Llewellyn/conky
1
0
Fork 0
mirror of https://github.com/Llewellynvdm/conky.git synced 2024-09-30 05:59:07 +00:00
Code Issues Releases Activity

fix potential buffer overflow in parse_conky_vars()

Browse Source
This commit is contained in:
Phil Sutter 2009-11-16 02:15:13 +01:00
parent 70e5afe5ac
commit a1ddcc0786
5 changed files with 24 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/conky.c
View File

@ -714,10 +714,11 @@ static void extract_variable_text(const char *p)
extract_variable_text_internal(&global_root_object, p); extract_variable_text_internal(&global_root_object, p);
} }
void parse_conky_vars(struct text_object *root, const char *txt, char *p, struct information *cur) void parse_conky_vars(struct text_object *root, const char *txt,
char *p, int p_max_size, struct information *cur)
{ {
extract_variable_text_internal(root, txt); extract_variable_text_internal(root, txt);
generate_text_internal(p, max_user_text, *root, cur); generate_text_internal(p, p_max_size, *root, cur);
} }
static inline void format_media_player_time(char *buf, const int size, static inline void format_media_player_time(char *buf, const int size,
@ -1190,7 +1191,7 @@ void generate_text_internal(char *p, int p_max_size,
} }
#endif /* IMLIB2 */ #endif /* IMLIB2 */
OBJ(eval) { OBJ(eval) {
evaluate(obj->data.s, p); evaluate(obj->data.s, p, p_max_size);
} }
OBJ(exec) { OBJ(exec) {
print_exec(obj, p, p_max_size); print_exec(obj, p, p_max_size);
@ -1226,7 +1227,7 @@ void generate_text_internal(char *p, int p_max_size,
print_execi(obj, p, p_max_size); print_execi(obj, p, p_max_size);
} }
OBJ(execpi) { OBJ(execpi) {
print_execpi(obj, p); print_execpi(obj, p, p_max_size);
} }
OBJ(texeci) { OBJ(texeci) {
print_texeci(obj, p, p_max_size); print_texeci(obj, p, p_max_size);
@ -1320,7 +1321,7 @@ void generate_text_internal(char *p, int p_max_size,
OBJ(lua_parse) { OBJ(lua_parse) {
char *str = llua_getstring(obj->data.s); char *str = llua_getstring(obj->data.s);
if (str) { if (str) {
evaluate(str, p); evaluate(str, p, p_max_size);
free(str); free(str);
} }
} }
@ -2610,15 +2611,15 @@ void generate_text_internal(char *p, int p_max_size,
#endif /* X11 */ #endif /* X11 */
} }
void evaluate(const char *text, char *buffer) void evaluate(const char *text, char *p, int p_max_size)
{ {
struct information *tmp_info; struct information *tmp_info;
struct text_object subroot; struct text_object subroot;
tmp_info = malloc(sizeof(struct information)); tmp_info = malloc(sizeof(struct information));
memcpy(tmp_info, &info, sizeof(struct information)); memcpy(tmp_info, &info, sizeof(struct information));
parse_conky_vars(&subroot, text, buffer, tmp_info); parse_conky_vars(&subroot, text, p, p_max_size, tmp_info);
DBGP("evaluated '%s' to '%s'", text, buffer); DBGP("evaluated '%s' to '%s'", text, p);
free_text_objects(&subroot, 1); free_text_objects(&subroot, 1);
free(tmp_info); free(tmp_info);

6
src/conky.h
View File

@ -320,9 +320,9 @@ int spaced_print(char *, int, const char *, int, ...)
extern int inotify_fd; extern int inotify_fd;
/* defined in conky.c /* defined in conky.c
* evaluates 'text' and places the result in 'buffer' * evaluates 'text' and places the result in 'p' of max length 'p_max_size'
*/ */
void evaluate(const char *text, char *buffer); void evaluate(const char *text, char *p, int p_max_size);
/* maximum size of config TEXT buffer, i.e. below TEXT line. */ /* maximum size of config TEXT buffer, i.e. below TEXT line. */
extern unsigned int max_user_text; extern unsigned int max_user_text;
@ -359,7 +359,7 @@ void set_update_interval(double interval);
#define UNUSED_ATTR __attribute__ ((unused)) #define UNUSED_ATTR __attribute__ ((unused))
void parse_conky_vars(struct text_object *, const char *, void parse_conky_vars(struct text_object *, const char *,
char *, struct information *); char *, int, struct information *);
void generate_text_internal(char *, int, struct text_object, void generate_text_internal(char *, int, struct text_object,
struct information *); struct information *);

