + if (irc == MSG_X_PROVIDER) { data = localInvokeMethod(&binCtx, path, "getassocs", in, &out, &rc,0); if (out) { ar = CMGetArg(out, "assocs", &rc).value.array; -- 1.6.0.2 ++++++ 0017-abort-on-socket-error-with-better-error-msg.patch ++++++
From 15d47d39d7f586ea9ccb32d18ff067c7e2f25097 Mon Sep 17 00:00:00 2001 From: =?utf-8?q?Klaus=20K=C3=A4mpf?= <kkaempf@suse.de> Date: Wed, 22 Oct 2008 15:00:42 +0200 Subject: [PATCH] abort() on socket error with better error msg
--- msgqueue.c | 10 +++++----- 1 files changed, 5 insertions(+), 5 deletions(-) diff --git a/msgqueue.c b/msgqueue.c index 0917f62..ed2e055 100644 --- a/msgqueue.c +++ b/msgqueue.c @@ -170,9 +170,9 @@ static int spHandleError(int *s, char *m) { _SFCB_ENTER(TRACE_MSGQUEUE, "handleError"); char *emsg=strerror(errno); - mlogf(M_ERROR,M_SHOW,"%s %d %d-%d %s\n", m, *s, currentProc, errno,emsg); - // _SFCB_ABORT(); - return -1; + mlogf(M_ERROR,M_SHOW,"%s %d pid:%d-errno:%d : %s\n", m, *s, currentProc, errno,emsg); + _SFCB_ABORT(); + //return -1; } @@ -651,7 +651,7 @@ void localConnectServer() int nsocket,ssocket; unsigned int cl, notDone=1; char *path,cMsg[264]; - + struct _msg { unsigned int size; char oper; @@ -660,7 +660,7 @@ void localConnectServer() } msg; mlogf(M_INFO,M_SHOW,"--- localConnectServer started\n"); - + if (getControlChars("localSocketPath", &path)!=0) { mlogf(M_INFO,M_SHOW,"--- localConnectServer failed to start\n"); } -- 1.6.0.2 ++++++ 0018-buffer-size-check-in-localConnectServer.patch ++++++
From 47618054258fc564b86d30212fddd8e459bbabc0 Mon Sep 17 00:00:00 2001 From: =?utf-8?q?Klaus=20K=C3=A4mpf?= <kkaempf@suse.de> Date: Wed, 22 Oct 2008 15:32:44 +0200 Subject: [PATCH] buffer size check in localConnectServer
--- msgqueue.c | 7 ++++++- 1 files changed, 6 insertions(+), 1 deletions(-) diff --git a/msgqueue.c b/msgqueue.c index ed2e055..c608dd8 100644 --- a/msgqueue.c +++ b/msgqueue.c @@ -682,6 +682,7 @@ void localConnectServer() listen(ssocket,1); + mlogf(M_INFO,M_SHOW,"--- localConnectServer listening on %d\n", ssocket); do { // sfcbSockets.send; cl=sizeof(clientAddr); @@ -703,10 +704,14 @@ void localConnectServer() } read(nsocket, &msg.size, sizeof(msg.size)); + if (msg.size > sizeof(struct _msg) - offsetof(struct _msg, oper)) { + mlogf(M_INFO,M_SHOW,"--- localConnectServer buffer overflow %d > %d\n", msg.size, sizeof(struct _msg) - offsetof(struct _msg, oper)); + abort(); + } read(nsocket, &msg.oper, msg.size); if (msg.size!=0) { - sprintf(cMsg,"--- Local Client connect - pid: %d user: %s\n",msg.pid,msg.id); + snprintf(cMsg,264,"--- Local Client connect - pid: %d user: %s\n",msg.pid,msg.id); mlogf(M_INFO,M_SHOW,cMsg); spSendCtlResult(&nsocket, &sfcbSockets.send, MSG_X_LOCAL, 0, 0, 0); } -- 1.6.0.2 ++++++ 0019-internal_provider.patch ++++++ --- ./providerDrv.c.orig 2008-10-15 11:15:51.000000000 -0600 +++ ./providerDrv.c 2008-10-15 11:18:14.000000000 -0600 @@ -2120,7 +2120,7 @@ resp->rc=1; _SFCB_TRACE(1, ("--- pid: %d activFilters %p",currentProc,activFilters)); - if (activFilters==NULL) _SFCB_RETURN(resp); + if (info->indicationMI==NULL || activFilters==NULL) _SFCB_RETURN(resp); for (se = activFilters; se; se = se->next) { if (se->filterId == req->filterId) { ++++++ 0100-check_length_sanity.patch ++++++ Index: indCIMXMLExport.c =================================================================== RCS file: /cvsroot/sblim/sfcb/indCIMXMLExport.c,v retrieving revision 1.12 diff -u -p -r1.12 