1
0
mirror of https://github.com/SuperBFG7/ympd synced 2024-11-05 22:36:16 +00:00

Fix: buffer overflow in mympd_api.c

This commit is contained in:
jcorporation 2019-01-15 00:51:13 +00:00
parent 68a471c0df
commit 7f763ab6e7
2 changed files with 15 additions and 4 deletions

View File

@ -30,8 +30,19 @@ include_directories(${PROJECT_BINARY_DIR} ${PROJECT_SOURCE_DIR} ${LIBMPDCLIENT_I
include(CheckCSourceCompiles) include(CheckCSourceCompiles)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -std=gnu99 -O2 -Wall -Wextra -pedantic -Wformat=2 -Wno-unused-parameter -Wshadow -Wwrite-strings -Wstrict-prototypes -Wold-style-definition -Wredundant-decls -Wnested-externs -Wmissing-include-dirs -D MG_ENABLE_SSL -D MG_ENABLE_THREADS -D MG_ENABLE_IPV6 -D MG_DISABLE_MQTT -D MG_DISABLE_MQTT_BROKER -D MG_DISABLE_DNS_SERVER -D MG_DISABLE_COAP -D MG_DISABLE_HTTP_CGI -D MG_DISABLE_HTTP_SSI -D MG_DISABLE_HTTP_WEBDAV") set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -std=gnu99 -O2 -Wall -Wextra -pedantic -Wformat=2 -Wno-unused-parameter -Wshadow \
set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -ggdb -D_FORTIFY_SOURCE=2 -fstack-protector -fsanitize=address -fno-omit-frame-pointer -fsanitize=undefined -fsanitize=shift -fsanitize=integer-divide-by-zero -fsanitize=unreachable -fsanitize=vla-bound -fsanitize=null -fsanitize=return -fsanitize=signed-integer-overflow -fsanitize=bounds -fsanitize=bounds-strict -fsanitize=alignment -fsanitize=object-size -fsanitize=float-divide-by-zero -fsanitize=float-cast-overflow -fsanitize=nonnull-attribute -fsanitize=returns-nonnull-attribute -fsanitize=bool -fsanitize=enum -fsanitize=vptr -static-libasan") -Wwrite-strings -Wstrict-prototypes -Wold-style-definition -Wredundant-decls -Wnested-externs -Wmissing-include-dirs \
-fstack-protector -D_FORTIFY_SOURCE=2 -pie -fPIE \
-D MG_ENABLE_SSL -D MG_ENABLE_THREADS -D MG_ENABLE_IPV6 -D MG_DISABLE_MQTT -D MG_DISABLE_MQTT_BROKER \
-D MG_DISABLE_DNS_SERVER -D MG_DISABLE_COAP -D MG_DISABLE_HTTP_CGI -D MG_DISABLE_HTTP_SSI -D MG_DISABLE_HTTP_WEBDAV")
set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -ggdb -fsanitize=address \
-fsanitize=undefined -fsanitize=shift -fsanitize=integer-divide-by-zero -fsanitize=unreachable -fsanitize=vla-bound \
-fsanitize=null -fsanitize=return -fsanitize=signed-integer-overflow -fsanitize=bounds -fsanitize=bounds-strict \
-fsanitize=alignment -fsanitize=object-size -fsanitize=float-divide-by-zero -fsanitize=float-cast-overflow \
-fsanitize=nonnull-attribute -fsanitize=returns-nonnull-attribute -fsanitize=bool -fsanitize=enum -fsanitize=vptr -static-libasan")
set (CMAKE_EXE_LINKER_FLAGS "-Wl,-z,relro -Wl,-z,now")
find_package(OpenSSL REQUIRED) find_package(OpenSSL REQUIRED)
include_directories(${OPENSSL_INCLUDE_DIR}) include_directories(${OPENSSL_INCLUDE_DIR})

View File

@ -82,7 +82,7 @@ void *mympd_api_loop(void *arg_config) {
t_work_request *mpd_client_request = (t_work_request *)malloc(sizeof(t_work_request)); t_work_request *mpd_client_request = (t_work_request *)malloc(sizeof(t_work_request));
mpd_client_request->conn_id = 0; mpd_client_request->conn_id = 0;
mpd_client_request->cmd_id = MYMPD_API_SETTINGS_SET; mpd_client_request->cmd_id = MYMPD_API_SETTINGS_SET;
mpd_client_request->length = snprintf(mpd_client_request->data, MAX_SIZE, mpd_client_request->length = snprintf(mpd_client_request->data, 1000,
"{\"cmd\":\"MYMPD_API_SETTINGS_SET\", \"data\":{\"jukeboxMode\": %d, \"jukeboxPlaylist\": \"%s\", \"jukeboxQueueLength\": %d}}", "{\"cmd\":\"MYMPD_API_SETTINGS_SET\", \"data\":{\"jukeboxMode\": %d, \"jukeboxPlaylist\": \"%s\", \"jukeboxQueueLength\": %d}}",
mympd_state.jukeboxMode, mympd_state.jukeboxMode,
mympd_state.jukeboxPlaylist, mympd_state.jukeboxPlaylist,
@ -211,7 +211,7 @@ static void mympd_api(t_config *config, t_mympd_state *mympd_state, t_work_reque
t_work_request *mpd_client_request = (t_work_request *)malloc(sizeof(t_work_request)); t_work_request *mpd_client_request = (t_work_request *)malloc(sizeof(t_work_request));
mpd_client_request->conn_id = request->conn_id; mpd_client_request->conn_id = request->conn_id;
mpd_client_request->cmd_id = request->cmd_id; mpd_client_request->cmd_id = request->cmd_id;
mpd_client_request->length = copy_string(mpd_client_request->data, request->data, MAX_SIZE, request->length); mpd_client_request->length = copy_string(mpd_client_request->data, request->data, 1000, request->length);
tiny_queue_push(mpd_client_queue, mpd_client_request); tiny_queue_push(mpd_client_queue, mpd_client_request);
} }
else if (request->cmd_id == MYMPD_API_SETTINGS_GET) { else if (request->cmd_id == MYMPD_API_SETTINGS_GET) {