Fix potential vulnerabilities.

--HG--
branch : develop
This commit is contained in:
Roman Telezhynskyi 2016-12-20 20:18:36 +02:00
parent 0ec53b6499
commit 86330282be
4 changed files with 157 additions and 22 deletions

View File

@ -49,6 +49,7 @@
#include "dl_creationinterface.h" #include "dl_creationinterface.h"
#include "dl_entities.h" #include "dl_entities.h"
#include "iostream" #include "iostream"
#include "strlcpy.h"
/** /**
* Default constructor. * Default constructor.
@ -2554,10 +2555,7 @@ void DL_Dxf::endSequence(DL_CreationInterface* creationInterface)
DL_WriterA* DL_Dxf::out(const char* file, DL_Codes::version version) DL_WriterA* DL_Dxf::out(const char* file, DL_Codes::version version)
{ {
char* f = new char[strlen(file)+1]; char* f = new char[strlen(file)+1];
QT_WARNING_PUSH strlcpy(f, file, sizeof(f));
QT_WARNING_DISABLE_MSVC(4996)
strcpy(f, file);
QT_WARNING_POP
this->version = version; this->version = version;
DL_WriterA* dw = new DL_WriterA(f, version); DL_WriterA* dw = new DL_WriterA(f, version);
@ -5864,7 +5862,7 @@ int DL_Dxf::getLibVersion(const std::string& str)
// double ret; // double ret;
// if (strchr(value, ',') != NULL) { // if (strchr(value, ',') != NULL) {
// char* tmp = new char[strlen(value)+1]; // char* tmp = new char[strlen(value)+1];
// strcpy(tmp, value); // strlcpy(tmp, value, sizeof(tmp));
// DL_WriterA::strReplace(tmp, ',', '.'); // DL_WriterA::strReplace(tmp, ',', '.');
// ret = atof(tmp); // ret = atof(tmp);
// delete[] tmp; // delete[] tmp;
@ -5891,15 +5889,12 @@ void DL_Dxf::test()
char* buf5 = new char[10]; char* buf5 = new char[10];
char* buf6 = new char[10]; char* buf6 = new char[10];
QT_WARNING_PUSH strlcpy(buf1, " 10\n", sizeof(buf1));
QT_WARNING_DISABLE_MSVC(4996) strlcpy(buf2, "10", sizeof(buf2));
strcpy(buf1, " 10\n"); strlcpy(buf3, "10\n", sizeof(buf3));
strcpy(buf2, "10"); strlcpy(buf4, " 10 \n", sizeof(buf4));
strcpy(buf3, "10\n"); strlcpy(buf5, " 10 \r", sizeof(buf5));
strcpy(buf4, " 10 \n"); strlcpy(buf6, "\t10 \n", sizeof(buf6));
strcpy(buf5, " 10 \r");
strcpy(buf6, "\t10 \n");
QT_WARNING_POP
// Try to avoid deleting array from an offset // Try to avoid deleting array from an offset
char* buf1Copy = buf1; char* buf1Copy = buf1;

View File

@ -66,17 +66,16 @@ void DL_WriterA::dxfReal(int gc, double value) const
{ {
char str[256]; char str[256];
QT_WARNING_PUSH QT_WARNING_PUSH
QT_WARNING_DISABLE_MSVC(4996)
#if defined(__GNUC__) && (__GNUC__ * 100 + __GNUC_MINOR__) < 408 #if defined(__GNUC__) && (__GNUC__ * 100 + __GNUC_MINOR__) < 408
QT_WARNING_DISABLE_GCC("-Wformat") QT_WARNING_DISABLE_GCC("-Wformat")
#endif #endif
if (version==DL_Codes::AC1009_MIN) if (version==DL_Codes::AC1009_MIN)
{ {
sprintf(str, "%.6lf", value); snprintf(str, sizeof(str), "%.6lf", value);
} }
else else
{ {
sprintf(str, "%.16lf", value); snprintf(str, sizeof(str), "%.16lf", value);
} }
QT_WARNING_POP QT_WARNING_POP
@ -132,10 +131,7 @@ void DL_WriterA::dxfInt(int gc, int value) const
void DL_WriterA::dxfHex(int gc, int value) const void DL_WriterA::dxfHex(int gc, int value) const
{ {
char str[12]; char str[12];
QT_WARNING_PUSH snprintf(str, sizeof(str), "%0X", value);
QT_WARNING_DISABLE_MSVC(4996)
sprintf(str, "%0X", value);
QT_WARNING_POP
dxfString(gc, str); dxfString(gc, str);
} }

