server buffer overrun

svn path=/trunk/boinc/; revision=1131
This commit is contained in:
David Anderson 2003-04-03 18:35:40 +00:00
parent 78fdd9c4a5
commit df869d7713
19 changed files with 114 additions and 91 deletions

View File

@ -4003,3 +4003,35 @@ David Mar 31 2003
test_uc.php
tools/
backend_lib.C
David Apr 3 2003
- added macro "safe_strcpy(x, y)"
** USE THIS INSTEAD OF safe_strncpy(x, y, sizeof(x))
- added macro "safe_strcat(x, y)"
** USE THIS INSTEAD OF strcat()
- changed dynamically-allocated fields of SCHEDULER_REQUEST,
SCHEDULER_REPLY to static
That combination of the above fixes a bug where a long
stderr_out could overwrite other fields of RESULT
client/
app.C
client_state.C
client_types.C
cs_scheduler.C
hostinfo_unix.C
http.C
net_xfer.C
pers_file_xfer.C
scheduler_op.C
doc/
index.html
lib/
filesys.C
util.C,h
sched/
file_deleter.C
file_upload_handler.C
handle_request.C
server_types.C,h

View File

@ -140,8 +140,8 @@ int ACTIVE_TASK::start(bool first_time) {
memset(&aid, 0, sizeof(aid));
safe_strncpy(aid.user_name, wup->project->user_name, sizeof(aid.user_name));
safe_strncpy(aid.team_name, wup->project->team_name, sizeof(aid.team_name));
safe_strcpy(aid.user_name, wup->project->user_name);
safe_strcpy(aid.team_name, wup->project->team_name);
sprintf(aid.comm_obj_name, "boinc_%d", slot);
if (wup->project->project_specific_prefs) {
extract_venue(
@ -208,8 +208,8 @@ int ACTIVE_TASK::start(bool first_time) {
fip = app_version->app_files[i].file_info;
get_pathname(fip, file_path);
if (i == 0) {
safe_strncpy(exec_name, fip->name, sizeof(exec_name));
safe_strncpy(exec_path, file_path, sizeof(exec_path));
safe_strcpy(exec_name, fip->name);
safe_strcpy(exec_path, file_path);
}
if (first_time) {
sprintf(link_path, "%s%s%s", slot_dir, PATH_SEPARATOR, fip->name);

View File

@ -1344,11 +1344,11 @@ void CLIENT_STATE::parse_env_vars() {
}
if ((p = getenv("SOCKS_USER"))) {
safe_strncpy(socks_user_name, p, sizeof(socks_user_name));
safe_strcpy(socks_user_name, p);
}
if ((p = getenv("SOCKS_PASSWD"))) {
safe_strncpy(socks_user_passwd, p, sizeof(socks_user_passwd));
safe_strcpy(socks_user_passwd, p);
}
}

View File

@ -221,9 +221,9 @@ int PROJECT::write_state(FILE* out) {
//
void PROJECT::copy_state_fields(PROJECT& p) {
scheduler_urls = p.scheduler_urls;
safe_strncpy(project_name, p.project_name, sizeof(project_name));
safe_strncpy(user_name, p.user_name, sizeof(user_name));
safe_strncpy(team_name, p.team_name, sizeof(team_name));
safe_strcpy(project_name, p.project_name);
safe_strcpy(user_name, p.user_name);
safe_strcpy(team_name, p.team_name);
user_total_credit = p.user_total_credit;
user_expavg_credit = p.user_expavg_credit;
user_create_time = p.user_create_time;
@ -239,7 +239,7 @@ void PROJECT::copy_state_fields(PROJECT& p) {
min_rpc_time = p.min_rpc_time;
master_url_fetch_pending = p.master_url_fetch_pending;
sched_rpc_pending = p.sched_rpc_pending;
safe_strncpy(code_sign_key, p.code_sign_key, sizeof(code_sign_key));
safe_strcpy(code_sign_key, p.code_sign_key);
}
int APP::parse(FILE* in) {

