From b79d2f21e8f9c0d31568e82b77004a9bbe3b8be3 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Thu, 8 Oct 2020 12:24:06 +0200 Subject: Fix potential strcmp() overflow, better packed struct for pipe --- src/rpc.c | 13 +++++++------ src/userlist.c | 8 ++++---- 2 files changed, 11 insertions(+), 10 deletions(-) diff --git a/src/rpc.c b/src/rpc.c index 9345876..28e4b2e 100644 --- a/src/rpc.c +++ b/src/rpc.c @@ -18,15 +18,16 @@ #define SOCKPATH "/run/idle-daemon" -#pragma pack(1) -static struct { - int read; - int write; +static union { + struct __attribute__((packed)) { + int read; + int write; + }; + int array[2]; } rpcPipe = { .read = -1, .write = -1, }; -#pragma pack(0) _Static_assert( sizeof(rpcPipe) == ( sizeof(int) * 2 ), "Structsize mismatch" ); @@ -56,7 +57,7 @@ int rpc_open( void ) return -1; } if ( rpcPipe.write == -1 && rpcPipe.read == -1 ) { - if ( pipe2( (int*)&rpcPipe, O_DIRECT ) == -1 ) { + if ( pipe2( rpcPipe.array, O_DIRECT ) == -1 ) { perror( "Cannot create local RPC pipe" ); } else { // Read end nonblocking diff --git a/src/userlist.c b/src/userlist.c index 4b03959..1f65eb5 100644 --- a/src/userlist.c +++ b/src/userlist.c @@ -84,8 +84,8 @@ int getUserList( struct user *outbuf, int size ) for ( int j = 0; j < deadzone; ++j ) { if ( outbuf[j].user[0] != '\0' && strcmp( outbuf[j].display, u->ut_host ) == 0 ) { if ( outbuf[j].sessionLeader == u->ut_pid - && strcmp( outbuf[j].user, u->ut_user ) == 0 - && strcmp( outbuf[j].device, u->ut_line ) == 0 ) { + && strncmp( outbuf[j].user, u->ut_user, UT_NAMESIZE ) == 0 + && strncmp( outbuf[j].device, u->ut_line, UT_LINESIZE ) == 0 ) { use = j; break; } @@ -111,8 +111,8 @@ int getUserList( struct user *outbuf, int size ) use = j; } } else if ( outbuf[j].sessionLeader == u->ut_pid - && strcmp( outbuf[j].user, u->ut_user ) == 0 - && strcmp( outbuf[j].device, u->ut_line ) == 0 ) { + && strncmp( outbuf[j].user, u->ut_user, UT_NAMESIZE ) == 0 + && strncmp( outbuf[j].device, u->ut_line, UT_LINESIZE ) == 0 ) { use = j; break; } -- cgit v1.2.3-55-g7522