From 7f763ab6e730242ec4a1aaf4405d386458460ba4 Mon Sep 17 00:00:00 2001 From: jcorporation Date: Tue, 15 Jan 2019 00:51:13 +0000 Subject: [PATCH] Fix: buffer overflow in mympd_api.c --- CMakeLists.txt | 15 +++++++++++++-- src/mympd_api.c | 4 ++-- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index aee6355..8e9ef3f 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -30,8 +30,19 @@ include_directories(${PROJECT_BINARY_DIR} ${PROJECT_SOURCE_DIR} ${LIBMPDCLIENT_I include(CheckCSourceCompiles) -set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -std=gnu99 -O2 -Wall -Wextra -pedantic -Wformat=2 -Wno-unused-parameter -Wshadow -Wwrite-strings -Wstrict-prototypes -Wold-style-definition -Wredundant-decls -Wnested-externs -Wmissing-include-dirs -D MG_ENABLE_SSL -D MG_ENABLE_THREADS -D MG_ENABLE_IPV6 -D MG_DISABLE_MQTT -D MG_DISABLE_MQTT_BROKER -D MG_DISABLE_DNS_SERVER -D MG_DISABLE_COAP -D MG_DISABLE_HTTP_CGI -D MG_DISABLE_HTTP_SSI -D MG_DISABLE_HTTP_WEBDAV") -set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -ggdb -D_FORTIFY_SOURCE=2 -fstack-protector -fsanitize=address -fno-omit-frame-pointer -fsanitize=undefined -fsanitize=shift -fsanitize=integer-divide-by-zero -fsanitize=unreachable -fsanitize=vla-bound -fsanitize=null -fsanitize=return -fsanitize=signed-integer-overflow -fsanitize=bounds -fsanitize=bounds-strict -fsanitize=alignment -fsanitize=object-size -fsanitize=float-divide-by-zero -fsanitize=float-cast-overflow -fsanitize=nonnull-attribute -fsanitize=returns-nonnull-attribute -fsanitize=bool -fsanitize=enum -fsanitize=vptr -static-libasan") +set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -std=gnu99 -O2 -Wall -Wextra -pedantic -Wformat=2 -Wno-unused-parameter -Wshadow \ + -Wwrite-strings -Wstrict-prototypes -Wold-style-definition -Wredundant-decls -Wnested-externs -Wmissing-include-dirs \ + -fstack-protector -D_FORTIFY_SOURCE=2 -pie -fPIE \ + -D MG_ENABLE_SSL -D MG_ENABLE_THREADS -D MG_ENABLE_IPV6 -D MG_DISABLE_MQTT -D MG_DISABLE_MQTT_BROKER \ + -D MG_DISABLE_DNS_SERVER -D MG_DISABLE_COAP -D MG_DISABLE_HTTP_CGI -D MG_DISABLE_HTTP_SSI -D MG_DISABLE_HTTP_WEBDAV") + +set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -ggdb -fsanitize=address \ + -fsanitize=undefined -fsanitize=shift -fsanitize=integer-divide-by-zero -fsanitize=unreachable -fsanitize=vla-bound \ + -fsanitize=null -fsanitize=return -fsanitize=signed-integer-overflow -fsanitize=bounds -fsanitize=bounds-strict \ + -fsanitize=alignment -fsanitize=object-size -fsanitize=float-divide-by-zero -fsanitize=float-cast-overflow \ + -fsanitize=nonnull-attribute -fsanitize=returns-nonnull-attribute -fsanitize=bool -fsanitize=enum -fsanitize=vptr -static-libasan") + +set (CMAKE_EXE_LINKER_FLAGS "-Wl,-z,relro -Wl,-z,now") find_package(OpenSSL REQUIRED) include_directories(${OPENSSL_INCLUDE_DIR}) diff --git a/src/mympd_api.c b/src/mympd_api.c index 1574bbe..d388496 100644 --- a/src/mympd_api.c +++ b/src/mympd_api.c @@ -82,7 +82,7 @@ void *mympd_api_loop(void *arg_config) { t_work_request *mpd_client_request = (t_work_request *)malloc(sizeof(t_work_request)); mpd_client_request->conn_id = 0; mpd_client_request->cmd_id = MYMPD_API_SETTINGS_SET; - mpd_client_request->length = snprintf(mpd_client_request->data, MAX_SIZE, + mpd_client_request->length = snprintf(mpd_client_request->data, 1000, "{\"cmd\":\"MYMPD_API_SETTINGS_SET\", \"data\":{\"jukeboxMode\": %d, \"jukeboxPlaylist\": \"%s\", \"jukeboxQueueLength\": %d}}", mympd_state.jukeboxMode, mympd_state.jukeboxPlaylist, @@ -211,7 +211,7 @@ static void mympd_api(t_config *config, t_mympd_state *mympd_state, t_work_reque t_work_request *mpd_client_request = (t_work_request *)malloc(sizeof(t_work_request)); mpd_client_request->conn_id = request->conn_id; mpd_client_request->cmd_id = request->cmd_id; - mpd_client_request->length = copy_string(mpd_client_request->data, request->data, MAX_SIZE, request->length); + mpd_client_request->length = copy_string(mpd_client_request->data, request->data, 1000, request->length); tiny_queue_push(mpd_client_queue, mpd_client_request); } else if (request->cmd_id == MYMPD_API_SETTINGS_GET) {