Fixed: all possible malloc, sprintf and strcpy problems

Signed-off-by: Alexander Wenzel <Alexander.AW.Wenzel@bmw.de>
author: Alexander Wenzel <Alexander.AW.Wenzel@bmw.de> 2014-03-26 16:42:26 +0100
committer: Alexander Wenzel <Alexander.AW.Wenzel@bmw.de> 2014-04-01 10:21:04 +0200
commit: 2d3dc13f481bd6a5dfc16511f7df89903b69c4fd (patch)
tree: 6f0ffd297c7fc6c7b517784753455e2860bde8ec /src/system
parent: 8594f384fe8d622c20e7cb6091a2e99313e9830e (diff)
download: DLT-daemon-2d3dc13f481bd6a5dfc16511f7df89903b69c4fd.tar.gz
6 files changed, 25 insertions, 23 deletions
diff --git a/src/system/dlt-system-filetransfer.c b/src/system/dlt-system-filetransfer.c
index 72fe630..5cfcf09 100644
--- a/src/system/dlt-system-filetransfer.c
+++ b/src/system/dlt-system-filetransfer.c
@@ -368,7 +368,7 @@ int flush_dir_send(FiletransferOptions const *opts, const char *compress_dir,  c
                 //old file name (not: path) would have been:
                 char tmp[strlen(dp->d_name)-strlen(COMPRESS_EXTENSION)+1];
                 strncpy(tmp,dp->d_name,strlen(dp->d_name)-strlen(COMPRESS_EXTENSION));
-                tmp[strlen(dp->d_name)-3]='\0';
+                tmp[strlen(dp->d_name)-strlen(COMPRESS_EXTENSION)]='\0';
 
                 int len = strlen(tmp)+strlen(compress_dir)+1+1;//2 sizes + 1*"/" + \0
                 char *path_uncompressed = malloc(len);
diff --git a/src/system/dlt-system-journal.c b/src/system/dlt-system-journal.c
index d6c99c1..926cd17 100644
--- a/src/system/dlt-system-journal.c
+++ b/src/system/dlt-system-journal.c
@@ -112,7 +112,7 @@ int dlt_system_journal_get(sd_journal* j,char *target,const char *field,size_t m
 	{
 		// truncate
 		strncpy(target,data+field_size,max_size-1);
-		target[max_size]=0;
+		target[max_size-1]=0;
 	}
 	else
 	{
diff --git a/src/system/dlt-system-options.c b/src/system/dlt-system-options.c
index 113089b..3b4195d 100644
--- a/src/system/dlt-system-options.c
+++ b/src/system/dlt-system-options.c
@@ -62,7 +62,7 @@
 void usage(char *prog_name)
 {
 	char version[255];
-	dlt_get_version(version);
+	dlt_get_version(version,255);
 
 	printf("Usage: %s [options]\n", prog_name);
 	printf("Application to forward syslog messages to DLT, transfer system information, logs and files.\n");
@@ -103,7 +103,7 @@ int read_command_line(DltSystemCliOptions *options, int argc, char *argv[])
 			{
 				options->ConfigurationFileName = malloc(strlen(optarg)+1);
 				MALLOC_ASSERT(options->ConfigurationFileName);
-				strcpy(options->ConfigurationFileName, optarg);
+				strcpy(options->ConfigurationFileName, optarg); /* strcpy unritical here, because size matches exactly the size to be copied */
 				break;
 			}
 			case 'h':
@@ -226,11 +226,13 @@ int read_configuration_file(DltSystemConfiguration *config, char *file_name)
 
 			if(token[0] == 0)
 			{
-				strncpy(token, pch, MAX_LINE);
+				strncpy(token, pch, MAX_LINE-1);
+				token[MAX_LINE-1]=0;
 			}
 			else
 			{
 				strncpy(value, pch, MAX_LINE);
+				value[MAX_LINE-1]=0;
 				break;
 			}
 
@@ -244,7 +246,7 @@ int read_configuration_file(DltSystemConfiguration *config, char *file_name)
 			{
 				config->ApplicationId = malloc(strlen(value)+1);
 				MALLOC_ASSERT(config->ApplicationId);
-				strcpy(config->ApplicationId, value);
+				strcpy(config->ApplicationId, value); /* strcpy unritical here, because size matches exactly the size to be copied */
 			}
 