View File

@ -342,13 +342,13 @@ int CLIENT_STATE::handle_scheduler_reply(
if (retval) return retval;
if (strlen(sr.project_name)) {
safe_strncpy(project->project_name, sr.project_name, sizeof(project->project_name));
safe_strcpy(project->project_name, sr.project_name);
}
if (strlen(sr.user_name)) {
safe_strncpy(project->user_name, sr.user_name, sizeof(project->user_name));
safe_strcpy(project->user_name, sr.user_name);
}
if (strlen(sr.team_name)) {
safe_strncpy(project->team_name, sr.team_name, sizeof(project->team_name));
safe_strcpy(project->team_name, sr.team_name);
}
project->user_total_credit = sr.user_total_credit;
project->user_expavg_credit = sr.user_expavg_credit;
@ -387,7 +387,7 @@ int CLIENT_STATE::handle_scheduler_reply(
sr.global_prefs_xml
);
fclose(f);
safe_strncpy(host_venue, sr.host_venue, sizeof(host_venue));
safe_strcpy(host_venue, sr.host_venue);
retval = global_prefs.parse_file(host_venue);
if (retval) return retval;
install_global_prefs();
@ -416,7 +416,7 @@ int CLIENT_STATE::handle_scheduler_reply(
if (sr.code_sign_key) {
if (!strlen(project->code_sign_key)) {
safe_strncpy(project->code_sign_key, sr.code_sign_key, sizeof(project->code_sign_key));
safe_strcpy(project->code_sign_key, sr.code_sign_key);
} else {
if (sr.code_sign_key_signature) {
retval = verify_string2(
@ -424,7 +424,7 @@ int CLIENT_STATE::handle_scheduler_reply(
project->code_sign_key, signature_valid
);
if (!retval && signature_valid) {
safe_strncpy(project->code_sign_key, sr.code_sign_key, sizeof(project->code_sign_key));
safe_strcpy(project->code_sign_key, sr.code_sign_key);
} else {
fprintf(stdout,
"New code signing key from %s doesn't validate\n",

View File

@ -187,8 +187,8 @@ void parse_cpuinfo(HOST_INFO& host) {
void get_osinfo(HOST_INFO& host) {
struct utsname u;
uname(&u);
safe_strncpy(host.os_name, u.sysname, sizeof(host.os_name));
safe_strncpy(host.os_version, u.release, sizeof(host.os_version));
safe_strcpy(host.os_name, u.sysname);
safe_strcpy(host.os_version, u.release);
}
#endif

View File

@ -49,9 +49,9 @@ void parse_url(char* url, char* host, int &port, char* file) {
char buf[256];
if (strncmp(url, "http://", 7) == 0) {
safe_strncpy(buf, url+7, sizeof(buf));
safe_strcpy(buf, url+7);
} else {
safe_strncpy(buf, url, sizeof(buf));
safe_strcpy(buf, url);
}
p = strchr(buf, '/');
if (p) {
@ -225,7 +225,7 @@ int HTTP_OP::init_get(char* url, char* out, bool del_old_file, double off) {
file_offset = off;
parse_url(url, hostname, port, filename);
NET_XFER::init(use_http_proxy?proxy_server_name:hostname, use_http_proxy?proxy_server_port:port, HTTP_BLOCKSIZE);
safe_strncpy(outfile, out, sizeof(outfile));
safe_strcpy(outfile, out);
http_op_type = HTTP_OP_GET;
http_op_state = HTTP_STATE_CONNECTING;
if (use_http_proxy) {
@ -246,8 +246,8 @@ int HTTP_OP::init_post(char* url, char* in, char* out) {
parse_url(url, hostname, port, filename);
NET_XFER::init(use_http_proxy?proxy_server_name:hostname, use_http_proxy?proxy_server_port:port, HTTP_BLOCKSIZE);
safe_strncpy(infile, in, sizeof(infile));
safe_strncpy(outfile, out, sizeof(outfile));
safe_strcpy(infile, in);
safe_strcpy(outfile, out);
retval = file_size(infile, size);
if (retval) return retval;
content_length = (int)size;
@ -280,7 +280,7 @@ int HTTP_OP::init_post2(
NET_XFER::init(use_http_proxy?proxy_server_name:hostname, use_http_proxy?proxy_server_port:port, HTTP_BLOCKSIZE);
req1 = r1;
if (in) {
safe_strncpy(infile, in, sizeof(infile));
safe_strcpy(infile, in);
file_offset = offset;
retval = file_size(infile, size);
if (retval) {