17
src/exec.c
View File

@ -266,15 +266,20 @@ void print_execp(struct text_object *obj, char *p, int p_max_size)
{ {
struct information *tmp_info; struct information *tmp_info;
struct text_object subroot; struct text_object subroot;
char *buf;
read_exec(obj->data.s, p, p_max_size); buf = malloc(text_buffer_size);
memset(buf, 0, text_buffer_size);
read_exec(obj->data.s, buf, text_buffer_size);
tmp_info = malloc(sizeof(struct information)); tmp_info = malloc(sizeof(struct information));
memcpy(tmp_info, &info, sizeof(struct information)); memcpy(tmp_info, &info, sizeof(struct information));
parse_conky_vars(&subroot, p, p, tmp_info); parse_conky_vars(&subroot, buf, p, p_max_size, tmp_info);
free_text_objects(&subroot, 1); free_text_objects(&subroot, 1);
free(tmp_info); free(tmp_info);
free(buf);
} }
void print_execi(struct text_object *obj, char *p, int p_max_size) void print_execi(struct text_object *obj, char *p, int p_max_size)
@ -293,7 +298,7 @@ void print_execi(struct text_object *obj, char *p, int p_max_size)
snprintf(p, p_max_size, "%s", ed->buffer); snprintf(p, p_max_size, "%s", ed->buffer);
} }
void print_execpi(struct text_object *obj, char *p) void print_execpi(struct text_object *obj, char *p, int p_max_size)
{ {
struct execi_data *ed = obj->data.opaque; struct execi_data *ed = obj->data.opaque;
struct text_object subroot; struct text_object subroot;
@ -305,9 +310,7 @@ void print_execpi(struct text_object *obj, char *p)
tmp_info = malloc(sizeof(struct information)); tmp_info = malloc(sizeof(struct information));
memcpy(tmp_info, &info, sizeof(struct information)); memcpy(tmp_info, &info, sizeof(struct information));
if (!time_to_update(ed)) { if (time_to_update(ed)) {
parse_conky_vars(&subroot, ed->buffer, p, tmp_info);
} else {
char *output; char *output;
int length; int length;
FILE *fp = pid_popen(ed->cmd, "r", &childpid); FILE *fp = pid_popen(ed->cmd, "r", &childpid);
@ -324,9 +327,9 @@ void print_execpi(struct text_object *obj, char *p)
output[length - 1] = '\0'; output[length - 1] = '\0';
} }
parse_conky_vars(&subroot, ed->buffer, p, tmp_info);
ed->last_update = current_update_time; ed->last_update = current_update_time;
} }
parse_conky_vars(&subroot, ed->buffer, p, p_max_size, tmp_info);
free_text_objects(&subroot, 1); free_text_objects(&subroot, 1);
free(tmp_info); free(tmp_info);
} }

2
src/exec.h
View File

@ -40,7 +40,7 @@ void scan_execgraph_arg(struct text_object *, const char *);
void print_exec(struct text_object *, char *, int); void print_exec(struct text_object *, char *, int);
void print_execp(struct text_object *, char *, int); void print_execp(struct text_object *, char *, int);
void print_execi(struct text_object *, char *, int); void print_execi(struct text_object *, char *, int);
void print_execpi(struct text_object *, char *); void print_execpi(struct text_object *, char *, int);
void print_texeci(struct text_object *, char *, int); void print_texeci(struct text_object *, char *, int);
#ifdef X11 #ifdef X11
void print_execgauge(struct text_object *, char *, int); void print_execgauge(struct text_object *, char *, int);

2
src/llua.c
View File

@ -59,7 +59,7 @@ static int llua_conky_parse(lua_State *L)
lua_error(L); lua_error(L);
} }
str = strdup(lua_tostring(L, 1)); str = strdup(lua_tostring(L, 1));
evaluate(str, buf); evaluate(str, buf, max_user_text);
lua_pushstring(L, buf); lua_pushstring(L, buf);
free(str); free(str);
free(buf); free(buf);