From: Simon Schubert <corecode@dragonflybsd.org>
Date: Thu, 9 Jul 2009 12:37:16 +0000 (+0200)
Subject: dma: various code hardening
X-Git-Url: https://gitweb.dragonflybsd.org/~corecode/dragonfly.git/commitdiff_plain/2922fd2bd6788906dceed0495a001f3d31177256

dma: various code hardening

(as found by the Debian hardening wrapper)

- check the result of fgets()
- loop the network writes until the whole thing is sent
- check one more write() result

Submitted-by: Peter Pentchev <roam@ringlet.net>
---

diff --git a/libexec/dma/conf.c b/libexec/dma/conf.c
index 47af9e5202..9156063745 100644
--- a/libexec/dma/conf.c
+++ b/libexec/dma/conf.c
@@ -106,7 +106,8 @@ parse_virtuser(const char *path)
 		return (-1);
 
 	while (!feof(v)) {
-		fgets(line, sizeof(line), v);
+		if (fgets(line, sizeof(line), v) == NULL)
+			break;
 		/* We hit a comment */
 		if (strchr(line, '#'))
 			*strchr(line, '#') = 0;
@@ -162,7 +163,8 @@ parse_authfile(const char *path)
 		return (1);
 
 	while (!feof(a)) {
-		fgets(line, sizeof(line), a);
+		if (fgets(line, sizeof(line), a) == NULL)
+			break;
 		/* We hit a comment */
 		if (strchr(line, '#'))
 			*strchr(line, '#') = 0;
@@ -199,7 +201,8 @@ parse_conf(const char *config_path, struct config *config)
 	config->features = 0;
 
 	while (!feof(conf)) {
-		fgets(line, sizeof(line), conf);
+		if (fgets(line, sizeof(line), conf) == NULL)
+			break;
 		/* We hit a comment */
 		if (strchr(line, '#'))
 			*strchr(line, '#') = 0;
diff --git a/libexec/dma/dma.c b/libexec/dma/dma.c
index f87477ab2c..3ca98264a2 100644
--- a/libexec/dma/dma.c
+++ b/libexec/dma/dma.c
@@ -525,7 +525,8 @@ Message headers follow.\n\
 			break;
 		if (line[0] == '\n')
 			break;
-		write(bounceq.mailfd, line, strlen(line));
+		if ((size_t)write(bounceq.mailfd, line, strlen(line)) != strlen(line))
+			goto fail;
 	}
 	if (fsync(bounceq.mailfd) != 0)
 		goto fail;
diff --git a/libexec/dma/net.c b/libexec/dma/net.c
index fd1eec5bac..11ac4eb010 100644
--- a/libexec/dma/net.c
+++ b/libexec/dma/net.c
@@ -73,23 +73,39 @@ send_remote_command(int fd, const char* fmt, ...)
 {
 	va_list va;
 	char cmd[4096];
-	ssize_t len = 0;
+	size_t len, pos;
+	int s;
+	ssize_t n;
 
 	va_start(va, fmt);
-	vsprintf(cmd, fmt, va);
+	s = vsnprintf(cmd, sizeof(cmd) - 2, fmt, va);
+	va_end(va);
+	if (s == sizeof(cmd) - 2 || s < 0)
+		errx(1, "Internal error: oversized command string");
+	/* We *know* there are at least two more bytes available */
+	strcat(cmd, "\r\n");
+	len = strlen(cmd);
 
 	if (((config->features & SECURETRANS) != 0) &&
 	    ((config->features & NOSSL) == 0)) {
-		len = SSL_write(config->ssl, (const char*)cmd, strlen(cmd));
-		SSL_write(config->ssl, "\r\n", 2);
+		while ((s = SSL_write(config->ssl, (const char*)cmd, len)) <= 0) {
+			s = SSL_get_error(config->ssl, s);
+			if (s != SSL_ERROR_WANT_READ &&
+			    s != SSL_ERROR_WANT_WRITE)
+				return (-1);
+		}
 	}
 	else {
-		len = write(fd, cmd, strlen(cmd));
-		write(fd, "\r\n", 2);
+		pos = 0;
+		while (pos < len) {
+			n = write(fd, cmd + pos, len - pos);
+			if (n < 0)
+				return (-1);
+			pos += n;
+		}
 	}
-	va_end(va);
 
-	return (len+2);
+	return (len);
 }
 
 int