View File

@ -174,7 +174,7 @@ void NET_XFER::init(char* host, int p, int b) {
file = NULL;
io_ready = false;
error = 0;
safe_strncpy(hostname, host, sizeof(hostname));
safe_strcpy(hostname, host);
port = p;
blocksize = (b > MAX_BLOCKSIZE ? MAX_BLOCKSIZE : b);
xfer_speed = 0;

View File

@ -81,10 +81,7 @@ bool PERS_FILE_XFER::start_xfer() {
file_xfer = new FILE_XFER;
if (gstate.use_http_proxy) {
file_xfer->use_http_proxy = true;
safe_strncpy(
file_xfer->proxy_server_name, gstate.proxy_server_name,
sizeof(file_xfer->proxy_server_name)
);
safe_strcpy(file_xfer->proxy_server_name, gstate.proxy_server_name);
file_xfer->proxy_server_port = gstate.proxy_server_port;
}
if (is_upload) {

View File

@ -178,7 +178,7 @@ int SCHEDULER_OP::start_rpc() {
FILE *f;
int retval;
safe_strncpy(scheduler_url, project->scheduler_urls[url_index].text, sizeof(scheduler_url));
safe_strcpy(scheduler_url, project->scheduler_urls[url_index].text);
if (log_flags.sched_ops) {
printf("Sending request to scheduler: %s\n", scheduler_url);
}
@ -191,7 +191,7 @@ int SCHEDULER_OP::start_rpc() {
}
if (gstate.use_http_proxy) {
http_op.use_http_proxy = true;
safe_strncpy(http_op.proxy_server_name, gstate.proxy_server_name, sizeof(http_op.proxy_server_name));
safe_strcpy(http_op.proxy_server_name, gstate.proxy_server_name);
http_op.proxy_server_port = gstate.proxy_server_port;
}
retval = http_op.init_post(
@ -217,7 +217,7 @@ int SCHEDULER_OP::init_master_fetch(PROJECT* p) {
}
if (gstate.use_http_proxy) {
http_op.use_http_proxy = true;
safe_strncpy(http_op.proxy_server_name, gstate.proxy_server_name, sizeof(http_op.proxy_server_name));
safe_strcpy(http_op.proxy_server_name, gstate.proxy_server_name);
http_op.proxy_server_port = gstate.proxy_server_port;
}
retval = http_op.init_get(project->master_url, MASTER_FILE_NAME, true);

View File

@ -11,7 +11,7 @@
<b>
Berkeley Open Infrastructure for Network Computing
(BOINC)
combines PCs to form a parallel supercomputer.
combines PCs into supercomputers.
</b>
</font>
</center>
@ -60,19 +60,20 @@ Help debug and enhance the BOINC software.
<a href=contact.html><b>Contact us</b></a>
<br><br>
<hr width=60% size=1>
<font size=-1>
<a href=http://www.sf.net/projects/boinc/>BOINC development</a>
is hosted at Sourceforge.net</font>
<br><br>
<a href="http://sourceforge.net"><img
src="http://sourceforge.net/sflogo.php?group_id=52437&amp;type=5"
width="210" height="62" border="0" alt="SourceForge Logo"></a>
is hosted at </font>
<a href="http://sourceforge.net"><img align=top src="http://sourceforge.net/sflogo.php?group_id=52437&amp" border="0" alt="SourceForge Logo"></a>
</td>
<td valign=top bgcolor=d8f4ff width=100%>
<center>
<h3>Status and news</h3>
</center>
<b>March 31, 2003</b>
<br>
We are preparing a BOINC-based version of SETI@home.
See a <a href=setiathome.jpg>preview of the graphics</a>.
<br><br>
<b>March 25, 2003</b>
<br>
<a href=http://216.198.119.31/BOINC/language_ini/language.htm>Non-English

