[PATCH 1/3] add some length verification to avoid reading not owned memory

[PATCH 1/3] add some length verification to avoid reading not owned memory

[jr_extern]

[-- Attachment #1: Type: text/plain, Size: 1200 bytes --]

From: Jens Rehsack <jr_extern@vfnet.de>

---
 src/push.c |    8 +++++++-
 1 files changed, 7 insertions(+), 1 deletions(-)

diff --git a/src/push.c b/src/push.c
index 6a54907..6107352 100644
--- a/src/push.c
+++ b/src/push.c
@@ -351,13 +351,16 @@ gboolean mms_push_notify(unsigned char *pdu, unsigned int len,
 	/* Consume TID and Type */
 	nread = 2;
 
-	if (wsp_decode_uintvar(pdu + nread, len,
+	if (wsp_decode_uintvar(pdu + nread, len - nread,
 					&headerslen, &consumed) == FALSE)
 		return FALSE;
 
 	/* Consume uintvar bytes */
 	nread += consumed;
 
+	/* Check if content type could be read */
+	if (headerslen > (len - nread))
+		return FALSE;
 	/* Try to decode content-type */
 	if (wsp_decode_content_type(pdu + nread, headerslen, &ct,
 			&consumed, &param_len) == FALSE)
@@ -370,6 +373,9 @@ gboolean mms_push_notify(unsigned char *pdu, unsigned int len,
 	consumed += param_len;
 	nread += consumed;
 
+	/* Check if application_id could be read */
+	if ((headerslen - consumed) > (len - nread))
+		return FALSE;
 	/* Parse header to decode application_id */
 	wsp_header_iter_init(&iter, pdu + nread, headerslen - consumed, 0);
 
-- 
1.7.9.1

[PATCH 2/3] changing depreciated libtool initialization to modern one

[jr_extern]

[-- Attachment #1: Type: text/plain, Size: 1512 bytes --]

From: Jens Rehsack <jr_extern@vfnet.de>

---
 Makefile.am  |    4 ++++
 configure.ac |   10 ++++++++--
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/Makefile.am b/Makefile.am
index c3a4486..bebcb90 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1,6 +1,10 @@
 
 AM_MAKEFLAGS = --no-print-directory
 
+LIBTOOL_DEPS = @LIBTOOL_DEPS@
+libtool: $(LIBTOOL_DEPS)
+	$(SHELL) ./config.status libtool
+
 gdbus_sources = gdbus/gdbus.h gdbus/mainloop.c gdbus/watch.c \
 					gdbus/object.c gdbus/polkit.c
 
diff --git a/configure.ac b/configure.ac
index 34cc526..d82569b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -31,8 +31,8 @@ AC_PROG_INSTALL
 m4_define([_LT_AC_TAGCONFIG], [])
 m4_ifdef([AC_LIBTOOL_TAGS], [AC_LIBTOOL_TAGS([])])
 
-AC_DISABLE_STATIC
-AC_PROG_LIBTOOL
+dnl AC_DISABLE_STATIC
+dnl AC_PROG_LIBTOOL
 
 AC_ARG_ENABLE(optimization, AC_HELP_STRING([--disable-optimization],
 			[disable code optimization through compiler]), [
@@ -58,6 +58,12 @@ AC_ARG_ENABLE(pie, AC_HELP_STRING([--enable-pie],
 	fi
 ])
 
+dnl LT_INIT should be invoked after all compiler flags checks, because
+dnl of LT_INIT remembers the RPATH stored in test targets which might
+dnl be different for different compiler flags (known issue on AIX)
+LT_INIT([dlopen,disable-static])
+AC_SUBST([LIBTOOL_DEPS])
+
 AC_CHECK_HEADERS(resolv.h, dummy=yes,
 			AC_MSG_ERROR(resolver header files are required))
 AC_CHECK_LIB(resolv, ns_initparse, dummy=yes, [
-- 
1.7.9.1

[PATCH 3/3] let configure find required libs

[jr_extern]

[-- Attachment #1: Type: text/plain, Size: 2309 bytes --]