indCIMXMLExport.c --- indCIMXMLExport.c 9 Oct 2008 19:18:18 -0000 1.12 +++ indCIMXMLExport.c 17 Oct 2008 20:16:40 -0000 @@ -130,7 +130,13 @@ static void initializeHeaders(CurlData * static size_t writeCb(void *ptr, size_t size, size_t nmemb, void *stream) { UtilStringBuffer *sb = (UtilStringBuffer*)stream; - int length = size * nmemb; + unsigned int length = 0; + unsigned long long calcLength = (unsigned long)size * nmemb; + if(calcLength > UINT_MAX) { + mlogf(M_ERROR, M_SHOW, "--- Cannot allocate for %d members of size $d\n", nmemb, size); + return 0; + } + length = calcLength & UINT_MAX; char c=((char*)ptr)[length]; ((char*)ptr)[length]=0; sb->ft->appendChars(sb,(char*)ptr); ++++++ 0110-2164750-sfcb_handle_malformed_requests.patch ++++++ --- ./httpAdapter.c.0110-2164750-sfcb_handle_malformed_requests.patch 2008-10-24 18:16:41.000000000 -0600 +++ ./httpAdapter.c 2008-10-24 18:19:32.000000000 -0600 @@ -75,6 +75,7 @@ static long keepaliveTimeout=15; static long keepaliveMaxRequest=10; static long numRequest; +struct timeval httpSelectTimeout = {5, 0}; /* 5 sec. timeout for select() before read() */ #if defined USE_SSL static SSL_CTX *ctx; @@ -339,21 +340,36 @@ static int readData(CommHndl conn_fd, char *into, int length) { - int c = 0, r; + int c = 0, r, isReady; + fd_set httpfds; + FD_ZERO(&httpfds); + FD_SET(conn_fd.socket,&httpfds); while (c < length) { + isReady = select(conn_fd.socket+1,&httpfds,NULL,NULL,&httpSelectTimeout); + if (isReady == 0) { + c = -1; + break; + } r = commRead(conn_fd, into + c, length - c); if (r < 0 && (errno == EINTR || errno == EAGAIN)) { continue; } + /* r==0 is a success condition for read(), but the loop should complete prior to this */ + else if (r == 0) { + mlogf(M_INFO,M_SHOW,"--- commRead hit EOF sooner than expected\n"); + c = -2; + break; + } c += r; } return c; } -static void getPayload(CommHndl conn_fd, Buffer * b) +static int getPayload(CommHndl conn_fd, Buffer * b) { int c = b->length - b->ptr; + int rc = 0; b->content = (char *) malloc(b->content_length + 8); if (c) memcpy(b->content, (b->data) + b->ptr, c); @@ -362,8 +378,9 @@ c = b->content_length; } - readData(conn_fd, (b->content) + c, b->content_length - c); + rc = readData(conn_fd, (b->content) + c, b->content_length - c); *((b->content) + b->content_length) = 0; + return rc; } void dumpResponse(RespSegments * rs) @@ -582,30 +599,37 @@ #define hdrBufsize 5000 #define hdrLimmit 5000 -static int getHdrs(CommHndl conn_fd, Buffer * b, char *cmd) +static int getHdrs(CommHndl conn_fd, Buffer * b, char *cmd) { int first=1,total=0,isReady; - struct timeval httpTimeout; fd_set httpfds; int state=0; FD_ZERO(&httpfds); FD_SET(conn_fd.socket,&httpfds); - httpTimeout.tv_sec=5; - httpTimeout.tv_usec=0; - isReady = select(conn_fd.socket+1,&httpfds,NULL,NULL,&httpTimeout); - if (isReady == 0) return 3; for (;;) { + isReady = select(conn_fd.socket+1,&httpfds,NULL,NULL,&httpSelectTimeout); + if (isReady == 0) return 3; + char buf[hdrBufsize]; int r = commRead(conn_fd, buf, sizeof(buf)); if (r < 0 && (errno == EINTR || errno == EAGAIN)) continue; - if (r <= 0) break; + if (r == 0) { + if (b->size == 0 || + (strstr(b->data, "\r\n\r\n") == NULL && + strstr(b->data, "\n\n") == NULL)) { + mlogf(M_ERROR,M_SHOW,"-#- HTTP header ended prematurely\n"); + state = 3; + break; + } + } add2buffer(b, buf, r); total+=r; -// fprintf(stderr,"+++ buf: >%s<\n",buf); + + /* on first run through, ensure