View File

@ -0,0 +1,143 @@
/************************************************************************
**
** @file strlcpy.h
** @author Roman Telezhynskyi <dismine(at)gmail.com>
** @date December 20, 2016
**
** @brief
** @copyright
** This source code is part of the Valentine project, a pattern making
** program, whose allow create and modeling patterns of clothing.
** Copyright (C) 2013-2016 Valentina project
** <https://bitbucket.org/dismine/valentina> All Rights Reserved.
**
** Valentina is free software: you can redistribute it and/or modify
** it under the terms of the GNU General Public License as published by
** the Free Software Foundation, either version 3 of the License, or
** (at your option) any later version.
**
** Valentina is distributed in the hope that it will be useful,
** but WITHOUT ANY WARRANTY; without even the implied warranty of
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
** GNU General Public License for more details.
**
** You should have received a copy of the GNU General Public License
** along with Valentina. If not, see <http://www.gnu.org/licenses/>.
**
*************************************************************************/
/*
* Copyright (c) 1998 Todd C. Miller <Todd.Miller@courtesan.com>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
* THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
* OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef VALENTINA_STRLCPY_H
#define VALENTINA_STRLCPY_H
/* This function comes from BSD */
#if !defined(__FreeBSD__) && !defined(__OpenBSD__) && !defined(__NetBSD__) && \
!defined(__bsdi__) && !defined(__APPLE__)
#include <sys/types.h>
#include <string.h>
/*
* Copy src to string dst of size siz. At most siz-1 characters
* will be copied. Always NUL terminates (unless siz == 0).
* Returns strlen(src); if retval >= siz, truncation occurred.
*/
inline size_t strlcpy(char *dst, const char *src, size_t siz)
{
char *d = dst;
const char *s = src;
size_t n = siz;
/* Copy as many bytes as will fit */
if (n != 0)
{
while (--n != 0)
{
if ((*d++ = *s++) == '\0')
{
break;
}
}
}
/* Not enough room in dst, add NUL and traverse rest of src */
if (n == 0)
{
if (siz != 0)
{
*d = '\0'; /* NUL-terminate dst */
}
while (*s++)
;
}
return(s - src - 1); /* count does not include NUL */
}
/*
* Appends src to string dst of size siz (unlike strncat, siz is the
* full size of dst, not space left). At most siz-1 characters
* will be copied. Always NUL terminates (unless siz <= strlen(dst)).
* Returns strlen(src) + MIN(siz, strlen(initial dst)).
* If retval >= siz, truncation occurred.
*/
inline size_t strlcat(char *dst, const char *src, size_t siz)
{
char *d = dst;
const char *s = src;
size_t n = siz;
size_t dlen;
/* Find the end of dst and adjust bytes left but don't go past end */
while (n-- != 0 && *d != '\0')
{
d++;
}
dlen = d - dst;
n = siz - dlen;
if (n == 0)
{
return(dlen + strlen(s));
}
while (*s != '\0')
{
if (n != 1)
{
*d++ = *s;
n--;
}
s++;
}
*d = '\0';
return(dlen + (s - src)); /* count does not include NUL */
}
#endif /* ! __*BSD__ */
#endif // VALENTINA_STRLCPY_H

View File

@ -24,4 +24,5 @@ HEADERS += \
$$PWD/dxflib/dl_writer_ascii.h \ $$PWD/dxflib/dl_writer_ascii.h \
$$PWD/vdxfengine.h \ $$PWD/vdxfengine.h \
$$PWD/vdxfpaintdevice.h \ $$PWD/vdxfpaintdevice.h \
$$PWD/dxfdef.h $$PWD/dxfdef.h \
$$PWD/dxflib/strlcpy.h