 			// Shell
@@ -262,7 +264,7 @@ int read_configuration_file(DltSystemConfiguration *config, char *file_name)
 			{
 				config->Syslog.ContextId = malloc(strlen(value)+1);
 				MALLOC_ASSERT(config->Syslog.ContextId);
-				strcpy(config->Syslog.ContextId, value);
+				strcpy(config->Syslog.ContextId, value); /* strcpy unritical here, because size matches exactly the size to be copied */
 			}
 			else if(strcmp(token, "SyslogPort") == 0)
 			{
@@ -278,7 +280,7 @@ int read_configuration_file(DltSystemConfiguration *config, char *file_name)
 			{
 				config->Journal.ContextId = malloc(strlen(value)+1);
 				MALLOC_ASSERT(config->Journal.ContextId);
-				strcpy(config->Journal.ContextId, value);
+				strcpy(config->Journal.ContextId, value); /* strcpy unritical here, because size matches exactly the size to be copied */
 			}
 			else if(strcmp(token, "JournalCurrentBoot") == 0)
 			{
@@ -302,7 +304,7 @@ int read_configuration_file(DltSystemConfiguration *config, char *file_name)
 			{
 				config->Filetransfer.ContextId = malloc(strlen(value)+1);
 				MALLOC_ASSERT(config->Filetransfer.ContextId);
-				strcpy(config->Filetransfer.ContextId, value);
+				strcpy(config->Filetransfer.ContextId, value); /* strcpy unritical here, because size matches exactly the size to be copied */
 			}
 			else if(strcmp(token, "FiletransferTimeStartup") == 0)
 			{
@@ -320,13 +322,13 @@ int read_configuration_file(DltSystemConfiguration *config, char *file_name)
 			{
 				config->Filetransfer.TempDir = malloc(strlen(value)+1);
 				MALLOC_ASSERT(config->Filetransfer.TempDir);
-				strcpy(config->Filetransfer.TempDir, value);
+				strcpy(config->Filetransfer.TempDir, value); /* strcpy unritical here, because size matches exactly the size to be copied */
 			}
 			else if(strcmp(token, "FiletransferDirectory") == 0)
 			{
 				config->Filetransfer.Directory[config->Filetransfer.Count] = malloc(strlen(value)+1);
 				MALLOC_ASSERT(config->Filetransfer.Directory[config->Filetransfer.Count]);
-				strcpy(config->Filetransfer.Directory[config->Filetransfer.Count], value);
+				strcpy(config->Filetransfer.Directory[config->Filetransfer.Count], value); /* strcpy unritical here, because size matches exactly the size to be copied */
 			}
 			else if(strcmp(token, "FiletransferCompression") == 0)
 			{
@@ -358,7 +360,7 @@ int read_configuration_file(DltSystemConfiguration *config, char *file_name)
 			{
 				config->LogFile.Filename[config->LogFile.Count] = malloc(strlen(value)+1);
 				MALLOC_ASSERT(config->LogFile.Filename[config->LogFile.Count]);
-				strcpy(config->LogFile.Filename[config->LogFile.Count], value);
+				strcpy(config->LogFile.Filename[config->LogFile.Count], value); /* strcpy unritical here, because size matches exactly the size to be copied */
 			}
 			else if(strcmp(token, "LogFileMode") == 0)
 			{
@@ -372,7 +374,7 @@ int read_configuration_file(DltSystemConfiguration *config, char *file_name)
 			{
 				config->LogFile.ContextId[config->LogFile.Count] = malloc(strlen(value)+1);
 				MALLOC_ASSERT(config->LogFile.ContextId[config->LogFile.Count]);
-				strcpy(config->LogFile.ContextId[config->LogFile.Count], value);
+				strcpy(config->LogFile.ContextId[config->LogFile.Count], value); /* strcpy unritical here, because size matches exactly the size to be copied */
 				if(config->LogFile.Count < (DLT_SYSTEM_LOG_FILE_MAX - 1))
 				{
 					config->LogFile.Count++;
@@ -397,19 +399,19 @@ int read_configuration_file(DltSystemConfiguration *config, char *file_name)
 			{
 				config->LogProcesses.ContextId = malloc(strlen(value)+1);
 				MALLOC_ASSERT(config->LogProcesses.ContextId);
-				strcpy(config->LogProcesses.ContextId, value);
+				strcpy(config->LogProcesses.ContextId, value); /* strcpy unritical here, because size matches exactly the size to be copied */
 			}
 			else if(strcmp(token, "LogProcessName") == 0)
 			{
 				config->LogProcesses.Name[config->LogProcesses.Count] = malloc(strlen(value)+1);
 				MALLOC_ASSERT(config->LogProcesses.Name[config->LogProcesses.Count]);
-				strcpy(config->LogProcesses.Name[config->LogProcesses.Count], value);
+				strcpy(config->LogProcesses.Name[config->LogProcesses.Count], value); /* strcpy unritical here, because size matches exactly the size to be copied */
 			}
 			else if(strcmp(token, "LogProcessFilename") == 0)
 			{
 				config->LogProcesses.Filename[config->LogProcesses.Count] = malloc(strlen(value)+1);
 				MALLOC_ASSERT(config->LogProcesses.Filename[config->LogProcesses.Count]);
-				strcpy(config->LogProcesses.Filename[config->LogProcesses.Count], value);
+				strcpy(config->LogProcesses.Filename[config->LogProcesses.Count], value); /* strcpy unritical here, because size matches exactly the size to be copied */
 			}
 			else if(strcmp(token, "LogProcessMode") == 0)
 			{
diff --git a/src/system/dlt-system-processes.c b/src/system/dlt-system-processes.c
index 495c784..4457f50 100644
--- a/src/system/dlt-system-processes.c
+++ b/src/system/dlt-system-processes.c
@@ -69,7 +69,7 @@ void send_process(LogProcessOptions const *popts, int n)
 			DLT_STRING("dlt-system-processes, send process info."));
 	FILE * pFile;
 	struct dirent *dp;
-	char filename[256];
+	char filename[PATH_MAX];
 	char buffer[1024];
 	int bytes;
 	int found = 0;
@@ -83,7 +83,7 @@ void send_process(LogProcessOptions const *popts, int n)
 			if(isdigit(dp->d_name[0]))
 			{
 				buffer[0] = 0;
-				sprintf(filename, "/proc/%s/cmdline",dp->d_name);
+				snprintf(filename,PATH_MAX, "/proc/%s/cmdline",dp->d_name);
 				pFile = fopen(filename, "r");
 				if(pFile != NULL)
 				{
@@ -94,7 +94,7 @@ void send_process(LogProcessOptions const *popts, int n)
                    (strcmp(buffer, (*popts).Name[n])==0))
 				{
 					found = 1;
-                    sprintf(filename, "/proc/%s/%s", dp->d_name,(*popts).Filename[n]);
+                    snprintf(filename,PATH_MAX, "/proc/%s/%s", dp->d_name,(*popts).Filename[n]);
 					pFile = fopen(filename, "r");
 					if(pFile != NULL)
 					{
diff --git a/src/system/dlt-system-shell.c b/src/system/dlt-system-shell.c
index 5a35593..1c875fb 100644
--- a/src/system/dlt-system-shell.c
+++ b/src/system/dlt-system-shell.c
@@ -69,14 +69,14 @@ int dlt_shell_injection_callback(uint32_t service_id, void *data, uint32_t lengt
 	char text[DLT_SHELL_COMMAND_MAX_LENGTH];
     int syserr = 0;
 
