diff options
| author | Rainer Gerhards <rgerhards@adiscon.com> | 2008-03-27 15:49:09 +0000 |
|---|---|---|
| committer | Rainer Gerhards <rgerhards@adiscon.com> | 2008-03-27 15:49:09 +0000 |
| commit | dbb50ec360556c0d4402808bf326c38831ff1734 (patch) | |
| tree | bb27ecc97696b1964a1fe73c9f941a45687215a4 /modules.c | |
| parent | 94e32990ee01bc7622909f40f0839bc4516cd56d (diff) | |
| download | rsyslog-dbb50ec360556c0d4402808bf326c38831ff1734.tar.gz rsyslog-dbb50ec360556c0d4402808bf326c38831ff1734.tar.xz rsyslog-dbb50ec360556c0d4402808bf326c38831ff1734.zip | |
bugfix: $ModDir did invalid bounds checking, potential overlow in
dbgprintf() - thanks to varmojfekoj for the patch
Diffstat (limited to 'modules.c')
| -rw-r--r-- | modules.c | 39 |
1 files changed, 26 insertions, 13 deletions
@@ -554,8 +554,8 @@ Load(uchar *pModName) { DEFiRet; - uchar szPath[512]; - uchar errMsg[1024]; + size_t iPathLen; + uchar szPath[PATH_MAX]; uchar *pModNameBase; uchar *pModNameDup; uchar *pExtension; @@ -582,12 +582,25 @@ Load(uchar *pModName) /* now build our load module name */ if(*pModName == '/') { *szPath = '\0'; /* we do not need to append the path - its already in the module name */ + iPathLen = 0; } else { - strncpy((char *) szPath, (pModDir == NULL) ? _PATH_MODDIR : (char*) pModDir, sizeof(szPath)); + *szPath = '\0'; + strncat((char *) szPath, (pModDir == NULL) ? _PATH_MODDIR : (char*) pModDir, sizeof(szPath) - 1); + iPathLen = strlen((char*) szPath); + if((szPath[iPathLen - 1] != '/')) { + if((iPathLen <= sizeof(szPath) - 2)) { + szPath[iPathLen++] = '/'; + szPath[iPathLen] = '\0'; + } else { + errmsg.LogError(NO_ERRCODE, "could not load module '%s', path too long\n", pModName); + free(pModNameDup); + ABORT_FINALIZE(RS_RET_ERR); + } + } } /* ... add actual name ... */ - strncat((char *) szPath, (char *) pModName, sizeof(szPath) - strlen((char*) szPath) - 1); + strncat((char *) szPath, (char *) pModName, sizeof(szPath) - iPathLen - 1); /* now see if we have an extension and, if not, append ".so" */ for(pExtension = pModNameBase ; *pExtension && *pExtension != '.' ; ++pExtension) @@ -600,28 +613,28 @@ Load(uchar *pModName) */ /* ... so now add the extension */ strncat((char *) szPath, ".so", sizeof(szPath) - strlen((char*) szPath) - 1); + iPathLen += 3; } free(pModNameDup); + if(iPathLen + strlen((char*) pModName) >= sizeof(szPath)) { + errmsg.LogError(NO_ERRCODE, "could not load module '%s', path too long\n", pModName); + ABORT_FINALIZE(RS_RET_ERR); + } + /* complete load path constructed, so ... GO! */ dbgprintf("loading module '%s'\n", szPath); if(!(pModHdlr = dlopen((char *) szPath, RTLD_NOW))) { - snprintf((char *) errMsg, sizeof(errMsg), "could not load module '%s', dlopen: %s\n", szPath, dlerror()); - errMsg[sizeof(errMsg)/sizeof(uchar) - 1] = '\0'; - errmsg.LogError(NO_ERRCODE, "%s", errMsg); + errmsg.LogError(NO_ERRCODE, "could not load module '%s', dlopen: %s\n", szPath, dlerror()); ABORT_FINALIZE(RS_RET_ERR); } if(!(pModInit = dlsym(pModHdlr, "modInit"))) { - snprintf((char *) errMsg, sizeof(errMsg), "could not load module '%s', dlsym: %s\n", szPath, dlerror()); - errMsg[sizeof(errMsg)/sizeof(uchar) - 1] = '\0'; - errmsg.LogError(NO_ERRCODE, "%s", errMsg); + errmsg.LogError(NO_ERRCODE, "could not load module '%s', dlsym: %s\n", szPath, dlerror()); dlclose(pModHdlr); ABORT_FINALIZE(RS_RET_ERR); } if((iRet = doModInit(pModInit, (uchar*) pModName, pModHdlr)) != RS_RET_OK) { - snprintf((char *) errMsg, sizeof(errMsg), "could not load module '%s', rsyslog error %d\n", szPath, iRet); - errMsg[sizeof(errMsg)/sizeof(uchar) - 1] = '\0'; - errmsg.LogError(NO_ERRCODE, "%s", errMsg); + errmsg.LogError(NO_ERRCODE, "could not load module '%s', rsyslog error %d\n", szPath, iRet); dlclose(pModHdlr); ABORT_FINALIZE(RS_RET_ERR); } |