From: Jens Rehsack <jr_extern@vfnet.de>

---
 Makefile.am  |    2 +-
 configure.ac |   24 +++++++++++++++++-------
 2 files changed, 18 insertions(+), 8 deletions(-)

diff --git a/Makefile.am b/Makefile.am
index bebcb90..178def4 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -28,7 +28,7 @@ src_mmsd_SOURCES = $(gdbus_sources) $(gweb_sources) $(builtin_sources) \
 			src/push.h src/push.c src/store.h src/store.c \
 			src/wsputil.h src/wsputil.c src/mmsutil.h src/mmsutil.c
 
-src_mmsd_LDADD = $(builtin_libadd) @GLIB_LIBS@ @DBUS_LIBS@ -lresolv -ldl
+src_mmsd_LDADD = $(builtin_libadd) @GLIB_LIBS@ @DBUS_LIBS@
 
 src_mmsd_LDFLAGS = -Wl,--export-dynamic
 
diff --git a/configure.ac b/configure.ac
index d82569b..883b59c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -64,15 +64,25 @@ dnl be different for different compiler flags (known issue on AIX)
 LT_INIT([dlopen,disable-static])
 AC_SUBST([LIBTOOL_DEPS])
 
+dnl check how we can use the resolver. while resolv.h comes with bind,
+dnl it's probably reasonable to use a combined search macro like
+dnl smart-snmpd's ACX_CHECK_LIB_FLAGS
 AC_CHECK_HEADERS(resolv.h, dummy=yes,
 			AC_MSG_ERROR(resolver header files are required))
-AC_CHECK_LIB(resolv, ns_initparse, dummy=yes, [
-	AC_CHECK_LIB(resolv, __ns_initparse, dummy=yes,
-			AC_MSG_ERROR(resolver library support is required))
-])
-
-AC_CHECK_LIB(dl, dlopen, dummy=yes,
-			AC_MSG_ERROR(dynamic linking loader is required))
+dnl ns_initparse is libresolv internal use only - limited usage intended?
+AC_SEARCH_LIBS(ns_initparse, resolv, ,
+		AC_MSG_ERROR(resolver support is required))
+dnl AC_CHECK_LIB(resolv, ns_initparse, dummy=yes, [
+dnl 	AC_CHECK_LIB(resolv, __ns_initparse, dummy=yes,
+dnl 			AC_MSG_ERROR(resolver library support is required))
+dnl ])
+
+dnl search how we can load dynamic libraries
+dnl TODO use libltdl, which would work on BeOS (Haiku), Darwin (MacOS X) or
+dnl      for debugging purposes with libtool's dlpreopen
+AC_SEARCH_LIBS(dlopen, dl, , AC_MSG_ERROR(dynamic linking loader is required))
+dnl AC_CHECK_LIB(dl, dlopen, dummy=yes,
+dnl 			AC_MSG_ERROR(dynamic linking loader is required))
 
 PKG_CHECK_MODULES(GLIB, glib-2.0 >= 2.16, dummy=yes,
 				AC_MSG_ERROR(GLib >= 2.16 is required))
-- 
1.7.9.1

Re: [PATCH 2/3] changing depreciated libtool initialization to modern one

[Jens Rehsack]

[-- Attachment #1: Type: text/plain, Size: 1701 bytes --]

Am 28.02.2012 09:17, schrieb jr_extern(a)vfnet.de:
> From: Jens Rehsack <jr_extern@vfnet.de>
> 
> ---
>  Makefile.am  |    4 ++++
>  configure.ac |   10 ++++++++--
>  2 files changed, 12 insertions(+), 2 deletions(-)
> 
> diff --git a/Makefile.am b/Makefile.am
> index c3a4486..bebcb90 100644
> --- a/Makefile.am
> +++ b/Makefile.am
> @@ -1,6 +1,10 @@
>  
>  AM_MAKEFLAGS = --no-print-directory
>  
> +LIBTOOL_DEPS = @LIBTOOL_DEPS@
> +libtool: $(LIBTOOL_DEPS)
> +	$(SHELL) ./config.status libtool
> +
>  gdbus_sources = gdbus/gdbus.h gdbus/mainloop.c gdbus/watch.c \
>  					gdbus/object.c gdbus/polkit.c
>  
> diff --git a/configure.ac b/configure.ac
> index 34cc526..d82569b 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -31,8 +31,8 @@ AC_PROG_INSTALL
>  m4_define([_LT_AC_TAGCONFIG], [])
>  m4_ifdef([AC_LIBTOOL_TAGS], [AC_LIBTOOL_TAGS([])])
>  
> -AC_DISABLE_STATIC
> -AC_PROG_LIBTOOL
> +dnl AC_DISABLE_STATIC
> +dnl AC_PROG_LIBTOOL
>  
>  AC_ARG_ENABLE(optimization, AC_HELP_STRING([--disable-optimization],
>  			[disable code optimization through compiler]), [
> @@ -58,6 +58,12 @@ AC_ARG_ENABLE(pie, AC_HELP_STRING([--enable-pie],
>  	fi
>  ])
>  
> +dnl LT_INIT should be invoked after all compiler flags checks, because
> +dnl of LT_INIT remembers the RPATH stored in test targets which might
> +dnl be different for different compiler flags (known issue on AIX)
> +LT_INIT([dlopen,disable-static])
This should be
+LT_INIT([dlopen disable-static])
> +AC_SUBST([LIBTOOL_DEPS])
> +
>  AC_CHECK_HEADERS(resolv.h, dummy=yes,
>  			AC_MSG_ERROR(resolver header files are required))
>  AC_CHECK_LIB(resolv, ns_initparse, dummy=yes, [

