Add truncation checks for paths - dedup - deduplicating backup program
HTML git clone git://bitreich.org/dedup/ git://enlrupgkhuxnvlhsf6lc3fziv5h2hhfrinws65d7roiv6bfj7d652fid.onion/dedup/
DIR Log
DIR Files
DIR Refs
DIR Tags
DIR README
DIR LICENSE
---
DIR commit 02140831ff35a825f0c92f9e63945316f740737e
DIR parent 696c1e07ef2ef69da9050c37c346f6ec62fbeeb8
HTML Author: sin <sin@2f30.org>
Date: Fri, 26 Apr 2019 17:50:41 +0100
Add truncation checks for paths
Diffstat:
M dup-check.c | 19 ++++++++++++-------
M dup-pack.c | 21 +++++++++++++--------
M dup-rm.c | 10 +++++++---
M dup-unpack.c | 21 +++++++++++++--------
4 files changed, 45 insertions(+), 26 deletions(-)
---
DIR diff --git a/dup-check.c b/dup-check.c
@@ -39,7 +39,8 @@ usage(void)
int
main(int argc, char *argv[])
{
- char path[PATH_MAX];
+ char spath[PATH_MAX];
+ char bpath[PATH_MAX];
struct sctx *sctx;
struct bctx *bctx;
struct bparam bparam;
@@ -59,13 +60,17 @@ main(int argc, char *argv[])
if (argc != 1)
usage();
- snprintf(path, sizeof(path), "%s/archive/%s", repo, argv[0]);
- if (sopen(path, S_READ, 0600, &sctx) < 0)
- errx(1, "sopen: %s: failed", path);
+ if (snprintf(spath, sizeof(spath), "%s/archive/%s",
+ repo, argv[0]) >= sizeof(spath))
+ errx(1, "snprintf: %s: path too long", spath);
+ if (snprintf(bpath, sizeof(bpath), "%s/storage",
+ repo) >= sizeof(bpath))
+ errx(1, "snprintf: %s: path too long", bpath);
- snprintf(path, sizeof(path), "%s/storage", repo);
- if (bopen(path, B_READ, 0600, &bparam, &bctx) <0)
- errx(1, "bopen: %s: failed", path);
+ if (sopen(spath, S_READ, 0600, &sctx) < 0)
+ errx(1, "sopen: %s: failed", spath);
+ if (bopen(bpath, B_READ, 0600, &bparam, &bctx) <0)
+ errx(1, "bopen: %s: failed", bpath);
if (check(sctx, bctx) < 0)
errx(1, "check: failed");
DIR diff --git a/dup-pack.c b/dup-pack.c
@@ -57,7 +57,8 @@ usage(void)
int
main(int argc, char *argv[])
{
- char path[PATH_MAX];
+ char spath[PATH_MAX];
+ char bpath[PATH_MAX];
struct sctx *sctx;
struct bctx *bctx;
struct bparam bpar;
@@ -77,13 +78,17 @@ main(int argc, char *argv[])
if (argc != 1)
usage();
- snprintf(path, sizeof(path), "%s/archive/%s", repo, argv[0]);
- if (screat(path, 0600, &sctx) < 0)
- errx(1, "screat: %s: failed", path);
-
- snprintf(path, sizeof(path), "%s/storage", repo);
- if (bopen(path, B_RDWR, 0600, &bpar, &bctx) <0)
- errx(1, "bopen: %s: failed", path);
+ if (snprintf(spath, sizeof(spath), "%s/archive/%s",
+ repo, argv[0]) >= sizeof(spath))
+ errx(1, "snprintf: %s: path too long", spath);
+ if (snprintf(bpath, sizeof(bpath), "%s/storage",
+ repo) >= sizeof(bpath))
+ errx(1, "snprintf: %s: path too long", bpath);
+
+ if (screat(spath, 0600, &sctx) < 0)
+ errx(1, "screat: %s: failed", spath);
+ if (bopen(bpath, B_RDWR, 0600, &bpar, &bctx) <0)
+ errx(1, "bopen: %s: failed", bpath);
if (pack(sctx, bctx) < 0)
errx(1, "pack: failed");
DIR diff --git a/dup-rm.c b/dup-rm.c
@@ -61,11 +61,15 @@ main(int argc, char *argv[])
if (argc != 1)
usage();
- snprintf(spath, sizeof(spath), "%s/archive/%s", repo, argv[0]);
+ if (snprintf(spath, sizeof(spath), "%s/archive/%s",
+ repo, argv[0]) >= sizeof(spath))
+ errx(1, "snprintf: %s: path too long", spath);
+ if (snprintf(bpath, sizeof(bpath), "%s/storage",
+ repo) >= sizeof(bpath))
+ errx(1, "snprintf: %s: path too long", bpath);
+
if (sopen(spath, S_READ, 0600, &sctx) < 0)
errx(1, "sopen: %s: failed", spath);
-
- snprintf(bpath, sizeof(bpath), "%s/storage", repo);
if (bopen(bpath, B_RDWR, 0600, &bparam, &bctx) <0)
errx(1, "bopen: %s: failed", bpath);
DIR diff --git a/dup-unpack.c b/dup-unpack.c
@@ -73,7 +73,8 @@ usage(void)
int
main(int argc, char *argv[])
{
- char path[PATH_MAX];
+ char spath[PATH_MAX];
+ char bpath[PATH_MAX];
struct sctx *sctx;
struct bctx *bctx;
struct bparam bpar;
@@ -93,13 +94,17 @@ main(int argc, char *argv[])
if (argc != 1)
usage();
- snprintf(path, sizeof(path), "%s/archive/%s", repo, argv[0]);
- if (sopen(path, S_READ, 0600, &sctx) < 0)
- errx(1, "sopen: %s: failed", path);
-
- snprintf(path, sizeof(path), "%s/storage", repo);
- if (bopen(path, B_READ, 0600, &bpar, &bctx) <0)
- errx(1, "bopen: %s: failed", path);
+ if (snprintf(spath, sizeof(spath), "%s/archive/%s",
+ repo, argv[0]) >= sizeof(spath))
+ errx(1, "snprintf: %s: path too long", spath);
+ if (snprintf(bpath, sizeof(bpath), "%s/storage",
+ repo) >= sizeof(bpath))
+ errx(1, "snprintf: %s: path too long", bpath);
+
+ if (sopen(spath, S_READ, 0600, &sctx) < 0)
+ errx(1, "sopen: %s: failed", spath);
+ if (bopen(bpath, B_READ, 0600, &bpar, &bctx) <0)
+ errx(1, "bopen: %s: failed", bpath);
if (unpack(sctx, bctx) < 0)
errx(1, "dedup: failed");