View File

@ -80,7 +80,7 @@ DIRREF dir_open(char* p) {
if(!is_dir(p)) return NULL;
dirp = (DIR_DESC*) calloc(sizeof(DIR_DESC), 1);
dirp->first = true;
safe_strncpy(dirp->path, p, sizeof(dirp->path));
safe_strcpy(dirp->path, p);
strcat(dirp->path, "\\*");
dirp->handle = INVALID_HANDLE_VALUE;
#endif
@ -159,7 +159,7 @@ int file_delete(char* path) {
retval = remove(path);
#endif
if (retval) {
safe_strncpy(failed_file, path, sizeof(failed_file));
safe_strcpy(failed_file, path);
return ERR_UNLINK;
}
return 0;
@ -201,7 +201,7 @@ int clean_out_dir(char* dirpath) {
dirp = dir_open(dirpath);
if (!dirp) return -1;
while (1) {
safe_strncpy(filename,"",sizeof(filename));
strcpy(filename, "");
retval = dir_scan(filename, dirp, sizeof(filename));
if (retval) break;
sprintf(path, "%s%s%s", dirpath, PATH_SEPARATOR, filename);

View File

@ -280,12 +280,9 @@ void escape_url(char *in, char*out) {
out[y] = 0;
}
char * safe_strncpy(char* dst, char* src, int len) {
char *retval;
retval = strncpy(dst, src, len);
void safe_strncpy(char* dst, char* src, int len) {
strncpy(dst, src, len);
dst[len-1]=0;
return retval;
}
char* timestamp() {

View File

@ -28,7 +28,9 @@ extern double drand();
extern void c2x(char *what);
extern void unescape_url(char *url);
extern void escape_url(char *in, char*out);
extern char* safe_strncpy(char*, char*, int);
extern void safe_strncpy(char*, char*, int);
#define safe_strcpy(x, y) safe_strncpy(x, y, sizeof(x))
#define safe_strcat(x, y) if (strlen(x)+strlen(y)<sizeof(x)) strcat(x, y)
extern char* timestamp();
#ifndef max

View File

@ -40,7 +40,7 @@ int wu_delete_files(WORKUNIT& wu) {
char filename[256], pathname[256], buf[MAX_BLOB_SIZE], logbuf[256];
bool no_delete;
safe_strncpy(buf, wu.xml_doc, sizeof(buf));
safe_strcpy(buf, wu.xml_doc);
p = strtok(buf, "\n");
strcpy(filename, "");
@ -69,7 +69,7 @@ int result_delete_files(RESULT& result) {
char filename[256], pathname[256], buf[MAX_BLOB_SIZE], logbuf[256];
bool no_delete;
safe_strncpy(buf, result.xml_doc_in, sizeof(buf) );
safe_strcpy(buf, result.xml_doc_in);
p = strtok(buf,"\n");
while (p) {
if (parse_str(p, "<name>", filename, sizeof(filename))) {

View File

@ -36,6 +36,7 @@
CONFIG config;
#define STDERR_FILENAME "file_upload_handler.out"
//#define DEBUG
#define MAX_FILES 32
@ -303,6 +304,11 @@ int main() {
int retval;
R_RSA_PUBLIC_KEY key;
if (!freopen(STDERR_FILENAME, "a", stderr)) {
fprintf(stderr, "Can't redirect stderr\n");
exit(1);
}
retval = config.parse_file();
if (retval) {
return_error("can't read config file");

