bug #70225, sandbox_pids_file potential overflow.

author: Brian Harring <ferringb@gentoo.org> 2004-11-15 06:27:02 +0000
committer: Brian Harring <ferringb@gentoo.org> 2004-11-15 06:27:02 +0000
commit: ef76067a3ac677aa128a80c6aa15146d73848e52 (patch)
tree: c0ce427d4ce506620a7e26fe7985afc8f640d494 /src
parent: bye bye unused sandbox directory... (diff)
download: portage-cvs-ef76067a3ac677aa128a80c6aa15146d73848e52.tar.gz
portage-cvs-ef76067a3ac677aa128a80c6aa15146d73848e52.tar.bz2
portage-cvs-ef76067a3ac677aa128a80c6aa15146d73848e52.zip
3 files changed, 20 insertions, 22 deletions
diff --git a/src/sandbox-1.1/ChangeLog b/src/sandbox-1.1/ChangeLog
index 8d88dc2..4e3a8e9 100644
--- a/src/sandbox-1.1/ChangeLog
+++ b/src/sandbox-1.1/ChangeLog
@@ -1,6 +1,9 @@
 # ChangeLog for Path Sandbox
 # Copyright 1999-2004 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /local/data/ulm/cvs/history/var/cvsroot/gentoo-src/portage/src/sandbox-1.1/Attic/ChangeLog,v 1.39 2004/11/07 15:05:07 ferringb Exp $
+# $Header: /local/data/ulm/cvs/history/var/cvsroot/gentoo-src/portage/src/sandbox-1.1/Attic/ChangeLog,v 1.40 2004/11/15 06:27:02 ferringb Exp $
+
+  14 Nov 2004; Brian Harring <ferringb@gentoo.org> libsandbox.c, sandbox.c:
+  closing out bug #70225, potential overflow of the sandbox_pids_file var.
 
   07 Nov 2004; Brian Harring <ferringb@gentoo.org> libsandbox.c: c99 standard, 
   (think it was at least) allows intermixing of code and data segments.  bug #70351
diff --git a/src/sandbox-1.1/libsandbox.c b/src/sandbox-1.1/libsandbox.c
index 632bb5d..a7a943e 100644
--- a/src/sandbox-1.1/libsandbox.c
+++ b/src/sandbox-1.1/libsandbox.c
@@ -25,7 +25,7 @@
  *  as some of the InstallWatch code was used.
  *
  *
- *  $Header: /local/data/ulm/cvs/history/var/cvsroot/gentoo-src/portage/src/sandbox-1.1/Attic/libsandbox.c,v 1.24 2004/11/07 15:05:08 ferringb Exp $
+ *  $Header: /local/data/ulm/cvs/history/var/cvsroot/gentoo-src/portage/src/sandbox-1.1/Attic/libsandbox.c,v 1.25 2004/11/15 06:27:02 ferringb Exp $
  *
  */
 
@@ -114,7 +114,8 @@
 }
 
 static char sandbox_lib[255];
-static char sandbox_pids_file[255];
+//static char sandbox_pids_file[255];
+static char *sandbox_pids_file;
 
 typedef struct {
 	int show_access_violation;
@@ -247,6 +248,12 @@ init_wrappers(void)
 }
 
 void
+_fini(void)
+{
+    free(sandbox_pids_file);
+}
+
+void
 _init(void)
 {
 	int old_errno = errno;
@@ -266,11 +273,7 @@ _init(void)
 	tmp_string = NULL;
 
 	/* Generate sandbox pids-file path */
-	tmp_string = get_sandbox_pids_file();
-	strncpy(sandbox_pids_file, tmp_string, sizeof(sandbox_pids_file)-1);
-	if (tmp_string)
-		free(tmp_string);
-	tmp_string = NULL;
+	sandbox_pids_file = get_sandbox_pids_file();
 
 	errno = old_errno;
 }
diff --git a/src/sandbox-1.1/sandbox.c b/src/sandbox-1.1/sandbox.c
index 46240aa..0f8aac4 100644
--- a/src/sandbox-1.1/sandbox.c
+++ b/src/sandbox-1.1/sandbox.c
@@ -11,7 +11,7 @@
 **    Copyright (C) 2001 Geert Bevin, Uwyn, http://www.uwyn.com
 **    Distributed under the terms of the GNU General Public License, v2 or later 
 **    Author : Geert Bevin <gbevin@uwyn.com>
-**  $Header: /local/data/ulm/cvs/history/var/cvsroot/gentoo-src/portage/src/sandbox-1.1/Attic/sandbox.c,v 1.20 2004/10/19 04:58:42 carpaski Exp $
+**  $Header: /local/data/ulm/cvs/history/var/cvsroot/gentoo-src/portage/src/sandbox-1.1/Attic/sandbox.c,v 1.21 2004/11/15 06:27:02 ferringb Exp $
 */
 
 /* #define _GNU_SOURCE */
@@ -161,8 +161,7 @@ cleanup()
 	int pids_file = -1, num_of_pids = 0;
 	int *pids_array = NULL;
 	char pid_string[255];
-	char sandbox_pids_file[255];
-	char *tmp_string;
+	char *sandbox_pids_file;
 #ifdef USE_LD_SO_PRELOAD
 	int preload_file = -1, num_of_preloads = 0;
 	char preload_entry[255];
@@ -170,11 +169,7 @@ cleanup()
 #endif
 
 	/* Generate sandbox pids-file path */
-	tmp_string = get_sandbox_pids_file();
-	strncpy(sandbox_pids_file, tmp_string, sizeof(sandbox_pids_file)-1);
-	if (tmp_string)
-		free(tmp_string);
-	tmp_string = NULL;
+	sandbox_pids_file = get_sandbox_pids_file();
 
 	/* Remove this sandbox's bash pid from the global pids
 	 * file if it has rights to adapt the ld.so.preload file */
@@ -286,6 +281,7 @@ cleanup()
 		pids_array = NULL;
 	}
 
+	free(sandbox_pids_file);
 	if (0 == success)
 		return;
 }
@@ -499,7 +495,7 @@ main(int argc, char **argv)
 	char sandbox_debug_log[255];
 	char sandbox_dir[255];
 	char sandbox_lib[255];
-	char sandbox_pids_file[255];
+	char *sandbox_pids_file;
 	char sandbox_rc[255];
 	char pid_string[255];
 	char **argv_bash = NULL;
@@ -547,11 +543,7 @@ main(int argc, char **argv)
 		tmp_string = NULL;
 
 		/* Generate sandbox pids-file path */
-		tmp_string = get_sandbox_pids_file();
-		strncpy(sandbox_pids_file, tmp_string, 254);
-		if (tmp_string)
-			free(tmp_string);
-		tmp_string = NULL;
+		sandbox_pids_file = get_sandbox_pids_file();
 
 		/* Generate sandbox bashrc path */
 		tmp_string = get_sandbox_rc(sandbox_dir);
author	Brian Harring <ferringb@gentoo.org>	2004-11-15 06:27:02 +0000
committer	Brian Harring <ferringb@gentoo.org>	2004-11-15 06:27:02 +0000
commit	ef76067a3ac677aa128a80c6aa15146d73848e52 (patch)
tree	c0ce427d4ce506620a7e26fe7985afc8f640d494 /src
parent	bye bye unused sandbox directory... (diff)
download	portage-cvs-ef76067a3ac677aa128a80c6aa15146d73848e52.tar.gz portage-cvs-ef76067a3ac677aa128a80c6aa15146d73848e52.tar.bz2 portage-cvs-ef76067a3ac677aa128a80c6aa15146d73848e52.zip