mirrors/xrdp
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

sesman: env_set_user, fix potential bof issues

Browse Source 
Conflicts:
	sesman/env.c
This commit is contained in:
speidy 2016-10-04 01:53:24 -04:00
parent 4fe4b436d7
commit 33c7f1038c
5 changed files with 51 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
common/os_calls.c
View File

@ -228,14 +228,17 @@ g_sprintf(char* dest, const char* format, ...)
}
/*****************************************************************************/
void DEFAULT_CC
int DEFAULT_CC
g_snprintf(char* dest, int len, const char* format, ...)
{
int err;
va_list ap;
va_start(ap, format);
vsnprintf(dest, len, format, ap);
err = vsnprintf(dest, len, format, ap);
va_end(ap);
return err;
}
/*****************************************************************************/
@ -2335,10 +2338,11 @@ g_sigterm(int pid)
/*****************************************************************************/
/* returns 0 if ok */
/* the caller is responsible to free the buffs */
/* does not work in win32 */
int APP_CC
g_getuser_info(const char* username, int* gid, int* uid, char* shell,
char* dir, char* gecos)
g_getuser_info(const char *username, int *gid, int *uid, char **shell,
char **dir, char **gecos)
{
#if defined(_WIN32)
return 1;
@ -2358,15 +2362,15 @@ g_getuser_info(const char* username, int* gid, int* uid, char* shell,
}
if (dir != 0)
{
g_strcpy(dir, pwd_1->pw_dir);
*dir = g_strdup(pwd_1->pw_dir);
}
if (shell != 0)
{
g_strcpy(shell, pwd_1->pw_shell);
*shell = g_strdup(pwd_1->pw_shell);
}
if (gecos != 0)
{
g_strcpy(gecos, pwd_1->pw_gecos);
*gecos = g_strdup(pwd_1->pw_gecos);
}
return 0;
}

6
common/os_calls.h
View File

@ -47,7 +47,7 @@ void DEFAULT_CC
g_printf(const char *format, ...);
void DEFAULT_CC
g_sprintf(char* dest, const char* format, ...);
void DEFAULT_CC
int DEFAULT_CC
g_snprintf(char* dest, int len, const char* format, ...);
void DEFAULT_CC
g_writeln(const char* format, ...);
@ -259,8 +259,8 @@ g_getpid(void);
int APP_CC
g_sigterm(int pid);
int APP_CC
g_getuser_info(const char* username, int* gid, int* uid, char* shell,
char* dir, char* gecos);
g_getuser_info(const char* username, int* gid, int* uid, char** shell,
char** dir, char** gecos);
int APP_CC
g_getgroup_info(const char* groupname, int* gid);
int APP_CC

38
sesman/env.c
View File

@ -59,19 +59,21 @@ env_check_password_file(char* filename, char* password)
/******************************************************************************/
int DEFAULT_CC
env_set_user(char* username, char* passwd_file, int display)
env_set_user(char* username, char** passwd_file, int display)
{
int error;
int pw_uid;
int pw_gid;
int uid;
char pw_shell[256];
char pw_dir[256];
char pw_gecos[256];
int len;
char *pw_shell;
char *pw_dir;
char text[256];
error = g_getuser_info(username, &pw_gid, &pw_uid, pw_shell, pw_dir,
pw_gecos);
pw_shell = 0;
pw_dir = 0;
error = g_getuser_info(username, &pw_gid, &pw_uid, &pw_shell, &pw_dir, 0);
if (error == 0)
{
g_rm_temp_dir();
@ -105,16 +107,36 @@ env_set_user(char* username, char* passwd_file, int display)
/* if no auth_file_path is set, then we go for
$HOME/.vnc/sesman_username_passwd */
g_mkdir(".vnc");
g_sprintf(passwd_file, "%s/.vnc/sesman_%s_passwd", pw_dir, username);
len = g_snprintf(NULL, 0, "%s/.vnc/sesman_%s_passwd", pw_dir, username);
*passwd_file = (char *) g_malloc(len + 1, 1);
if (*passwd_file != NULL)
{
g_sprintf(*passwd_file, "%s/.vnc/sesman_%s_passwd", pw_dir, username);
}
}
else
{
/* we use auth_file_path as requested */
g_sprintf(passwd_file, g_cfg->auth_file_path, username);
len = g_snprintf(NULL, 0, g_cfg->auth_file_path, username);
*passwd_file = (char *) g_malloc(len + 1, 1);
if (*passwd_file != NULL)
{
g_sprintf(*passwd_file, g_cfg->auth_file_path, username);
}
}
if (*passwd_file != NULL)
{
LOG_DBG(&(g_cfg->log), "pass file: %s", *passwd_file);
}
LOG_DBG("pass file: %s", passwd_file);
}
}
g_free(pw_dir);
g_free(pw_shell);
}
else
{

2
sesman/env.h
View File

@ -49,7 +49,7 @@ env_check_password_file(char* filename, char* password);
*
*/
int DEFAULT_CC
env_set_user(char* username, char* passwd_file, int display);
env_set_user(char* username, char** passwd_file, int display);
#endif

9
sesman/session.c
View File

@ -365,7 +365,7 @@ session_start_fork(int width, int height, int bpp, char* username,
char depth[32];
char screen[32];
char text[256];
char passwd_file[256];
char *passwd_file;
char ** pp1 = (char **)NULL;
struct session_chain * temp = (struct session_chain *)NULL;
struct list * xserver_params = (struct list *)NULL;
@ -380,7 +380,8 @@ session_start_fork(int width, int height, int bpp, char* username,
g_memset(depth,0,sizeof(char) * 32);
g_memset(screen,0,sizeof(char) * 32);
g_memset(text,0,sizeof(char) * 256);
g_memset(passwd_file,0,sizeof(char) * 256);
passwd_file = 0;
/* check to limit concurrent sessions */
if (g_session_count >= g_cfg->sess.max_sessions)
@ -512,7 +513,7 @@ session_start_fork(int width, int height, int bpp, char* username,
}
else if (xpid == 0) /* child */
{
env_set_user(username, passwd_file, display);
env_set_user(username, &passwd_file, display);
env_check_password_file(passwd_file, password);
if (type == SESMAN_SESSION_TYPE_XVNC)
{
@ -527,6 +528,7 @@ session_start_fork(int width, int height, int bpp, char* username,
list_add_item(xserver_params, (long)g_strdup(depth));
list_add_item(xserver_params, (long)g_strdup("-rfbauth"));
list_add_item(xserver_params, (long)g_strdup(passwd_file));
g_free(passwd_file);
/* additional parameters from sesman.ini file */
//config_read_xserver_params(SESMAN_SESSION_TYPE_XVNC,
@ -550,6 +552,7 @@ session_start_fork(int width, int height, int bpp, char* username,
list_add_item(xserver_params, (long)g_strdup(geometry));
list_add_item(xserver_params, (long)g_strdup("-depth"));
list_add_item(xserver_params, (long)g_strdup(depth));
g_free(passwd_file);
/* additional parameters from sesman.ini file */
//config_read_xserver_params(SESMAN_SESSION_TYPE_XRDP,