Skip to content

Fix toasts#26

Merged
matteius merged 2 commits intomainfrom
fix-toasts
Mar 22, 2025
Merged

Fix toasts#26
matteius merged 2 commits intomainfrom
fix-toasts

Conversation

@matteius
Copy link
Copy Markdown
Contributor

@matteius matteius commented Mar 22, 2025

Fixes #16

@matteius matteius marked this pull request as ready for review March 22, 2025 00:11
@matteius matteius merged commit a807a7f into main Mar 22, 2025
matteius added a commit that referenced this pull request Feb 21, 2026
@matteius
security: fix CodeQL alerts #16,#25-45 (null deref, SQL injection, sn…
d558e69 
…printf overflow, TOCTOU, command injection)

Fix #39 (stream_protocol.c:510): remove redundant null check after validated pointer

Fix #16 (sqlite_migrate.c:700): validate migration file path is within configured migrations
directory before executing SQL to prevent SQL injection via crafted migration files

Fix #40-41 (db_query_builder.c:83,88): add snprintf truncation checks with error return
Fix #42-43 (db_zones.c:31,33): add snprintf truncation checks in polygon_to_json()
Fix #44-45 (go2rtc_api.c:376,378): fix buffer size mismatch and add truncation checks

Fix #25 (daemon.c:266): replace chmod(path) with fchmod(fd) to eliminate TOCTOU
Fix #26 (db_backup.c:110): remove stat() check before fopen(); attempt directly
Fix #28 (storage_manager.c:225): remove stat() check before unlink() in delete_recording()
Fix #27 (storage_manager.c:460): use lstat() instead of stat() to prevent symlink following
Fix #29 (ffmpeg_utils.c:416): use lstat() and skip chmod on symlinks
Fix #32,#33 (hls_directory.c:84,96): replace chmod() with fd-based fchmod() via O_DIRECTORY
Fix #30,#31 (hls_directory.c:439,476): use lstat() + S_ISREG check before unlink
Fix #34 (hls_writer.c:457): replace chmod() with fd-based fchmod() via O_DIRECTORY
Fix #38,#35,#37 (api_handlers_recordings_backend_agnostic.c:249,338,474): remove
  stat() checks before unlink(); rely on errno==ENOENT for missing-file detection
Fix #36 (api_handlers_recordings_files_backend_agnostic.c:119): remove stat() before
  unlink(); derive 'existed' from unlink() result and errno

Command injection mitigations (already present, confirmed complete):
- api_handlers_system.c: get_directory_size() replaces all popen("du ...") calls
- api_handlers_settings.c: is_safe_storage_path() validates storage_path inputs
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

WebUI: switch alerts to toast models

1 participant

@matteius