mirror of
https://github.com/Llewellynvdm/conky.git
synced 2024-09-30 05:59:07 +00:00
fix potential buffer overflow in parse_conky_vars()
This commit is contained in:
parent
70e5afe5ac
commit
a1ddcc0786
17
src/conky.c
17
src/conky.c
@ -714,10 +714,11 @@ static void extract_variable_text(const char *p)
|
|||||||
extract_variable_text_internal(&global_root_object, p);
|
extract_variable_text_internal(&global_root_object, p);
|
||||||
}
|
}
|
||||||
|
|
||||||
void parse_conky_vars(struct text_object *root, const char *txt, char *p, struct information *cur)
|
void parse_conky_vars(struct text_object *root, const char *txt,
|
||||||
|
char *p, int p_max_size, struct information *cur)
|
||||||
{
|
{
|
||||||
extract_variable_text_internal(root, txt);
|
extract_variable_text_internal(root, txt);
|
||||||
generate_text_internal(p, max_user_text, *root, cur);
|
generate_text_internal(p, p_max_size, *root, cur);
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline void format_media_player_time(char *buf, const int size,
|
static inline void format_media_player_time(char *buf, const int size,
|
||||||
@ -1190,7 +1191,7 @@ void generate_text_internal(char *p, int p_max_size,
|
|||||||
}
|
}
|
||||||
#endif /* IMLIB2 */
|
#endif /* IMLIB2 */
|
||||||
OBJ(eval) {
|
OBJ(eval) {
|
||||||
evaluate(obj->data.s, p);
|
evaluate(obj->data.s, p, p_max_size);
|
||||||
}
|
}
|
||||||
OBJ(exec) {
|
OBJ(exec) {
|
||||||
print_exec(obj, p, p_max_size);
|
print_exec(obj, p, p_max_size);
|
||||||
@ -1226,7 +1227,7 @@ void generate_text_internal(char *p, int p_max_size,
|
|||||||
print_execi(obj, p, p_max_size);
|
print_execi(obj, p, p_max_size);
|
||||||
}
|
}
|
||||||
OBJ(execpi) {
|
OBJ(execpi) {
|
||||||
print_execpi(obj, p);
|
print_execpi(obj, p, p_max_size);
|
||||||
}
|
}
|
||||||
OBJ(texeci) {
|
OBJ(texeci) {
|
||||||
print_texeci(obj, p, p_max_size);
|
print_texeci(obj, p, p_max_size);
|
||||||
@ -1320,7 +1321,7 @@ void generate_text_internal(char *p, int p_max_size,
|
|||||||
OBJ(lua_parse) {
|
OBJ(lua_parse) {
|
||||||
char *str = llua_getstring(obj->data.s);
|
char *str = llua_getstring(obj->data.s);
|
||||||
if (str) {
|
if (str) {
|
||||||
evaluate(str, p);
|
evaluate(str, p, p_max_size);
|
||||||
free(str);
|
free(str);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -2610,15 +2611,15 @@ void generate_text_internal(char *p, int p_max_size,
|
|||||||
#endif /* X11 */
|
#endif /* X11 */
|
||||||
}
|
}
|
||||||
|
|
||||||
void evaluate(const char *text, char *buffer)
|
void evaluate(const char *text, char *p, int p_max_size)
|
||||||
{
|
{
|
||||||
struct information *tmp_info;
|
struct information *tmp_info;
|
||||||
struct text_object subroot;
|
struct text_object subroot;
|
||||||
|
|
||||||
tmp_info = malloc(sizeof(struct information));
|
tmp_info = malloc(sizeof(struct information));
|
||||||
memcpy(tmp_info, &info, sizeof(struct information));
|
memcpy(tmp_info, &info, sizeof(struct information));
|
||||||
parse_conky_vars(&subroot, text, buffer, tmp_info);
|
parse_conky_vars(&subroot, text, p, p_max_size, tmp_info);
|
||||||
DBGP("evaluated '%s' to '%s'", text, buffer);
|
DBGP("evaluated '%s' to '%s'", text, p);
|
||||||
|
|
||||||
free_text_objects(&subroot, 1);
|
free_text_objects(&subroot, 1);
|
||||||
free(tmp_info);
|
free(tmp_info);
|
||||||
|
@ -320,9 +320,9 @@ int spaced_print(char *, int, const char *, int, ...)