that this is a POST req. */ if (r && first) { if (strncasecmp(buf,cmd,strlen(cmd)) != 0) { /* not what we expected - still continue to read to @@ -614,7 +638,8 @@ } first=0; } - + + /* success condition: end of header */ if (strstr(b->data, "\r\n\r\n") != NULL || strstr(b->data, "\n\n") != NULL) { break; @@ -688,7 +713,7 @@ int badReq = 0; rc=getHdrs(conn_fd, &inBuf,"POST "); - + if (rc==1) { genError(conn_fd, &inBuf, 501, "Not Implemented", NULL); /* we continue to parse headers and empty the socket @@ -851,7 +876,13 @@ len += hl = sprintf(hdr, "<!-- xml -->\n<!-- auth: %s -->\n", inBuf.authorization); - getPayload(conn_fd, &inBuf); + rc = getPayload(conn_fd, &inBuf); + if (rc < 0) { + genError(conn_fd, &inBuf, 400, "Bad Request", NULL); + _SFCB_TRACE(1, ("--- exiting after request timeout.")); + commClose(conn_fd); + exit(1); + } if (discardInput) { free(hdr); freeBuffer(&inBuf); @@ -1293,12 +1324,10 @@ /* still in handshake */ FD_ZERO(&httpfds); FD_SET(connFd,&httpfds); - httpTimeout.tv_sec=5; - httpTimeout.tv_usec=0; if (sslerr == SSL_ERROR_WANT_WRITE) { - isReady = select(connFd+1,NULL,&httpfds,NULL,&httpTimeout); + isReady = select(connFd+1,NULL,&httpfds,NULL,&httpSelectTimeout); } else { - isReady = select(connFd+1,&httpfds,NULL,NULL,&httpTimeout); + isReady = select(connFd+1,&httpfds,NULL,NULL,&httpSelectTimeout); } if (isReady == 0) { intSSLerror("Timeout error accepting SSL connection"); ++++++ 0120-max_content_length.patch ++++++ Index: control.c =================================================================== RCS file: /cvsroot/sblim/sfcb/control.c,v retrieving revision 1.24 diff -u -p -r1.24 control.c --- control.c 5 Sep 2008 20:01:56 -0000 1.24 +++ control.c 16 Oct 2008 21:03:18 -0000 @@ -109,6 +109,7 @@ Control init[] = { {"traceLevel", 1, "0"}, {"traceMask", 1, "0"}, + {"httpMaxContentLength", 1, "0"}, }; void sunsetControl() Index: httpAdapter.c =================================================================== RCS file: /cvsroot/sblim/sfcb/httpAdapter.c,v retrieving revision 1.61 diff -u -p -r1.61 httpAdapter.c --- httpAdapter.c 15 Oct 2008 21:22:55 -0000 1.61 +++ httpAdapter.c 16 Oct 2008 21:03:18 -0000 @@ -779,6 +779,14 @@ static int doHttpRequest(CommHndl conn_f cp = &hdr[15]; cp += strspn(cp, " \t"); inBuf.content_length = atol(cp); + int maxLen; + getControlNum("httpMaxContentLength", &maxLen); + if((maxLen) && (inBuf.content_length > maxLen)) { + genError(conn_fd, &inBuf, 413, "Request Entity Too Large", NULL); + _SFCB_TRACE(1, ("--- exiting: content-length too big")); + commClose(conn_fd); + exit(1); + } } else if (strncasecmp(hdr, "Content-Type:", 13) == 0) { cp = &hdr[13]; ++++++ 0130-2169514-check_malloc.patch ++++++ Index: msgqueue.c =================================================================== RCS file: /cvsroot/sblim/sfcb/msgqueue.c,v retrieving revision 1.23 diff -u -p -r1.23 msgqueue.c --- msgqueue.c 2 Oct 2008 21:34:59 -0000 1.23 +++ msgqueue.c 15 Oct 2008 21:04:29 -0000 @@ -290,6 +290,9 @@ static int spRcvMsg(int *s, int *from, v if (*length) { *data = malloc(spMsg.totalSize + 8); + if(*data == NULL) { + return spHandleError(s, em); + } do { if ((spGetMsg(s, NULL, *data, *length, mqg)) == -1) return spHandleError(s, em); ++++++ 0140-2169527-attrsOk_alloca_fix.patch ++++++ Index: cimXmlParser.c =================================================================== RCS file: /cvsroot/sblim/sfcb/cimXmlParser.c,v retrieving revision 1.29 diff -u -p -r1.29 cimXmlParser.c --- cimXmlParser.c 15 Aug 2008 19:05:13 -0000 1.29 +++ cimXmlParser.c 15 Oct 2008 21:16:29 -0000 @@ -42,7 +42,7 @@ typedef struct tags { } Tags; - +/* TODO: be more graceful than just exit() */ static void Throw(XmlBuffer * xb, char *msg) { printf("*** Error: %s\n", msg); @@ -281,13 +281,15 @@ static int attrsOk(XmlBuffer * xb, const return 1; } - ptr = (char *) alloca(strlen(tag) + strlen(msg2) + 48); + /* build error message for Throw(): "Bad attribute list for: <TAG>: <chars...> */ + ptr = (char*)alloca(strlen(msg2) + strlen(tag) + sizeof(char)*2 + strlen(word)); strcpy(ptr, msg2); strcat(ptr, tag); strcat(ptr, ": "); - strncpy(word, xb->cur, 10); - strcat(ptr, word); - strcat(ptr, tag); + /* ensure we have at least 10 chars left in the XML */ + int wlen = (xb->cur < (xb->last - 10)) ? 10 : (xb->last - xb->cur); + strncpy(word, xb->cur, wlen); + strncat(ptr, word, wlen); Throw(xb, ptr); return -1; } ++++++ 0150-2169607-strcpy.patch ++++++ Index: sqlLexer.l =================================================================== RCS file: /cvsroot/sblim/sfcb/sqlLexer.l,v retrieving revision 1.3 diff -u -p -r1.3 sqlLexer.l --- sqlLexer.l 20 Nov 2005 17:43:55 -0000 1.3 +++ sqlLexer.l 15 Oct 2008 21:44:20 -0000 @@ -64,7 +64,8 @@ IDENT_CHAR [A-Za-z_] \n.* { - strcpy(linebuf, yytext+1);//save next line + strncpy(linebuf, yytext+1, MAXBUF);//save next line + linebuf[MAXBUF - 1] = '\0'; // make sure the string is null terminated lineno++; tokenpos = 0; yyless(1);//alles außer dem \n zum erneuten Scannen zurückgeben ++++++ 0160-2158198-syslog.patch ++++++ Index: mlog.c =================================================================== RCS file: /cvsroot/sblim/sfcb/mlog.c,v retrieving revision 1.4 diff -u -p -r1.4 mlog.c --- mlog.c 20 Nov 2005 17:43:54 -0000 1.4 +++ mlog.c 10 Oct 2008 21:29:31 -0000 @@ -53,7 +53,7 @@ void mlogf(int priority, int errout, con va_start(ap,fmt); vsnprintf(buf,4096,fmt,ap); - syslog(priosysl,buf); + syslog(priosysl,"%s",buf); if (errout) { va_start(apc,fmt); ++++++ 0170-2172023-mlogf.patch ++++++ Index: httpAdapter.c =================================================================== RCS file: /cvsroot/sblim/sfcb/httpAdapter.c,v retrieving revision 1.60 diff -r1.60 httpAdapter.c 1765c1765 < "--- Certificate authentication exit not configured\n",dlName); ---
"--- Certificate authentication exit not configured\n");
Index: mlog.c =================================================================== RCS file: /cvsroot/sblim/sfcb/mlog.c,v retrieving revision 1.5 diff -r1.5 mlog.c 33a34,45
/** \brief mlogf - Create syslog entries * * This should be called with a format string in fmt, with * the variables to be inserted in it as the arguments * following (...) * eg * mlogf(M_ERROR,M_SHOW,"--- %s failed rc=%d\n",oper,rc); * * Don't allow user input into the format string as it * is not to be trusted. No need to use sprintf to build * the string before passing it to mlogf. */ Index: providerDrv.c =================================================================== RCS file: /cvsroot/sblim/sfcb/providerDrv.c,v retrieving revision 1.66 diff -r1.66 providerDrv.c 2396c2396 < sprintf(msg, "*** Failed to load %s for %s\n", dlName,
snprintf(msg,739,"*** Failed to load %s for %s\n", dlName,
2405c2405 < sprintf(msg, "*** Inconsistent provider registration for %s (1)\n", ---
snprintf(msg,739,"*** Inconsistent provider registration for %s (1)\n",
