yannweb/PyFCGI
1
0
Fork 0
Code Issues 19 Pull requests Releases Wiki Activity

Bugfixing a buffer overflow on PID fmt field

Browse source 
This overflow was avoided using the volatile i
This commit is contained in:
Yann Weber 2019-08-24 01:47:47 +02:00
commit 9b1c5ecc17
4 changed files with 13 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

6
configure.ac
View file

@ -14,8 +14,6 @@ AC_USE_SYSTEM_EXTENSIONS
AC_GNU_SOURCE
# Checks for programs.
AC_PROG_CC
AC_PROG_RANLIB
AC_ARG_VAR(PYTHON_CONFIG_PATH, [python3-config path])
AC_PATH_PROG(PYTHON_CONFIG_PATH, [python3-config], [no])
@ -36,10 +34,14 @@ fi
if test x"${enable_debug}" = x"yes"; then
AM_CFLAGS="-Wall -g -DDEBUG"
CFLAGS="-O0"
else
AM_CFLAGS="-Wall -Werror -O2"
fi
AC_PROG_CC
AC_PROG_RANLIB
AC_ENABLE_SHARED
AC_DISABLE_STATIC
AC_PROG_LIBTOOL

2
include/logger.h
View file

@ -65,7 +65,7 @@
#define PYFCGI_LOG_DTM_LEN 25
#define PYFCGI_LOG_LVL_LEN 7
#define PYFCGI_LOG_TYP_LEN 7
#define PYFCGI_LOG_PID_LEN 6
#define PYFCGI_LOG_PID_LEN 7
#define PYFCGI_LOG_PID_FMT "%6d"
#define SYSLOG_syslog syslog

2
include/python_pyfcgi.h
View file

@ -92,7 +92,7 @@ extern PyMethodDef pyfcgimodule_methods[];
extern PyModuleDef pyfcgimodule;
/**@brief Clean response_status & response_headers globals */
inline void libpyfcgi_clean_response()
static inline void libpyfcgi_clean_response()
{
if(libpyfcgi.status) { Py_DECREF(libpyfcgi.status); }
libpyfcgi.status = NULL;

10
src/logger.c
View file

@ -237,7 +237,7 @@ exit_err:
int pyfcgi_logger_format_bufinit(pyfcgi_logger_format_t* fmt)
{
volatile unsigned short i;
unsigned int i;
size_t pre_sz, suf_sz;
char *cur, pid[PYFCGI_LOG_PID_LEN];
fmt->buf = fmt->prefix = fmt->suffix = NULL;
@ -320,7 +320,7 @@ int pyfcgi_logger_format_bufinit(pyfcgi_logger_format_t* fmt)
fmt->fields[i].len);
break;
case pyfcgi_logger_field_pid:
snprintf(pid, PYFCGI_LOG_PID_LEN+1,
snprintf(pid, PYFCGI_LOG_PID_LEN,
PYFCGI_LOG_PID_FMT,
*((pid_t*)fmt->fields[i].val));
memcpy(cur, pid, PYFCGI_LOG_PID_LEN);
@ -337,6 +337,10 @@ int pyfcgi_logger_format_bufinit(pyfcgi_logger_format_t* fmt)
cur = fmt->suffix;
i++;
}
else
{
break;
}
}
return 0;
}
@ -427,7 +431,7 @@ int pyfcgi_logger_parse_field(const char** ptr, const char *start,
cur_field->val = (void*)pyfcgi_logger_value_facility;
break;
case pyfcgi_logger_field_pid:
default_len = PYFCGI_LOG_PID_LEN;
default_len = PYFCGI_LOG_PID_LEN-1;
cur_field->val = &(PyFCGI_conf.context.pid);
break;
case pyfcgi_logger_field_ident: