From 2a2be3392d26d228c5d0499e334d7288a13f4f79 Mon Sep 17 00:00:00 2001 From: darkcoven Date: Sun, 20 Oct 2013 00:08:43 +0200 Subject: [PATCH] Lib: add size checks to prevent several crashes --- lib/src/bitrate.c | 20 +++++++++++++++++--- lib/src/mirror.c | 4 ++++ lib/src/network.c | 9 +++++++-- lib/src/network.h | 2 +- lib/src/ports.c | 14 +++++++++++++- lib/src/qos.c | 16 +++++++++++++--- lib/src/session.c | 5 +++-- lib/src/vlan.c | 8 ++++++++ 8 files changed, 66 insertions(+), 12 deletions(-) diff --git a/lib/src/bitrate.c b/lib/src/bitrate.c index 82ec14c..460bc31 100644 --- a/lib/src/bitrate.c +++ b/lib/src/bitrate.c @@ -31,10 +31,16 @@ int ngadmin_getStormFilterState (struct ngadmin *nga, int *s) *s = 0; - if (attr->first != NULL) { - at = attr->first->data; - *s = *(char*)at->data; + if (attr->first == NULL) { + ret = ERR_BADREPLY; + goto end; + } + at = attr->first->data; + if (at->size != 1) { + ret = ERR_BADREPLY; + goto end; } + *s = *(char*)at->data; end: @@ -90,6 +96,10 @@ int ngadmin_getStormFilterValues (struct ngadmin *nga, int *ports) for (ln = attr->first; ln != NULL; ln = ln->next) { at = ln->data; sb = at->data; + if (at->size == 0) { + ret = ERR_BADREPLY; + goto end; + } if (sb->port <= sa->ports) ports[sb->port - 1] = sb->bitrate; } @@ -168,6 +178,10 @@ int ngadmin_getBitrateLimits (struct ngadmin *nga, int *ports) for (ln = attr->first; ln != NULL; ln = ln->next) { at = ln->data; pb = at->data; + if (at->size == 0) { + ret = ERR_BADREPLY; + goto end; + } if (pb->port > sa->ports) continue; else if (at->attr == ATTR_BITRATE_INPUT) diff --git a/lib/src/mirror.c b/lib/src/mirror.c index 8b76c1c..7a7cdc7 100644 --- a/lib/src/mirror.c +++ b/lib/src/mirror.c @@ -39,6 +39,10 @@ int ngadmin_getMirror (struct ngadmin *nga, char *ports) at = attr->first->data; am = at->data; + if (at->size == 0) { + ret = ERR_BADREPLY; + goto end; + } if (am->outport == 0) { memset(ports, 0, 1 + sa->ports); } else if (am->outport > 0 && at->size >= 1 + sa->ports) { diff --git a/lib/src/network.c b/lib/src/network.c index 8f26fc9..3f3126b 100644 --- a/lib/src/network.c +++ b/lib/src/network.c @@ -314,7 +314,7 @@ end: } -void extractSwitchAttributes (struct swi_attr *sa, const List *l) +int extractSwitchAttributes (struct swi_attr *sa, const List *l) { const ListNode *ln; const struct attr *at; @@ -325,6 +325,8 @@ void extractSwitchAttributes (struct swi_attr *sa, const List *l) for (ln = l->first; ln != NULL; ln = ln->next) { at = ln->data; + if (at->size == 0) + return -EMSGSIZE; switch (at->attr) { @@ -374,9 +376,12 @@ void extractSwitchAttributes (struct swi_attr *sa, const List *l) break; case ATTR_END: - return; + return 0; } } + + + return 0; } diff --git a/lib/src/network.h b/lib/src/network.h index ca80cb6..782d8e9 100644 --- a/lib/src/network.h +++ b/lib/src/network.h @@ -32,7 +32,7 @@ int readRequest (struct ngadmin *nga, List *attr); int writeRequest (struct ngadmin *nga, List *attr); -void extractSwitchAttributes (struct swi_attr *sa, const List *l); +int extractSwitchAttributes (struct swi_attr *sa, const List *l); #endif diff --git a/lib/src/ports.c b/lib/src/ports.c index 0c73533..8804e4b 100644 --- a/lib/src/ports.c +++ b/lib/src/ports.c @@ -38,6 +38,10 @@ int ngadmin_getPortsStatus (struct ngadmin *nga, unsigned char *ports) for (ln = attr->first; ln != NULL; ln = ln->next) { at = ln->data; ps = at->data; + if (at->size == 0) { + ret = ERR_BADREPLY; + goto end; + } if (ps->port <= sa->ports) ports[ps->port - 1] = ps->status; } @@ -80,6 +84,10 @@ int ngadmin_getPortsStatistics (struct ngadmin *nga, struct port_stats *ps) for (ln = attr->first; ln != NULL; ln = ln->next) { at = ln->data; aps = at->data; + if (at->size == 0) { + ret = ERR_BADREPLY; + goto end; + } if (aps->port <= sa->ports) { ps[aps->port -1].recv = aps->recv; ps[aps->port -1].sent = aps->sent; @@ -152,7 +160,11 @@ int ngadmin_cabletest (struct ngadmin *nga, struct cabletest *ct, int nb) for (ln = attr->first; ln != NULL; ln = ln->next) { at = ln->data; acr = at->data; - if (at->size == sizeof(struct attr_cabletest_result) && acr->port == ct[i].port) { + if (at->size != sizeof(struct attr_cabletest_result)) { + ret = ERR_BADREPLY; + goto end; + } + if (acr->port == ct[i].port) { ct[i].v1 = acr->v1; ct[i].v2 = acr->v2; break; diff --git a/lib/src/qos.c b/lib/src/qos.c index e31648a..f79da5e 100644 --- a/lib/src/qos.c +++ b/lib/src/qos.c @@ -31,10 +31,16 @@ int ngadmin_getQOSMode (struct ngadmin *nga, int *s) *s = 0; - if (attr->first != NULL) { - at = attr->first->data; - *s = *(char*)at->data; + if (attr->first == NULL) { + ret = ERR_BADREPLY; + goto end; + } + at = attr->first->data; + if (at->size != 1) { + ret = ERR_BADREPLY; + goto end; } + *s = *(char*)at->data; end: @@ -89,6 +95,10 @@ int ngadmin_getQOSValues (struct ngadmin *nga, char *ports) for (ln = attr->first; ln != NULL; ln = ln->next) { at = ln->data; aq = at->data; + if (at->size == 0) { + ret = ERR_BADREPLY; + goto end; + } if (aq->port <= sa->ports) ports[aq->port - 1] = aq->prio; } diff --git a/lib/src/session.c b/lib/src/session.c index 667464c..6f4a1eb 100644 --- a/lib/src/session.c +++ b/lib/src/session.c @@ -89,9 +89,10 @@ int ngadmin_scan (struct ngadmin *nga) if (sa == NULL) return ERR_MEM; - extractSwitchAttributes(sa, attr); + if (extractSwitchAttributes(sa, attr) == 0) + pushBackList(swiList, sa); + clearList(attr, (void(*)(void*))freeAttr); - pushBackList(swiList, sa); } nga->swi_count = swiList->count; diff --git a/lib/src/vlan.c b/lib/src/vlan.c index 962f2f2..9c319ea 100644 --- a/lib/src/vlan.c +++ b/lib/src/vlan.c @@ -36,6 +36,10 @@ int ngadmin_getVLANType (struct ngadmin *nga, int *t) goto end; } at = attr->first->data; + if (at->size != 1) { + ret = ERR_BADREPLY; + goto end; + } *t =(int)*(char*)at->data; end: @@ -460,6 +464,10 @@ int ngadmin_getAllPVID (struct ngadmin *nga, unsigned short *ports) for (ln = attr->first; ln != NULL; ln = ln->next) { at = ln->data; ap = at->data; + if (at->size == 0) { + ret = ERR_BADREPLY; + goto end; + } if (ap->port <= sa->ports) ports[ap->port - 1] = ap->vlan; } -- 2.39.5