yannweb
/
PyFCGI
Watch 1
Star 0
Fork 0
Code Issues 19 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Bugfixing a buffer overflow on PID fmt field 

This overflow was avoided using the volatile i
Yann Weber 4 years ago
parent
89d69a26e6
commit
9b1c5ecc17
4 changed files with 13 additions and 7 deletions
Split View Show Diff Stats
  1. 4
    2
      configure.ac
  2. 1
    1
      include/logger.h
  3. 1
    1
      include/python_pyfcgi.h
  4. 7
    3
      src/logger.c

+ 4
- 2
configure.ac View File 

@@ -14,8 +14,6 @@ AC_USE_SYSTEM_EXTENSIONS
14 14 
 AC_GNU_SOURCE
15 15
16 16 
 # Checks for programs.
17 
-AC_PROG_CC
18 
-AC_PROG_RANLIB
19 17
20 18 
 AC_ARG_VAR(PYTHON_CONFIG_PATH, [python3-config path])
21 19 
 AC_PATH_PROG(PYTHON_CONFIG_PATH, [python3-config], [no])
 
@@ -36,10 +34,14 @@ fi
36 34
37 35 
 if test x"${enable_debug}" = x"yes"; then
38 36 
 	AM_CFLAGS="-Wall -g -DDEBUG"
37 
+	CFLAGS="-O0"
39 38 
 else
40 39 
 	AM_CFLAGS="-Wall -Werror -O2"
41 40 
 fi
42 41
42 
+AC_PROG_CC
43 
+AC_PROG_RANLIB
44 
+
43 45 
 AC_ENABLE_SHARED
44 46 
 AC_DISABLE_STATIC
45 47 
 AC_PROG_LIBTOOL

+ 1
- 1
include/logger.h View File 

@@ -65,7 +65,7 @@
65 65 
 #define PYFCGI_LOG_DTM_LEN 25
66 66 
 #define PYFCGI_LOG_LVL_LEN 7
67 67 
 #define PYFCGI_LOG_TYP_LEN 7
68 
-#define PYFCGI_LOG_PID_LEN 6
68 
+#define PYFCGI_LOG_PID_LEN 7
69 69 
 #define PYFCGI_LOG_PID_FMT "%6d"
70 70
71 71 
 #define SYSLOG_syslog syslog

+ 1
- 1
include/python_pyfcgi.h View File 

@@ -92,7 +92,7 @@ extern PyMethodDef pyfcgimodule_methods[];
92 92 
 extern PyModuleDef pyfcgimodule;
93 93
94 94 
 /**@brief Clean response_status & response_headers globals */
95 
-inline void libpyfcgi_clean_response()
95 
+static inline void libpyfcgi_clean_response()
96 96 
 {
97 97 
 	if(libpyfcgi.status) { Py_DECREF(libpyfcgi.status); }
98 98 
 	libpyfcgi.status = NULL;

+ 7
- 3
src/logger.c View File 

@@ -237,7 +237,7 @@ exit_err:
237 237
238 238 
 int pyfcgi_logger_format_bufinit(pyfcgi_logger_format_t* fmt)
239 239 
 {
240 
-	volatile unsigned short i;
240 
+	unsigned int i;
241 241 
 	size_t pre_sz, suf_sz;
242 242 
 	char *cur, pid[PYFCGI_LOG_PID_LEN];
243 243 
 	fmt->buf = fmt->prefix = fmt->suffix = NULL;
 
@@ -320,7 +320,7 @@ int pyfcgi_logger_format_bufinit(pyfcgi_logger_format_t* fmt)
320 320 
 						fmt->fields[i].len);
321 321 
 					break;
322 322 
 				case pyfcgi_logger_field_pid:
323 
-					snprintf(pid, PYFCGI_LOG_PID_LEN+1,
323 
+					snprintf(pid, PYFCGI_LOG_PID_LEN,
324 324 
 						PYFCGI_LOG_PID_FMT,
325 325 
 						*((pid_t*)fmt->fields[i].val));
326 326 
 					memcpy(cur, pid, PYFCGI_LOG_PID_LEN);
 
@@ -337,6 +337,10 @@ int pyfcgi_logger_format_bufinit(pyfcgi_logger_format_t* fmt)
337 337 
 			cur = fmt->suffix;
338 338 
 			i++;
339 339 
 		}
340 
+		else
341 
+		{
342 
+			break;
343 
+		}
340 344 
 	}
341 345 
 	return 0;
342 346 
 }
 
@@ -427,7 +431,7 @@ int pyfcgi_logger_parse_field(const char** ptr, const char *start,
427 431 
 			cur_field->val = (void*)pyfcgi_logger_value_facility;
428 432 
 			break;
429 433 
 		case pyfcgi_logger_field_pid:
430 
-			default_len = PYFCGI_LOG_PID_LEN;
434 
+			default_len = PYFCGI_LOG_PID_LEN-1;
431 435 
 			cur_field->val = &(PyFCGI_conf.context.pid);
432 436 
 			break;
433 437 
 		case pyfcgi_logger_field_ident:

Write Preview
Loading…
Cancel
Save