Skip to content

Commit

Permalink
Fix Possible Security Bugs (#67)
Browse files Browse the repository at this point in the history 
* Fix possible buffer overflows.

* Fix possibly dangerous initialization of address structures.
  • Loading branch information
@Syquel @lmagder
Syquel authored and lmagder committed Apr 21, 2017
1 parent 72280a6 commit 5cf1be0
Show file tree
Hide file tree
Showing 3 changed files with 17 additions and 12 deletions.
6 changes: 3 additions & 3 deletions hu/hu_aad.cpp
View file
Expand Up @@ -191,7 +191,7 @@ Channel specified for each service:
//snprintf (str_buf, sizeof (str_buf), "%1.1d", num);
int ctr = 0;
for (ctr = 0; ctr < n - 1; ctr ++)
strncat (str_buf, " ", sizeof (str_buf));
strncat (str_buf, " ", sizeof(str_buf) - strlen(str_buf) - 1);


//unsigned char str_buf2 [256] = {0};
Expand Down Expand Up @@ -237,10 +237,10 @@ Channel specified for each service:
char str_buf [256] = {0};
int ctr = 0;
for (ctr = 0; ctr < n - 1; ctr ++)
strncat (str_buf, " ", sizeof (str_buf));
strncat (str_buf, " ", sizeof(str_buf) - strlen(str_buf) - 1);

char str_buf2 [256] = {0};
snprintf (str_buf2, sizeof (str_buf), "%s%1.1d", str_buf, num); // Dump raw array
snprintf (str_buf2, sizeof (str_buf), "%s%1.1u", str_buf, num); // Dump raw array
hex_dump (str_buf2, 16, buf, alen);
}

Expand Down
4 changes: 2 additions & 2 deletions hu/hu_tcp.cpp
View file
Expand Up @@ -86,7 +86,7 @@
if (tcp_so_fd < 0)
return (-1);

memset ((char *) & cli_addr, sizeof (cli_addr), 0); // ?? Don't need this ?
memset ((char *) & cli_addr, 0, sizeof (cli_addr)); // ?? Don't need this ?
//cli_addr.sun_family = CS_FAM; // ""
cli_len = sizeof (cli_addr);

Expand Down Expand Up @@ -138,7 +138,7 @@
logd ("setsockopt TCP_NODELAY Success");

if (wifi_direct) {
memset ((char *) & srv_addr, sizeof (srv_addr), 0);
memset ((char *) & srv_addr, 0, sizeof (srv_addr));

srv_addr.sin_family = AF_INET;
srv_addr.sin_addr.s_addr = htonl (INADDR_ANY); // Will bind to any/all Interfaces/IPs
Expand Down
19 changes: 12 additions & 7 deletions hu/hu_uti.cpp
View file
Expand Up @@ -94,13 +94,18 @@ int hu_log (int prio, const char * tag, const char * func, const char * fmt, ...
snprintf (tag_str, sizeof (tag_str), "%32.32s", func);
__android_log_vprint (prio, tag_str, fmt, ap);
#else
char log_line [4096] = {0};
va_list aq;
va_start (aq, fmt);
va_start (aq, fmt);

char log_line [4096] = {0};
int len = vsnprintf (log_line, sizeof (log_line), fmt, aq);

//Time doesn't work on CMU anyway, always says 1970
printf ("%s: %s: %s : %s\n", prio_get (prio), tag, func, log_line);

va_end(aq);
#endif
va_end(ap);

// if (prio == hu_LOG_ERR)
// {
Expand Down Expand Up @@ -139,15 +144,15 @@ void hex_dump (const char * prefix, int width, unsigned char * buf, int len) {

if (prefix)
//strlcpy (line, prefix, sizeof (line));
strlcat (line, prefix, sizeof (line));
strlcat (line, prefix, sizeof(line));

snprintf (tmp, sizeof (tmp), " %8.8x ", 0);
strlcat (line, tmp, sizeof (line));
strlcat (line, tmp, sizeof(line) - strlen(line));

for (i = 0, n = 1; i < len; i ++, n ++) { // i keeps incrementing, n gets reset to 0 each line

snprintf (tmp, sizeof (tmp), "%2.2x ", buf [i]);
strlcat (line, tmp, sizeof (line)); // Append 2 bytes hex and space to line
strlcat (line, tmp, sizeof(line) - strlen(line)); // Append 2 bytes hex and space to line

if (n == width) { // If at specified line width
n = 0; // Reset position in line counter
Expand All @@ -156,11 +161,11 @@ void hex_dump (const char * prefix, int width, unsigned char * buf, int len) {
line [0] = 0;
if (prefix)
//strlcpy (line, prefix, sizeof (line));
strlcat (line, prefix, sizeof (line));
strlcat (line, prefix, sizeof(line) - strlen(line));

//snprintf (tmp, sizeof (tmp), " %8.8x ", i + 1);
snprintf (tmp, sizeof (tmp), " %4.4x ", i + 1);
strlcat (line, tmp, sizeof (line));
strlcat (line, tmp, sizeof(line) - strlen(line));
}
else if (i == len - 1) // Else if at last byte
logd (line); // Log line
Expand Down

0 comments on commit 5cf1be0

Please sign in to comment.