View File

@ -34,12 +34,12 @@ using namespace std;
#include "db.h"
#include "backend_lib.h"
#include "parse.h"
#include "util.h"
#include "server_types.h"
#include "main.h"
#include "handle_request.h"
#define MIN_SECONDS_TO_SEND 0
#define SECONDS_PER_DAY (3600*24)
#define MAX_SECONDS_TO_SEND (28*SECONDS_PER_DAY)
#define MAX_WUS_TO_SEND 10
@ -318,7 +318,7 @@ int handle_global_prefs(SCHEDULER_REQUEST& sreq, SCHEDULER_REPLY& reply) {
unsigned int req_mod_time, db_mod_time;
bool need_update;
reply.send_global_prefs = false;
if (sreq.global_prefs_xml) {
if (strlen(sreq.global_prefs_xml)) {
need_update = false;
parse_int(sreq.global_prefs_xml, "<mod_time>", (int)req_mod_time);
if (strlen(reply.user.global_prefs)) {
@ -332,10 +332,7 @@ int handle_global_prefs(SCHEDULER_REQUEST& sreq, SCHEDULER_REPLY& reply) {
need_update = true;
}
if (need_update) {
strncpy(
reply.user.global_prefs, sreq.global_prefs_xml,
sizeof(reply.user.global_prefs)
);
safe_strcpy(reply.user.global_prefs, sreq.global_prefs_xml);
db_user_update(reply.user);
}
} else {
@ -552,9 +549,10 @@ void send_code_sign_key(
int i, retval;
char path[256];
if (sreq.code_sign_key) {
if (strlen(sreq.code_sign_key)) {
if (strcmp(sreq.code_sign_key, code_sign_key)) {
write_log("received old code sign key\n");
// look for a signature file
//
for (i=0; ; i++) {
@ -576,8 +574,9 @@ void send_code_sign_key(
"Please report this to project."
);
} else {
reply.code_sign_key = strdup(code_sign_key);
reply.code_sign_key_signature = signature;
safe_strcpy(reply.code_sign_key, code_sign_key);
safe_strcpy(reply.code_sign_key_signature, signature);
free(signature);
}
}
free(oldkey);
@ -585,7 +584,7 @@ void send_code_sign_key(
}
}
} else {
reply.code_sign_key = strdup(code_sign_key);
safe_strcpy(reply.code_sign_key, code_sign_key);
}
}

