Skip to content

Commit

Permalink
fix(wget_agent): GetURL - part1: Use asprintf instead of s(n)printf
Browse files Browse the repository at this point in the history 
Prevent possible buffer overruns.

Signed-off-by: Andreas J. Reichel <andreas.reichel@tngtech.com>
  • Loading branch information
Andreas J. Reichel committed Aug 30, 2019
1 parent 4c16a3b commit 09c02e2
Showing 1 changed file with 54 additions and 21 deletions.
75 changes: 54 additions & 21 deletions src/wget_agent/agent/wget_agent.c
View file
Expand Up @@ -25,6 +25,7 @@
#define _GNU_SOURCE // for asprintf

#define ASPRINTF_MEM_ERROR 88
#define ASPRINTF_MEM_ERROR_LOG LOG_FATAL("Not enough memory for asprintf before line %d", __LINE__)

#include "wget_agent.h"

Expand Down Expand Up @@ -368,7 +369,7 @@ char *PrepareWgetDest(char *TempFile, char *TempFileDir, char *TempFileDirectory
*/
int GetURL(char *TempFile, char *URL, char *TempFileDir)
{
char CMD[MAXCMD];
char *cmd;
char TaintedURL[MAXCMD];
char TempFileDirectory[MAXCMD];
char DeleteTempDirCmd[MAXCMD];
Expand All @@ -393,7 +394,6 @@ int GetURL(char *TempFile, char *URL, char *TempFileDir)
SafeExit(10);
}

memset(CMD,'\0',MAXCMD);
/*
Wget options:
--progress=dot :: display a new line as it progresses.
Expand Down Expand Up @@ -435,32 +435,38 @@ int GetURL(char *TempFile, char *URL, char *TempFileDir)
}

char *dest;
int res;

dest = PrepareWgetDest(TempFile, TempFileDir, TempFileDirectory);

if (dest) {
snprintf(CMD,MAXCMD-1," %s /usr/bin/wget -q %s -P '%s' '%s' %s %s 2>&1",
res = asprintf(&cmd," %s /usr/bin/wget -q %s -P '%s' '%s' %s %s 2>&1",
proxy, WgetArgs, dest, TaintedURL, GlobalParam, no_proxy);
}
else
{
snprintf(CMD,MAXCMD-1," %s /usr/bin/wget -q %s '%s' %s %s 2>&1",
res = asprintf(&cmd," %s /usr/bin/wget -q %s '%s' %s %s 2>&1",
proxy, WgetArgs, TaintedURL, GlobalParam, no_proxy);
}

if (res == -1)
{
ASPRINTF_MEM_ERROR_LOG;
SafeExit(ASPRINTF_MEM_ERROR);
}

/* the command is like
". /usr/local/etc/fossology/Proxy.conf;
/usr/bin/wget -q --no-check-certificate --progress=dot -rc -np -e robots=off -P
'/srv/fossology/repository/localhost/wget/wget.xxx.dir/'
'http://a.org/file' -l 1 -R index.html* 2>&1"
*/
LOG_VERBOSE0("CMD: %s", CMD);
rc = system(CMD);
LOG_VERBOSE0("CMD: %s", cmd);
rc = system(cmd);

if (WIFEXITED(rc) && (WEXITSTATUS(rc) != 0))
{
LOG_FATAL("upload %ld Download failed; Return code %d from: %s",GlobalUploadKey,WEXITSTATUS(rc),CMD);
LOG_FATAL("upload %ld Download failed; Return code %d from: %s",GlobalUploadKey,WEXITSTATUS(rc),cmd);
unlink(GlobalTempFile);
rc_system = system(DeleteTempDirCmd);
if (!WIFEXITED(rc_system)) systemError(__LINE__, rc_system, DeleteTempDirCmd)
Expand All @@ -486,53 +492,80 @@ int GetURL(char *TempFile, char *URL, char *TempFileDir)

