1 |
robbat2 11/01/26 01:49:29 |
2 |
|
3 |
Added: qmailadmin-1.2.12-quota-overflow.patch |
4 |
Log: |
5 |
Bug #269123: fix quota overflow security vulns. |
6 |
|
7 |
(Portage version: 2.2.0_alpha19/cvs/Linux x86_64) |
8 |
|
9 |
Revision Changes Path |
10 |
1.1 net-mail/qmailadmin/files/qmailadmin-1.2.12-quota-overflow.patch |
11 |
|
12 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-mail/qmailadmin/files/qmailadmin-1.2.12-quota-overflow.patch?rev=1.1&view=markup |
13 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-mail/qmailadmin/files/qmailadmin-1.2.12-quota-overflow.patch?rev=1.1&content-type=text/plain |
14 |
|
15 |
Index: qmailadmin-1.2.12-quota-overflow.patch |
16 |
=================================================================== |
17 |
diff -Nurp qmailadmin-1.2.12/util.c qmailadmin-1.2.12.new/util.c |
18 |
--- qmailadmin-1.2.12/util.c 2007-09-21 19:27:40.000000000 -0400 |
19 |
+++ qmailadmin-1.2.12.new/util.c 2009-07-11 01:54:02.000000000 -0400 |
20 |
@@ -19,10 +19,11 @@ |
21 |
|
22 |
#include <stdio.h> |
23 |
#include <stdlib.h> |
24 |
+#include <stddef.h> |
25 |
+#include <errno.h> |
26 |
#include <string.h> |
27 |
#include <unistd.h> |
28 |
#include <sys/stat.h> |
29 |
-#include <unistd.h> |
30 |
#include <pwd.h> |
31 |
#include <dirent.h> |
32 |
#include <ctype.h> |
33 |
@@ -352,41 +353,70 @@ char *get_quota_used(char *dir) { |
34 |
back to bytes for vpasswd file |
35 |
return value: 0 for success, 1 for failure |
36 |
*/ |
37 |
-int quota_to_bytes(char returnval[], char *quota) { |
38 |
+int quota_to_bytes(char returnval[], const char *quota) { |
39 |
double tmp; |
40 |
+ int err = 0; |
41 |
|
42 |
if (quota == NULL) { return 1; } |
43 |
- if ((tmp = atof(quota))) { |
44 |
- tmp *= 1048576; |
45 |
- sprintf(returnval, "%.0lf", tmp); |
46 |
- return 0; |
47 |
+ |
48 |
+ /* first set errno to 0 to determine if an error occurs */ |
49 |
+ errno = 0; |
50 |
+ tmp = strtod(quota, NULL); |
51 |
+ err = errno; |
52 |
+ if (err != 0) { |
53 |
+ perror("quota_to_bytes"); |
54 |
+ return 1; |
55 |
} else { |
56 |
- strcpy (returnval, ""); |
57 |
- return 1; |
58 |
+ tmp *= (1024*1024); |
59 |
+ err = sprintf(returnval, "%.0lf", tmp); |
60 |
+ if (err > 0) { |
61 |
+ return 0; |
62 |
+ } else { |
63 |
+ returnval[0] = '\0'; |
64 |
+ return 1; |
65 |
+ } |
66 |
} |
67 |
} |
68 |
/* quota_to_megabytes: used to convert vpasswd representation of quota |
69 |
to number of megabytes. |
70 |
return value: 0 for success, 1 for failure |
71 |
*/ |
72 |
-int quota_to_megabytes(char *returnval, char *quota) { |
73 |
+int quota_to_megabytes(char *returnval, const char *quota) { |
74 |
double tmp; |
75 |
- int i; |
76 |
+ int err = 0; |
77 |
+ size_t i; |
78 |
|
79 |
if (quota == NULL) { return 1; } |
80 |
i = strlen(quota); |
81 |
+ |
82 |
+ errno = 0; |
83 |
+ tmp = strtod(quota, NULL); |
84 |
+ err = errno; |
85 |
+ if (err != 0) { |
86 |
+ perror("quota_to_megabytes"); |
87 |
+ return 1; |
88 |
+ } |
89 |
+ |
90 |
if ((quota[i-1] == 'M') || (quota[i-1] == 'm')) { |
91 |
- tmp = atol(quota); /* already in megabytes */ |
92 |
+ /* already in megabytes */ |
93 |
} else if ((quota[i-1] == 'K') || (quota[i-1] == 'k')) { |
94 |
- tmp = atol(quota) * 1024; /* convert kilobytes to megabytes */ |
95 |
- } else if ((tmp = atol(quota))) { |
96 |
- tmp /= 1048576.0; |
97 |
+ /* convert kilobytes to megabytes */ |
98 |
+ tmp *= 1024; |
99 |
+ } else if (tmp != 0) { |
100 |
+ /* convert bytes to megabytes */ |
101 |
+ tmp /= (1024*1024); |
102 |
} else { |
103 |
- strcpy (returnval, ""); |
104 |
- return 1; |
105 |
+ returnval[0] = '\0'; |
106 |
+ return 1; |
107 |
+ } |
108 |
+ |
109 |
+ err = sprintf(returnval, "%.2lf", tmp); |
110 |
+ if (err > 0) { |
111 |
+ return 0; |
112 |
+ } else { |
113 |
+ returnval[0] = '\0'; |
114 |
+ return 1; |
115 |
} |
116 |
- sprintf(returnval, "%.2lf", tmp); |
117 |
- return 0; |
118 |
} |
119 |
|
120 |
void print_user_index (char *action, int colspan, char *user, char *dom, time_t mytime) |
121 |
diff -Nurp qmailadmin-1.2.12/util.h qmailadmin-1.2.12.new/util.h |
122 |
--- qmailadmin-1.2.12/util.h 2007-09-21 19:27:40.000000000 -0400 |
123 |
+++ qmailadmin-1.2.12.new/util.h 2009-07-11 02:02:45.000000000 -0400 |
124 |
@@ -25,8 +25,8 @@ void str_replace (char *, char, char); |
125 |
|
126 |
void qmail_button(char *modu, char *command, char *user, char *dom, time_t mytime, char *png); |
127 |
|
128 |
-int quota_to_bytes(char[], char*); //jhopper prototype |
129 |
-int quota_to_megabytes(char[], char*); //jhopper prototype |
130 |
+int quota_to_bytes(char[], const char*); //jhopper prototype |
131 |
+int quota_to_megabytes(char[], const char*); //jhopper prototype |
132 |
|
133 |
void print_user_index (char *action, int colspan, char *user, char *dom, time_t mytime); |
134 |
char *cgiurl (char *action); |