*: assorted fixes prompted by security analysis; more to come

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
author: Denys Vlasenko <vda.linux@googlemail.com> 2010-01-11 12:09:57 +0100
committer: Denys Vlasenko <vda.linux@googlemail.com> 2010-01-11 12:09:57 +0100
commit: edf6beb585dc38c365ccbdaae85756b2814e1329 (patch)
tree: c356fda7f3397c3b3427f56a5a1584cab7e513c5 /src
parent: 14ef0cfe72faf6696df3ef8f42927e9458ccbeeb (diff)
download: abrt-edf6beb585dc38c365ccbdaae85756b2814e1329.tar.gz
abrt-edf6beb585dc38c365ccbdaae85756b2814e1329.tar.xz
abrt-edf6beb585dc38c365ccbdaae85756b2814e1329.zip
7 files changed, 19 insertions, 11 deletions
diff --git a/src/Applet/CCApplet.cpp b/src/Applet/CCApplet.cpp
index 770915a..302fe0b 100644
--- a/src/Applet/CCApplet.cpp
+++ b/src/Applet/CCApplet.cpp
@@ -192,20 +192,21 @@ void CApplet::SetIconTooltip(const char *format, ...)
 void CApplet::CrashNotify(const char *format, ...)
 {
     va_list args;
-    char *buf;
-    int n;
-    GError *err = NULL;
 
     va_start(args, format);
-    buf = NULL;
-    n = vasprintf(&buf, format, args);
+    char *buf = xvasprintf(format, args);
     va_end(args);
 
     notify_notification_update(m_pNotification, _("Warning"), buf, NULL);
+
+    GError *err = NULL;
     if (gtk_status_icon_is_embedded(m_pStatusIcon))
         notify_notification_show(m_pNotification, &err);
     if (err != NULL)
+    {
         error_msg("%s", err->message);
+        g_error_free(err);
+    }
 }
 
 void CApplet::OnAppletActivate_CB(GtkStatusIcon *status_icon, gpointer user_data)
diff --git a/src/Daemon/Daemon.cpp b/src/Daemon/Daemon.cpp
index 9e1aa0d..0f9c622 100644
--- a/src/Daemon/Daemon.cpp
+++ b/src/Daemon/Daemon.cpp
@@ -203,10 +203,12 @@ static int SetUpCron()
         int nM = -1;
         int nS = -1;
 
+//TODO: rewrite using good old sscanf?
+
         if (pos != std::string::npos)
         {
-            std::string sH = "";
-            std::string sM = "";
+            std::string sH;
+            std::string sM;
 
             sH = it_c->first.substr(0, pos);
             nH = xatou(sH.c_str());
@@ -221,7 +223,7 @@ static int SetUpCron()
         }
         else
         {
-            std::string sS = "";
+            std::string sS;
 
             sS = it_c->first;
             nS = xatou(sS.c_str());
diff --git a/src/Daemon/MiddleWare.cpp b/src/Daemon/MiddleWare.cpp
index 3656060..a348a92 100644
--- a/src/Daemon/MiddleWare.cpp
+++ b/src/Daemon/MiddleWare.cpp
@@ -548,6 +548,8 @@ report_status_t Report(const map_crash_report_t& pCrashReport,
 static bool IsDebugDumpSaved(const char *pUID,
                                    const char *pDebugDumpDir)
 {
+    /* TODO: use database query instead of dumping all rows and searching in them */
+
     CDatabase* database = g_pPluginManager->GetDatabase(g_settings_sDatabase.c_str());
     database->Connect();
     vector_database_rows_t rows = database->GetUIDData(pUID);
diff --git a/src/Daemon/PluginManager.cpp b/src/Daemon/PluginManager.cpp
index 697b964..a6550e7 100644
--- a/src/Daemon/PluginManager.cpp
+++ b/src/Daemon/PluginManager.cpp
@@ -138,6 +138,8 @@ void CPluginManager::LoadPlugins()
             if (!ext || strcmp(ext + 1, PLUGINS_LIB_EXTENSION) != 0)
                 continue;
             *ext = '\0';
+            if (strncmp(dent->d_name, PLUGINS_LIB_PREFIX, sizeof(PLUGINS_LIB_PREFIX)-1) != 0)
+                continue;
             LoadPlugin(dent->d_name + sizeof(PLUGINS_LIB_PREFIX)-1, /*enabled_only:*/ true);
         }
         closedir(dir);
diff --git a/src/Daemon/RPM.cpp b/src/Daemon/RPM.cpp
index 6f05c0b..6cc0ba6 100644
--- a/src/Daemon/RPM.cpp
+++ b/src/Daemon/RPM.cpp
@@ -4,8 +4,8 @@
 
 CRPM::CRPM()
 {
-    char *argv[] = { (char*)"" };
-    m_poptContext = rpmcliInit(0, argv, NULL);
+    static const char *const argv[] = { "", NULL };
+    m_poptContext = rpmcliInit(1, (char**)argv, NULL);
 }
 
 CRPM::~CRPM()
diff --git a/src/Hooks/CCpp.cpp b/src/Hooks/CCpp.cpp
index b5bfff7..ea08bae 100644
--- a/src/Hooks/CCpp.cpp
+++ b/src/Hooks/CCpp.cpp
@@ -139,7 +139,7 @@ int main(int argc, char** argv)
          * if they happen too often. Else, write new marker value.
          */
         snprintf(path, sizeof(path), "%s/last-ccpp", dddir);
-        fd = open(path, O_RDWR | O_CREAT, 0666);
+        fd = open(path, O_RDWR | O_CREAT, 0600);
         if (fd >= 0)
         {
             int sz;
diff --git a/src/Hooks/dumpoops.cpp b/src/Hooks/dumpoops.cpp
index 4b6778d..01e65c4 100644
--- a/src/Hooks/dumpoops.cpp
+++ b/src/Hooks/dumpoops.cpp
@@ -83,6 +83,7 @@ int main(int argc, char **argv)
 	void *handle;
 
 	errno = 0;
+//TODO: use it directly, not via dlopen?
 	handle = dlopen(PLUGINS_LIB_DIR"/libKerneloopsScanner.so", RTLD_NOW);
 	if (!handle)
 		perror_msg_and_die("can't load %s", PLUGINS_LIB_DIR"/libKerneloopsScanner.so");
author	Denys Vlasenko <vda.linux@googlemail.com>	2010-01-11 12:09:57 +0100
committer	Denys Vlasenko <vda.linux@googlemail.com>	2010-01-11 12:09:57 +0100
commit	edf6beb585dc38c365ccbdaae85756b2814e1329 (patch)
tree	c356fda7f3397c3b3427f56a5a1584cab7e513c5 /src
parent	14ef0cfe72faf6696df3ef8f42927e9458ccbeeb (diff)
download	abrt-edf6beb585dc38c365ccbdaae85756b2814e1329.tar.gz abrt-edf6beb585dc38c365ccbdaae85756b2814e1329.tar.xz abrt-edf6beb585dc38c365ccbdaae85756b2814e1329.zip