Index: providerMgr.c =================================================================== RCS file: /cvsroot/sblim/sfcb/providerMgr.c,v retrieving revision 1.51 diff -r1.51 providerMgr.c 123,138d122 < /* < static void handleSigterm(int sig) < { < mlogf(M_ERROR,M_SHOW, "%s: exiting due to signal %d\n", "provider", sig); < exit(1); < } < < static void handleSigSegv(int sig) < { < mlogf(M_ERROR,M_SHOW, "()%d): exiting due to a SIGSEGV signal %d - %s(%d)\n", < currentProc, sig, __FILE__, __LINE__); < abort(); < } < */ < < ++++++ 0180-2175507-alloca_sockaddr.patch ++++++ Index: msgqueue.c =================================================================== RCS file: /cvsroot/sblim/sfcb/msgqueue.c,v retrieving revision 1.25 diff -u -p -r1.25 msgqueue.c --- msgqueue.c 16 Oct 2008 15:53:36 -0000 1.25 +++ msgqueue.c 17 Oct 2008 21:17:40 -0000 @@ -30,6 +30,7 @@ #include <sys/types.h> #include <sys/stat.h> #include <unistd.h> +#include <stddef.h> extern unsigned long exFlags; @@ -621,7 +622,7 @@ int getControlChars(char *id, char **val void stopLocalConnectServer() { - static struct sockaddr_un serverAddr; + static struct sockaddr_un *serverAddr; int sock,size=0; unsigned long int l; char *path; @@ -635,11 +636,13 @@ void stopLocalConnectServer() return; } - serverAddr.sun_family=AF_UNIX; - strcpy(serverAddr.sun_path,path); + socklen_t serverAddrLen = offsetof(struct sockaddr_un, sun_path) + + strlen(path) + 1; + serverAddr = alloca(serverAddrLen); + serverAddr->sun_family=AF_UNIX; + strcpy(serverAddr->sun_path,path); - if (connect(sock,(const struct sockaddr*)&serverAddr, - sizeof(serverAddr.sun_family)+strlen(serverAddr.sun_path))<0) { + if (connect(sock,(const struct sockaddr*)serverAddr, serverAddrLen)<0) { perror("connect error"); return; } @@ -650,7 +653,7 @@ void stopLocalConnectServer() void localConnectServer() { - static struct sockaddr_un clientAddr,serverAddr; + static struct sockaddr_un clientAddr,*serverAddr; int nsocket,ssocket; unsigned int cl, notDone=1; char *path; @@ -667,18 +670,20 @@ void localConnectServer() if (getControlChars("localSocketPath", &path)!=0) { mlogf(M_INFO,M_SHOW,"--- localConnectServer failed to start\n"); } - + if ((ssocket=socket(PF_UNIX, SOCK_STREAM, 0))<0) { perror("socket creation error"); return; } - serverAddr.sun_family=AF_UNIX; - strcpy(serverAddr.sun_path,path); + socklen_t serverAddrLen = offsetof(struct sockaddr_un, sun_path) + + strlen(path) + 1; + serverAddr = alloca(serverAddrLen); + serverAddr->sun_family=AF_UNIX; + strncpy(serverAddr->sun_path,path,sizeof(serverAddr->sun_path)); unlink(path); - if (bind(ssocket,(const struct sockaddr*)&serverAddr, - sizeof(serverAddr.sun_family)+strlen(serverAddr.sun_path))<0) { + if (bind(ssocket,(const struct sockaddr*)serverAddr, serverAddrLen)<0) { perror("bind error"); return; } @@ -688,12 +693,12 @@ void localConnectServer() do { // sfcbSockets.send; cl=sizeof(clientAddr); - if ((nsocket=accept(ssocket,(struct sockaddr*)&serverAddr,&cl))<0) { + if ((nsocket=accept(ssocket,(struct sockaddr*)serverAddr,&cl))<0) { perror("accept error"); /* Being interrupted isn't necessarily bad; try once more */ if (errno == EINTR) { - if ((nsocket=accept(ssocket,(struct sockaddr*)&serverAddr,&cl))<0) { + if ((nsocket=accept(ssocket,(struct sockaddr*)serverAddr,&cl))<0) { perror("accept error (2)"); return; } ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org