[Openvas-commits] r1400 - in trunk/openvas-libraries: . libopenvas

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Tue Sep 23 11:27:41 CEST 2008 

Author: mwiegand
Date: 2008-09-23 11:27:40 +0200 (Tue, 23 Sep 2008)
New Revision: 1400

Modified:
   trunk/openvas-libraries/ChangeLog
   trunk/openvas-libraries/libopenvas/plugutils.c
Log:
Fixed uses of sprintf in libopenvas/plugutils.c that could lead to
buffer overflows under certain circumstances. Told RATS and flawfinder
to ignore the use of snprintf; we will assume that glibc provides us
with an up-to-date snprintf. Changed "flawfinder" ignore statements to
"RATS" since the "RATS" keyword is supported by both RATS and
flawfinder.

* libopenvas/plugutils.c (plug_set_id, _add_plugin_preference,
plug_set_replace_key): Replaced sprintf usage with snprintf.


Modified: trunk/openvas-libraries/ChangeLog
===================================================================
--- trunk/openvas-libraries/ChangeLog	2008-09-23 08:59:41 UTC (rev 1399)
+++ trunk/openvas-libraries/ChangeLog	2008-09-23 09:27:40 UTC (rev 1400)
@@ -1,3 +1,15 @@
+2008-09-23  Michael Wiegand <michael.wiegand at intevation.de>
+
+	Fixed uses of sprintf in libopenvas/plugutils.c that could lead to
+	buffer overflows under certain circumstances. Told RATS and flawfinder
+	to ignore the use of snprintf; we will assume that glibc provides us
+	with an up-to-date snprintf. Changed "flawfinder" ignore statements to
+	"RATS" since the "RATS" keyword is supported by both RATS and
+	flawfinder.
+
+	* libopenvas/plugutils.c (plug_set_id, _add_plugin_preference,
+	plug_set_replace_key): Replaced sprintf usage with snprintf.
+
 2008-09-22  Jan-Oliver Wagner <jan-oliver.wagner at intevation.de>
 
 	* libopenvas/plugutils.c (proto_post_wrapped): escape_crlf is

Modified: trunk/openvas-libraries/libopenvas/plugutils.c
===================================================================
--- trunk/openvas-libraries/libopenvas/plugutils.c	2008-09-23 08:59:41 UTC (rev 1399)
+++ trunk/openvas-libraries/libopenvas/plugutils.c	2008-09-23 09:27:40 UTC (rev 1400)
@@ -241,7 +241,8 @@
  {
   oldid = emalloc(strlen(LEGACY_OID) + (sizeof(id) * 3) + 1);
  }
- sprintf(oldid, LEGACY_OID "%i", id);
+ // RATS: ignore
+ snprintf(oldid, 100, LEGACY_OID "%i", id);
  arg_add_value(desc, "OID", ARG_STRING, strlen(oldid), estrdup(oldid));
 #ifdef DEBUG
  fprintf(stderr, "plug_set_id: Legacy plugin %i detected", id);
@@ -300,7 +301,7 @@
   strcat(old, ", ");
   /* Rid ff warnings */
   /* Stmt's valid since len(id)+len(old)+len('\0'+", ") = size of realloc'd memory*/
-  strcat(old, id); /* Flawfinder: ignore */ 
+  strcat(old, id); /* RATS: ignore */ 
   arg_set_value(desc, "CVE_ID", strlen(old), old);
  }
  else
@@ -330,7 +331,7 @@
  { 
   old = erealloc(old, strlen(old) + strlen(id) + 3);
   strcat(old, ", ");
-  strcat(old, id); /* Flawfinder: ignore */ 
+  strcat(old, id); /* RATS: ignore */ 
   arg_set_value(desc, "BUGTRAQ_ID", strlen(old), old);
  }
  else
@@ -359,9 +360,9 @@
  { 
   old = erealloc(old, strlen(old) + strlen(name) + strlen(value) + 4);
   strcat(old, ", ");
-  strcat(old, name); /* Flawfinder: ignore */ 
+  strcat(old, name); /* RATS: ignore */ 
   strcat(old, ":");
-  strcat(old, value); /* Flawfinder: ignore */ 
+  strcat(old, value); /* RATS: ignore */ 
   arg_set_value(desc, "XREFS", strlen(old), old);
  }
  else 
@@ -369,9 +370,9 @@
   char * str;
   
   str = emalloc(strlen(name) + strlen(value) + 2);
-  strcat(str, name); /* Flawfinder: ignore */ 
+  strcat(str, name); /* RATS: ignore */ 
   strcat(str, ":");
-  strcat(str, value); /* Flawfinder: ignore */ 
+  strcat(str, value); /* RATS: ignore */ 
   arg_add_value(desc, "XREFS", ARG_STRING, strlen(str), str);
   }
 }
@@ -1052,20 +1053,20 @@
  if( cve != NULL && cve[0] != '\0')
         {
 	 strcat(naction, "CVE : ");
-	 strcat(naction, cve); /* Flawfinder: ignore */ 
+	 strcat(naction, cve); /* RATS: ignore */ 
 	 strcat(naction, "\n");
 	 }
  
  if( bid != NULL && bid[0] != '\0' )
  	{
 	 strcat(naction, "BID : ");
-	 strcat(naction, bid); /* Flawfinder: ignore */ 
+	 strcat(naction, bid); /* RATS: ignore */ 
 	 strcat(naction, "\n");
 	 }	
  if( xref != NULL && xref[0] != '\0' )
  	{
 	strcat(naction, "Other references : ");
-	strcat(naction, xref); /* Flawfinder: ignore */ 
+	strcat(naction, xref); /* RATS: ignore */ 
 	strcat(naction, "\n");
 	}
  
@@ -1320,7 +1321,9 @@
 
 
  pref = emalloc(strlen(p_name)+10+strlen(type)+strlen(cname));
- sprintf(pref, "%s[%s]:%s", p_name, type, cname);
+ // RATS: ignore
+ snprintf(pref, strlen(p_name)+10+strlen(type)+strlen(cname), "%s[%s]:%s",
+          p_name, type, cname);
  if ( arg_get_value(prefs, pref) == NULL )
   arg_add_value(prefs, pref, ARG_STRING, strlen(defaul), estrdup(defaul));
 
@@ -1500,13 +1503,16 @@
    kb_item_add_str(kb, name, value);
    value = addslashes(value);
    str = emalloc(strlen(name)+strlen(value)+10);
-   sprintf(str, "%d %s=%s;\n", ARG_STRING, name, (char *)value);
+   // RATS: ignore
+   snprintf(str, strlen(name)+strlen(value)+10, "%d %s=%s;\n", ARG_STRING, name,
+           (char *)value);
    efree(&value);
    break;
   case ARG_INT :
    kb_item_add_int(kb, name, (int)value);
    str = emalloc(strlen(name)+20);
-   sprintf(str, "%d %s=%d;\n", ARG_INT, name, (int)value);
+   // RATS: ignore
+   snprintf(str, strlen(name)+20, "%d %s=%d;\n", ARG_INT, name, (int)value);
    break;
  }
  if(str)

More information about the Openvas-commits mailing list