-	if(length<DLT_SHELL_COMMAND_MAX_LENGTH-2)
+	if(length<=DLT_SHELL_COMMAND_MAX_LENGTH-1)
 	{
 		strncpy(text,data,length);
 		text[length] = 0;			
 	}
 	else
 	{
-		strncpy(text,data,DLT_SHELL_COMMAND_MAX_LENGTH-2);
+		strncpy(text,data,DLT_SHELL_COMMAND_MAX_LENGTH-1);
 		text[DLT_SHELL_COMMAND_MAX_LENGTH-1] = 0;	
 	}
 	
diff --git a/src/system/dlt-system-watchdog.c b/src/system/dlt-system-watchdog.c
index 5f7d124..c44b9b3 100644
--- a/src/system/dlt-system-watchdog.c
+++ b/src/system/dlt-system-watchdog.c
@@ -135,7 +135,7 @@ void watchdog_thread(void *v_conf)
 			// Calculate half of WATCHDOG_USEC in ns for timer tick
 			notifiyPeriodNSec = watchdogTimeoutSeconds / 2 ;
 
-			sprintf(str,"systemd watchdog timeout: %u nsec - timer will be initialized: %u nsec\n", watchdogTimeoutSeconds, notifiyPeriodNSec );
+			snprintf(str,512,"systemd watchdog timeout: %u nsec - timer will be initialized: %u nsec\n", watchdogTimeoutSeconds, notifiyPeriodNSec );
 			DLT_LOG(watchdogContext, DLT_LOG_DEBUG,DLT_STRING(str));
 
 			if (make_periodic (notifiyPeriodNSec, &info) < 0 )
@@ -159,7 +159,7 @@ void watchdog_thread(void *v_conf)
 		}
 		else
 		{
-			sprintf(str,"systemd watchdog timeout incorrect: %u\n", watchdogTimeoutSeconds);
+			snprintf(str,512,"systemd watchdog timeout incorrect: %u\n", watchdogTimeoutSeconds);
 			DLT_LOG(watchdogContext, DLT_LOG_DEBUG,DLT_STRING(str));
 		}
 	}
author	Alexander Wenzel <Alexander.AW.Wenzel@bmw.de>	2014-03-26 16:42:26 +0100
committer	Alexander Wenzel <Alexander.AW.Wenzel@bmw.de>	2014-04-01 10:21:04 +0200
commit	2d3dc13f481bd6a5dfc16511f7df89903b69c4fd (patch)
tree	6f0ffd297c7fc6c7b517784753455e2860bde8ec /src/system
parent	8594f384fe8d622c20e7cb6091a2e99313e9830e (diff)
download	DLT-daemon-2d3dc13f481bd6a5dfc16511f7df89903b69c4fd.tar.gz