Re: [PATCH 1/3] add some length verification to avoid reading not owned memory

[Marcel Holtmann]

[-- Attachment #1: Type: text/plain, Size: 1474 bytes --]

Hi Jens,

please prefix the subject line with the files that get changed. So
something like push: would be good.

>  src/push.c |    8 +++++++-
>  1 files changed, 7 insertions(+), 1 deletions(-)
> 
> diff --git a/src/push.c b/src/push.c
> index 6a54907..6107352 100644
> --- a/src/push.c
> +++ b/src/push.c
> @@ -351,13 +351,16 @@ gboolean mms_push_notify(unsigned char *pdu, unsigned int len,
>  	/* Consume TID and Type */
>  	nread = 2;
>  
> -	if (wsp_decode_uintvar(pdu + nread, len,
> +	if (wsp_decode_uintvar(pdu + nread, len - nread,
>  					&headerslen, &consumed) == FALSE)
>  		return FALSE;
>  
>  	/* Consume uintvar bytes */
>  	nread += consumed;
>  
> +	/* Check if content type could be read */
> +	if (headerslen > (len - nread))
> +		return FALSE;

No need for (len - nread). Just do > len - nread.

>  	/* Try to decode content-type */
>  	if (wsp_decode_content_type(pdu + nread, headerslen, &ct,
>  			&consumed, &param_len) == FALSE)
> @@ -370,6 +373,9 @@ gboolean mms_push_notify(unsigned char *pdu, unsigned int len,
>  	consumed += param_len;
>  	nread += consumed;
>  
> +	/* Check if application_id could be read */
> +	if ((headerslen - consumed) > (len - nread))
> +		return FALSE;

Same here (headerslen - consumed > len - nread) is good enough.

>  	/* Parse header to decode application_id */
>  	wsp_header_iter_init(&iter, pdu + nread, headerslen - consumed, 0);
>  

Regards

Marcel

Re: [PATCH 2/3] changing depreciated libtool initialization to modern one

[Marcel Holtmann]

[-- Attachment #1: Type: text/plain, Size: 1566 bytes --]

Hi Jens,

> >  Makefile.am  |    4 ++++
> >  configure.ac |   10 ++++++++--
> >  2 files changed, 12 insertions(+), 2 deletions(-)
> > 
> > diff --git a/Makefile.am b/Makefile.am
> > index c3a4486..bebcb90 100644
> > --- a/Makefile.am
> > +++ b/Makefile.am
> > @@ -1,6 +1,10 @@
> >  
> >  AM_MAKEFLAGS = --no-print-directory
> >  
> > +LIBTOOL_DEPS = @LIBTOOL_DEPS@
> > +libtool: $(LIBTOOL_DEPS)
> > +	$(SHELL) ./config.status libtool
> > +
> >  gdbus_sources = gdbus/gdbus.h gdbus/mainloop.c gdbus/watch.c \
> >  					gdbus/object.c gdbus/polkit.c
> >  
> > diff --git a/configure.ac b/configure.ac
> > index 34cc526..d82569b 100644
> > --- a/configure.ac
> > +++ b/configure.ac
> > @@ -31,8 +31,8 @@ AC_PROG_INSTALL
> >  m4_define([_LT_AC_TAGCONFIG], [])
> >  m4_ifdef([AC_LIBTOOL_TAGS], [AC_LIBTOOL_TAGS([])])
> >  
> > -AC_DISABLE_STATIC
> > -AC_PROG_LIBTOOL
> > +dnl AC_DISABLE_STATIC
> > +dnl AC_PROG_LIBTOOL
> >  
> >  AC_ARG_ENABLE(optimization, AC_HELP_STRING([--disable-optimization],
> >  			[disable code optimization through compiler]), [
> > @@ -58,6 +58,12 @@ AC_ARG_ENABLE(pie, AC_HELP_STRING([--enable-pie],
> >  	fi
> >  ])
> >  
> > +dnl LT_INIT should be invoked after all compiler flags checks, because
> > +dnl of LT_INIT remembers the RPATH stored in test targets which might
> > +dnl be different for different compiler flags (known issue on AIX)
> > +LT_INIT([dlopen,disable-static])
> This should be
> +LT_INIT([dlopen disable-static])