|
|||||||
extern int inotify_fd;
|
extern int inotify_fd;
|
||||||
|
|
||||||
/* defined in conky.c
|
/* defined in conky.c
|
||||||
* evaluates 'text' and places the result in 'buffer'
|
* evaluates 'text' and places the result in 'p' of max length 'p_max_size'
|
||||||
*/
|
*/
|
||||||
void evaluate(const char *text, char *buffer);
|
void evaluate(const char *text, char *p, int p_max_size);
|
||||||
|
|
||||||
/* maximum size of config TEXT buffer, i.e. below TEXT line. */
|
/* maximum size of config TEXT buffer, i.e. below TEXT line. */
|
||||||
extern unsigned int max_user_text;
|
extern unsigned int max_user_text;
|
||||||
@ -359,7 +359,7 @@ void set_update_interval(double interval);
|
|||||||
#define UNUSED_ATTR __attribute__ ((unused))
|
#define UNUSED_ATTR __attribute__ ((unused))
|
||||||
|
|
||||||
void parse_conky_vars(struct text_object *, const char *,
|
void parse_conky_vars(struct text_object *, const char *,
|
||||||
char *, struct information *);
|
char *, int, struct information *);
|
||||||
|
|
||||||
void generate_text_internal(char *, int, struct text_object,
|
void generate_text_internal(char *, int, struct text_object,
|
||||||
struct information *);
|
struct information *);
|
||||||
|
17
src/exec.c
17
src/exec.c
@ -266,15 +266,20 @@ void print_execp(struct text_object *obj, char *p, int p_max_size)
|
|||||||
{
|
{
|
||||||
struct information *tmp_info;
|
struct information *tmp_info;
|
||||||
struct text_object subroot;
|
struct text_object subroot;
|
||||||
|
char *buf;
|
||||||
|
|
||||||
read_exec(obj->data.s, p, p_max_size);
|
buf = malloc(text_buffer_size);
|
||||||
|
memset(buf, 0, text_buffer_size);
|
||||||
|
|
||||||
|
read_exec(obj->data.s, buf, text_buffer_size);
|
||||||
|
|
||||||
tmp_info = malloc(sizeof(struct information));
|
tmp_info = malloc(sizeof(struct information));
|
||||||
memcpy(tmp_info, &info, sizeof(struct information));
|
memcpy(tmp_info, &info, sizeof(struct information));
|
||||||
parse_conky_vars(&subroot, p, p, tmp_info);
|
parse_conky_vars(&subroot, buf, p, p_max_size, tmp_info);
|
||||||
|
|
||||||
free_text_objects(&subroot, 1);
|
free_text_objects(&subroot, 1);
|
||||||
free(tmp_info);
|
free(tmp_info);
|
||||||
|
free(buf);
|
||||||
}
|
}
|
||||||
|
|
||||||
void print_execi(struct text_object *obj, char *p, int p_max_size)
|
void print_execi(struct text_object *obj, char *p, int p_max_size)
|
||||||
@ -293,7 +298,7 @@ void print_execi(struct text_object *obj, char *p, int p_max_size)
|
|||||||
snprintf(p, p_max_size, "%s", ed->buffer);
|
snprintf(p, p_max_size, "%s", ed->buffer);
|
||||||
}
|
}
|
||||||
|
|
||||||
void print_execpi(struct text_object *obj, char *p)
|
void print_execpi(struct text_object *obj, char *p, int p_max_size)
|
||||||
{
|
{
|
||||||
struct execi_data *ed = obj->data.opaque;
|
struct execi_data *ed = obj->data.opaque;
|
||||||
struct text_object subroot;
|
struct text_object subroot;
|
||||||
@ -305,9 +310,7 @@ void print_execpi(struct text_object *obj, char *p)
|
|||||||
tmp_info = malloc(sizeof(struct information));
|
tmp_info = malloc(sizeof(struct information));
|
||||||
memcpy(tmp_info, &info, sizeof(struct information));
|
memcpy(tmp_info, &info, sizeof(struct information));
|
||||||
|
|
||||||
if (!time_to_update(ed)) {
|
if (time_to_update(ed)) {
|
||||||
parse_conky_vars(&subroot, ed->buffer, p, tmp_info);
|
|
||||||
} else {
|
|
||||||
char *output;
|
char *output;
|
||||||
int length;
|
int length;
|
||||||
FILE *fp = pid_popen(ed->cmd, "r", &childpid);
|
FILE *fp = pid_popen(ed->cmd, "r", &childpid);
|
||||||
@ -324,9 +327,9 @@ void print_execpi(struct text_object *obj, char *p)
|
|||||||
output[length - 1] = '\0';
|
output[length - 1] = '\0';
|
||||||
}
|
}
|
||||||
|
|
||||||
parse_conky_vars(&subroot, ed->buffer, p, tmp_info);
|
|
||||||
ed->last_update = current_update_time;
|
ed->last_update = current_update_time;
|
||||||
}
|
}
|
||||||
|
parse_conky_vars(&subroot, ed->buffer, p, p_max_size, tmp_info);
|
||||||
free_text_objects(&subroot, 1);
|
free_text_objects(&subroot, 1);
|
||||||
free(tmp_info);
|
free(tmp_info);
|
||||||
}
|
}
|
||||||
|
@ -40,7 +40,7 @@ void scan_execgraph_arg(struct text_object *, const char *);
|
|||||||
void print_exec(struct text_object *, char *, int);
|
void print_exec(struct text_object *, char *, int);
|
||||||
void print_execp(struct text_object *, char *, int);
|
void print_execp(struct text_object *, char *, int);
|
||||||
void print_execi(struct text_object *, char *, int);
|
void print_execi(struct text_object *, char *, int);
|
||||||
void print_execpi(struct text_object *, char *);
|
void print_execpi(struct text_object *, char *, int);
|
||||||
void print_texeci(struct text_object *, char *, int);
|
void print_texeci(struct text_object *, char *, int);
|
||||||
#ifdef X11
|
#ifdef X11
|
||||||
void print_execgauge(struct text_object *, char *, int);
|
void print_execgauge(struct text_object *, char *, int);
|
||||||
|
@ -59,7 +59,7 @@ static int llua_conky_parse(lua_State *L)
|
|||||||
lua_error(L);
|
lua_error(L);
|
||||||
}
|
}
|
||||||
str = strdup(lua_tostring(L, 1));
|
str = strdup(lua_tostring(L, 1));
|
||||||
evaluate(str, buf);
|
evaluate(str, buf, max_user_text);
|
||||||
lua_pushstring(L, buf);
|
lua_pushstring(L, buf);
|
||||||
free(str);
|
free(str);
|
||||||
free(buf);
|
free(buf);
|
||||||
|
Loading…
Reference in New Issue
Block a user