if (!stat(TempFilePath, &sb))
{
memset(CMD,'\0',MAXCMD);
if (S_ISDIR(sb.st_mode))
{
snprintf(CMD,MAXCMD-1, "find '%s' -mindepth 1 -type d -empty -exec rmdir {} \\; > /dev/null 2>&1", TempFilePath);
rc_system = system(CMD); // delete all empty directories downloaded
if (!WIFEXITED(rc_system)) systemError(__LINE__, rc_system, CMD)
memset(CMD,'\0',MAXCMD);
snprintf(CMD,MAXCMD-1, "tar -cf '%s' -C '%s' ./ 1>/dev/null", TempFile, TempFilePath);
res = asprintf(&cmd, "find '%s' -mindepth 1 -type d -empty -exec rmdir {} \\; > /dev/null 2>&1", TempFilePath);
if (res == -1)
{
ASPRINTF_MEM_ERROR_LOG;
SafeExit(ASPRINTF_MEM_ERROR);
}
rc_system = system(cmd); // delete all empty directories downloaded
if (!WIFEXITED(rc_system)) systemError(__LINE__, rc_system, cmd)
free(cmd);

res = asprintf(&cmd, "tar -cf '%s' -C '%s' ./ 1>/dev/null", TempFile, TempFilePath);
if (res == -1)
{
ASPRINTF_MEM_ERROR_LOG;
SafeExit(ASPRINTF_MEM_ERROR);
}
}
else
{
snprintf(CMD,MAXCMD-1, "mv '%s' '%s' 2>&1", TempFilePath, TempFile);
res = asprintf(&cmd, "mv '%s' '%s' 2>&1", TempFilePath, TempFile);
if (res == -1)
{
ASPRINTF_MEM_ERROR_LOG;
SafeExit(ASPRINTF_MEM_ERROR);
}
}
rc_system = system(CMD);

rc_system = system(cmd);
if (rc_system != 0)
{
systemError(__LINE__, rc_system, CMD)
systemError(__LINE__, rc_system, cmd)
free(cmd);
unlink(GlobalTempFile);
rc_system = system(DeleteTempDirCmd);
if (!WIFEXITED(rc_system)) systemError(__LINE__, rc_system, DeleteTempDirCmd)
SafeExit(24); // failed to store the temperary directory(one file) as one temperary file
}

}
else
{
memset(CMD,'\0',MAXCMD);
snprintf(CMD,MAXCMD-1, "find '%s' -type f -exec mv {} %s \\; > /dev/null 2>&1", TempFileDirectory, TempFile);
rc_system = system(CMD);
res = asprintf(&cmd, "find '%s' -type f -exec mv {} %s \\; > /dev/null 2>&1", TempFileDirectory, TempFile);
if (res == -1)
{
ASPRINTF_MEM_ERROR_LOG;
SafeExit(ASPRINTF_MEM_ERROR);
}
rc_system = system(cmd);
if (rc_system != 0)
{
systemError(__LINE__, rc_system, CMD)
systemError(__LINE__, rc_system, cmd)
free(cmd);
unlink(GlobalTempFile);
rc_system = system(DeleteTempDirCmd);
if (!WIFEXITED(rc_system)) systemError(__LINE__, rc_system, DeleteTempDirCmd)
SafeExit(24); // failed to store the temperary directory(one file) as one temperary file
}

}
}

if (TempFile && TempFile[0] && !IsFile(TempFile,1))
{
LOG_FATAL("upload %ld File %s not created from URL: %s, CMD: %s",GlobalUploadKey,TempFile,URL, CMD);
LOG_FATAL("upload %ld File %s not created from URL: %s, CMD: %s",GlobalUploadKey,TempFile,URL, cmd);
free(cmd);
unlink(GlobalTempFile);
rc_system = system(DeleteTempDirCmd);
if (!WIFEXITED(rc_system)) systemError(__LINE__, rc_system, DeleteTempDirCmd)
SafeExit(15);
}

free(cmd);

/* remove the temp dir /srv/fossology/repository/localhost/wget/wget.xxx.dir/ for this upload */
rc_system = system(DeleteTempDirCmd);
Expand Down

0 comments on commit 09c02e2

Please sign in to comment.