please send an updated patch.

Regards

Marcel

Re: [PATCH 3/3] let configure find required libs

[Marcel Holtmann]

[-- Attachment #1: Type: text/plain, Size: 2362 bytes --]

Hi Jens,

>  Makefile.am  |    2 +-
>  configure.ac |   24 +++++++++++++++++-------
>  2 files changed, 18 insertions(+), 8 deletions(-)
> 
> diff --git a/Makefile.am b/Makefile.am
> index bebcb90..178def4 100644
> --- a/Makefile.am
> +++ b/Makefile.am
> @@ -28,7 +28,7 @@ src_mmsd_SOURCES = $(gdbus_sources) $(gweb_sources) $(builtin_sources) \
>  			src/push.h src/push.c src/store.h src/store.c \
>  			src/wsputil.h src/wsputil.c src/mmsutil.h src/mmsutil.c
>  
> -src_mmsd_LDADD = $(builtin_libadd) @GLIB_LIBS@ @DBUS_LIBS@ -lresolv -ldl
> +src_mmsd_LDADD = $(builtin_libadd) @GLIB_LIBS@ @DBUS_LIBS@
>  
>  src_mmsd_LDFLAGS = -Wl,--export-dynamic
>  
> diff --git a/configure.ac b/configure.ac
> index d82569b..883b59c 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -64,15 +64,25 @@ dnl be different for different compiler flags (known issue on AIX)
>  LT_INIT([dlopen,disable-static])
>  AC_SUBST([LIBTOOL_DEPS])
>  
> +dnl check how we can use the resolver. while resolv.h comes with bind,
> +dnl it's probably reasonable to use a combined search macro like
> +dnl smart-snmpd's ACX_CHECK_LIB_FLAGS
>  AC_CHECK_HEADERS(resolv.h, dummy=yes,
>  			AC_MSG_ERROR(resolver header files are required))
> -AC_CHECK_LIB(resolv, ns_initparse, dummy=yes, [
> -	AC_CHECK_LIB(resolv, __ns_initparse, dummy=yes,
> -			AC_MSG_ERROR(resolver library support is required))
> -])
> -
> -AC_CHECK_LIB(dl, dlopen, dummy=yes,
> -			AC_MSG_ERROR(dynamic linking loader is required))
> +dnl ns_initparse is libresolv internal use only - limited usage intended?
> +AC_SEARCH_LIBS(ns_initparse, resolv, ,
> +		AC_MSG_ERROR(resolver support is required))
> +dnl AC_CHECK_LIB(resolv, ns_initparse, dummy=yes, [
> +dnl 	AC_CHECK_LIB(resolv, __ns_initparse, dummy=yes,
> +dnl 			AC_MSG_ERROR(resolver library support is required))
> +dnl ])
> +
> +dnl search how we can load dynamic libraries
> +dnl TODO use libltdl, which would work on BeOS (Haiku), Darwin (MacOS X) or
> +dnl      for debugging purposes with libtool's dlpreopen
> +AC_SEARCH_LIBS(dlopen, dl, , AC_MSG_ERROR(dynamic linking loader is required))
> +dnl AC_CHECK_LIB(dl, dlopen, dummy=yes,
> +dnl 			AC_MSG_ERROR(dynamic linking loader is required))

what is this actually fixing. And all the dnl with dead code need to go
away.

Regards

Marcel