From d2d6e4b0670870a2f4355b4f90dfea221a5600a1 Mon Sep 17 00:00:00 2001 From: James Noss Date: Thu, 29 Jun 2017 01:43:15 -0400 Subject: [PATCH] Buffer overflow - CALACS fix only resolves #163 Signed-off-by: James Noss --- pkg/acs/calacs/calacs/acsmember.c | 13 +++++-------- pkg/acs/calacs/calacs/acstable.c | 2 +- pkg/acs/calacs/include/acs.h | 4 ++-- pkg/acs/calacs/lib/findroot.c | 2 +- 4 files changed, 9 insertions(+), 12 deletions(-) diff --git a/pkg/acs/calacs/calacs/acsmember.c b/pkg/acs/calacs/calacs/acsmember.c index 77a271328..8f5a24fe5 100644 --- a/pkg/acs/calacs/calacs/acsmember.c +++ b/pkg/acs/calacs/calacs/acsmember.c @@ -25,10 +25,9 @@ ACSInfo *acs o: exposure specific flags and info extern int status; char rootname[ACS_FNAME+1]; - char outroot[ACS_CBUF+1]; char mtype[SZ_STRKWVAL+1]; int mlen; - void FindAsnRoot (char *, char *); + void FindAsnRoot (const char *, char *); void UpperAll (char *, char *, int); /* find out if the member we want exists... */ @@ -40,10 +39,9 @@ ACSInfo *acs o: exposure specific flags and info /* Initialize local strings... */ rootname[0] = '\0'; - outroot[0] = '\0'; mtype[0] = '\0'; - strcpy(outroot, asn->product[prodid].subprod[posid].name); + const char * outroot = asn->product[prodid].subprod[posid].name; /* Make sure we are only passing a rootname, and not a full filename.*/ FindAsnRoot (outroot, rootname); @@ -90,15 +88,14 @@ ACSInfo *acs o: exposure specific flags and info */ extern int status; char rootname[ACS_FNAME]; - char outroot[ACS_FNAME]; - void FindAsnRoot (char *, char *); + *rootname = '\0'; + void FindAsnRoot (const char *, char *); - strcpy(outroot, asn->filename); + const char * outroot = asn->filename; /* Make sure we are only passing a rootname, and not a full filename.*/ FindAsnRoot (outroot, rootname); strcpy (acs->outroot, rootname); - strcpy (acs->rootname, rootname); if (asn->debug) { diff --git a/pkg/acs/calacs/calacs/acstable.c b/pkg/acs/calacs/calacs/acstable.c index 9bfb4321a..9f7724ccd 100644 --- a/pkg/acs/calacs/calacs/acstable.c +++ b/pkg/acs/calacs/calacs/acstable.c @@ -165,7 +165,7 @@ int SetInput (AsnInfo *asn) { int DoesFileExist (char *); char *lowcase (char *, char *); int GetAsnName (char *, char *); - void FindAsnRoot (char *, char *); + void FindAsnRoot (const char *, char *); /* Initialize internal variables here... */ filename[0] = '\0'; diff --git a/pkg/acs/calacs/include/acs.h b/pkg/acs/calacs/include/acs.h index a75ba4788..a2fdcfa46 100644 --- a/pkg/acs/calacs/include/acs.h +++ b/pkg/acs/calacs/include/acs.h @@ -7,8 +7,8 @@ # include "imphttab.h" # define ACS_CBUF 24 /* small buffer for e.g. rootname */ -# define ACS_FNAME 162 -# define ACS_LINE 255 +# define ACS_FNAME 255 // Use of ACS_FNAME & ACS_LINE are interchanged throughout and should therefore be identical. +# define ACS_LINE 255 // Use of ACS_FNAME & ACS_LINE are interchanged throughout and should therefore be identical. # define MSG_BUFF_LENGTH ACS_LINE + 1 # define ACS_FITS_REC 82 # define SZ_STRKWVAL 68 diff --git a/pkg/acs/calacs/lib/findroot.c b/pkg/acs/calacs/lib/findroot.c index e611452c3..78ef3e936 100644 --- a/pkg/acs/calacs/lib/findroot.c +++ b/pkg/acs/calacs/lib/findroot.c @@ -5,7 +5,7 @@ # define NSUF 7 -void FindAsnRoot (char *input, char *root) { +void FindAsnRoot (const char *input, char *root) { int i; int in_len;