View File

@ -26,17 +26,14 @@ using namespace std;
#include <assert.h>
#include "parse.h"
#include "util.h"
#include "main.h"
#include "server_types.h"
SCHEDULER_REQUEST::SCHEDULER_REQUEST() {
global_prefs_xml = 0;
code_sign_key = 0;
}
SCHEDULER_REQUEST::~SCHEDULER_REQUEST() {
if (global_prefs_xml) free(global_prefs_xml);
if (code_sign_key) free(code_sign_key);
}
int SCHEDULER_REQUEST::parse(FILE* fin) {
@ -46,7 +43,8 @@ int SCHEDULER_REQUEST::parse(FILE* fin) {
strcpy(authenticator, "");
hostid = 0;
work_req_seconds = 0;
global_prefs_xml = strdup("");
strcpy(global_prefs_xml, "");
strcpy(code_sign_key, "");
fgets(buf, 256, fin);
if (!match_tag(buf, "<scheduler_request>")) return 1;
@ -60,12 +58,12 @@ int SCHEDULER_REQUEST::parse(FILE* fin) {
else if (parse_int(buf, "<core_client_minor_version>", core_client_minor_version)) continue;
else if (parse_int(buf, "<work_req_seconds>", work_req_seconds)) continue;
else if (match_tag(buf, "<global_preferences>")) {
global_prefs_xml = strdup("<global_preferences>\n");
strcpy(global_prefs_xml, "<global_preferences>\n");
while (fgets(buf, 256, fin)) {
if (strstr(buf, "</global_preferences>")) break;
strcatdup(global_prefs_xml, buf);
safe_strcat(global_prefs_xml, buf);
}
strcatdup(global_prefs_xml, "</global_preferences>\n");
safe_strcat(global_prefs_xml, "</global_preferences>\n");
}
else if (match_tag(buf, "<host_info>")) {
host.parse(fin);
@ -85,7 +83,7 @@ int SCHEDULER_REQUEST::parse(FILE* fin) {
continue;
}
else if (match_tag(buf, "<code_sign_key>")) {
dup_element_contents(fin, "</code_sign_key>", &code_sign_key);
copy_element_contents(fin, "</code_sign_key>", code_sign_key, sizeof(code_sign_key));
}
else {
sprintf(ebuf, "SCHEDULER_REQUEST::parse(): unrecognized: %s\n", buf);
@ -102,8 +100,8 @@ SCHEDULER_REPLY::SCHEDULER_REPLY() {
strcpy(message, "");
strcpy(message_priority, "");
send_global_prefs = false;
code_sign_key = 0;
code_sign_key_signature = 0;
strcpy(code_sign_key, "");
strcpy(code_sign_key_signature, "");
memset(&user, 0, sizeof(user));
memset(&host, 0, sizeof(host));
memset(&team, 0, sizeof(team));
@ -111,8 +109,6 @@ SCHEDULER_REPLY::SCHEDULER_REPLY() {
}
SCHEDULER_REPLY::~SCHEDULER_REPLY() {
if (code_sign_key) free(code_sign_key);
if (code_sign_key_signature) free(code_sign_key_signature);
}
int SCHEDULER_REPLY::write(FILE* fout) {
@ -210,12 +206,12 @@ int SCHEDULER_REPLY::write(FILE* fout) {
for (i=0; i<results.size(); i++) {
fputs(results[i].xml_doc_in, fout);
}
if (code_sign_key) {
if (strlen(code_sign_key)) {
fputs("<code_sign_key>\n", fout);
fputs(code_sign_key, fout);
fputs("</code_sign_key>\n", fout);
}
if (code_sign_key_signature) {
if (strlen(code_sign_key_signature)) {
fputs("<code_sign_key_signature>\n", fout);
fputs(code_sign_key_signature, fout);
fputs("</code_sign_key_signature>\n", fout);
@ -280,26 +276,19 @@ int RESULT::parse_from_client(FILE* fin) {
else if (parse_int(buf, "<state>", client_state)) continue;
else if (parse_double(buf, "<final_cpu_time>", cpu_time)) continue;
else if (match_tag(buf, "<file_info>")) {
strcat(xml_doc_out, buf);
safe_strcat(xml_doc_out, buf);
while (fgets(buf, 256, fin)) {
// protect againt buffer overrun
if (strlen(buf) + strlen(xml_doc_out) <= MAX_BLOB_SIZE) {
strcat(xml_doc_out, buf);
}
safe_strcat(xml_doc_out, buf);
if (match_tag(buf, "</file_info>")) break;
}
continue;
}
else if (match_tag(buf, "<stderr_out>" )) {
} else if (match_tag(buf, "<stderr_out>" )) {
while (fgets(buf, 256, fin)) {
if (match_tag(buf, "</stderr_out>")) break;
if (strlen(stderr_out) + strlen(buf) < MAX_BLOB_SIZE) {
strcat(stderr_out, buf);
}
safe_strcat(stderr_out, buf);
}
continue;
}
else {
} else {
sprintf(ebuf, "RESULT::parse_from_client(): unrecognized: %s\n", buf);
write_log(ebuf);
}

View File

@ -43,8 +43,8 @@ struct SCHEDULER_REQUEST {
int core_client_minor_version;
int rpc_seqno;
int work_req_seconds;
char* global_prefs_xml;
char* code_sign_key;
char global_prefs_xml[MAX_BLOB_SIZE];
char code_sign_key[MAX_BLOB_SIZE];
HOST host;
vector<RESULT> results;
@ -73,8 +73,8 @@ struct SCHEDULER_REPLY {
vector<WORKUNIT>wus;
vector<RESULT>results;
vector<RESULT>result_acks;
char* code_sign_key;
char* code_sign_key_signature;
char code_sign_key[MAX_BLOB_SIZE];
char code_sign_key_signature[MAX_BLOB_SIZE];
SCHEDULER_REPLY();
~SCHEDULER_REPLY();