From ee87d5e6df316815bd22b96e17da47a8433d4119 Mon Sep 17 00:00:00 2001 From: Michael Black Date: Wed, 1 Apr 2020 14:51:50 -0500 Subject: [PATCH] Fix buffer overrun in all utilities Change MAXCONFLEN to 1024 bytes for some future proofing --- tests/ampctl.c | 9 ++++++++- tests/ampctld.c | 9 ++++++++- tests/rigctl.c | 9 ++++++++- tests/rigctlcom.c | 9 ++++++++- tests/rigctld.c | 9 ++++++++- tests/rigmem.c | 9 ++++++++- tests/rigsmtr.c | 9 ++++++++- tests/rigswr.c | 9 ++++++++- tests/rotctl.c | 9 ++++++++- tests/rotctld.c | 9 ++++++++- 10 files changed, 80 insertions(+), 10 deletions(-) diff --git a/tests/ampctl.c b/tests/ampctl.c index 24c147b10..8da1925b9 100644 --- a/tests/ampctl.c +++ b/tests/ampctl.c @@ -105,7 +105,7 @@ static struct option long_options[] = {0, 0, 0, 0} }; -#define MAXCONFLEN 128 +#define MAXCONFLEN 1024 int interactive = 1; /* if no cmd on command line, switch to interactive */ int prompt = 1; /* Print prompt in ampctl */ @@ -205,6 +205,13 @@ int main(int argc, char *argv[]) strcat(conf_parms, ","); } + if (strlen(conf_parms) + strlen(optarg) > MAXCONFLEN - 24) + { + printf("Length of conf_parms exceeds internal maximum of %d\n", + MAXCONFLEN - 24); + return 1; + } + strncat(conf_parms, optarg, MAXCONFLEN - strlen(conf_parms)); break; diff --git a/tests/ampctld.c b/tests/ampctld.c index 4d0f3956c..111ca352f 100644 --- a/tests/ampctld.c +++ b/tests/ampctld.c @@ -111,7 +111,7 @@ const char *src_addr = NULL; /* INADDR_ANY */ char send_cmd_term = '\r'; /* send_cmd termination char */ -#define MAXCONFLEN 128 +#define MAXCONFLEN 1024 static void handle_error(enum rig_debug_level_e lvl, const char *msg) @@ -246,6 +246,13 @@ int main(int argc, char *argv[]) strcat(conf_parms, ","); } + if (strlen(conf_parms) + strlen(optarg) > MAXCONFLEN - 24) + { + printf("Length of conf_parms exceeds internal maximum of %d\n", + MAXCONFLEN - 24); + return 1; + } + strncat(conf_parms, optarg, MAXCONFLEN - strlen(conf_parms)); break; diff --git a/tests/rigctl.c b/tests/rigctl.c index f8c18f1ac..6f20e3146 100644 --- a/tests/rigctl.c +++ b/tests/rigctl.c @@ -116,7 +116,7 @@ static struct option long_options[] = }; -#define MAXCONFLEN 128 +#define MAXCONFLEN 1024 int main(int argc, char *argv[]) { @@ -366,6 +366,13 @@ int main(int argc, char *argv[]) strcat(conf_parms, ","); } + if (strlen(conf_parms) + strlen(optarg) > MAXCONFLEN - 24) + { + printf("Length of conf_parms exceeds internal maximum of %d\n", + MAXCONFLEN - 24); + return 1; + } + strncat(conf_parms, optarg, MAXCONFLEN - strlen(conf_parms)); break; diff --git a/tests/rigctlcom.c b/tests/rigctlcom.c index df92a4b40..60539853a 100644 --- a/tests/rigctlcom.c +++ b/tests/rigctlcom.c @@ -116,7 +116,7 @@ static sig_atomic_t volatile ctrl_c; static int volatile ctrl_c; #endif -#define MAXCONFLEN 128 +#define MAXCONFLEN 1024 #if 0 # ifdef WIN32 @@ -406,6 +406,13 @@ int main(int argc, char *argv[]) strcat(conf_parms, ","); } + if (strlen(conf_parms) + strlen(optarg) > MAXCONFLEN - 24) + { + printf("Length of conf_parms exceeds internal maximum of %d\n", + MAXCONFLEN - 24); + return 1; + } + strncat(conf_parms, optarg, MAXCONFLEN - strlen(conf_parms)); break; diff --git a/tests/rigctld.c b/tests/rigctld.c index 1784300b7..b75286c16 100644 --- a/tests/rigctld.c +++ b/tests/rigctld.c @@ -142,7 +142,7 @@ static int volatile ctrl_c; const char *portno = "4532"; const char *src_addr = NULL; /* INADDR_ANY */ -#define MAXCONFLEN 128 +#define MAXCONFLEN 1024 static void sync_callback(int lock) { @@ -457,6 +457,13 @@ int main(int argc, char *argv[]) strcat(conf_parms, ","); } + if (strlen(conf_parms) + strlen(optarg) > MAXCONFLEN - 24) + { + printf("Length of conf_parms exceeds internal maximum of %d\n", + MAXCONFLEN - 24); + return 1; + } + strncat(conf_parms, optarg, MAXCONFLEN - strlen(conf_parms)); break; diff --git a/tests/rigmem.c b/tests/rigmem.c index 76ca40641..029f77e45 100644 --- a/tests/rigmem.c +++ b/tests/rigmem.c @@ -90,7 +90,7 @@ static struct option long_options[] = {0, 0, 0, 0} }; -#define MAXCONFLEN 128 +#define MAXCONFLEN 1024 int all; @@ -185,6 +185,13 @@ int main(int argc, char *argv[]) strcat(conf_parms, ","); } + if (strlen(conf_parms) + strlen(optarg) > MAXCONFLEN - 24) + { + printf("Length of conf_parms exceeds internal maximum of %d\n", + MAXCONFLEN - 24); + return 1; + } + strncat(conf_parms, optarg, MAXCONFLEN - strlen(conf_parms)); break; diff --git a/tests/rigsmtr.c b/tests/rigsmtr.c index d5fbb593c..071814e20 100644 --- a/tests/rigsmtr.c +++ b/tests/rigsmtr.c @@ -70,7 +70,7 @@ static struct option long_options[] = {0, 0, 0, 0} }; -#define MAXCONFLEN 128 +#define MAXCONFLEN 1024 int main(int argc, char *argv[]) @@ -169,6 +169,13 @@ int main(int argc, char *argv[]) strcat(rig_conf_parms, ","); } + if (strlen(rig_conf_parms) + strlen(optarg) > MAXCONFLEN - 24) + { + printf("Length of conf_parms exceeds internal maximum of %d\n", + MAXCONFLEN - 24); + return 1; + } + strncat(rig_conf_parms, optarg, MAXCONFLEN - strlen(rig_conf_parms)); break; diff --git a/tests/rigswr.c b/tests/rigswr.c index aa0fec1e9..2901fe421 100644 --- a/tests/rigswr.c +++ b/tests/rigswr.c @@ -65,7 +65,7 @@ static struct option long_options[] = {0, 0, 0, 0} }; -#define MAXCONFLEN 128 +#define MAXCONFLEN 1024 int main(int argc, char *argv[]) @@ -159,6 +159,13 @@ int main(int argc, char *argv[]) strcat(conf_parms, ","); } + if (strlen(conf_parms) + strlen(optarg) > MAXCONFLEN - 24) + { + printf("Length of conf_parms exceeds internal maximum of %d\n", + MAXCONFLEN - 24); + return 1; + } + strncat(conf_parms, optarg, MAXCONFLEN - strlen(conf_parms)); break; diff --git a/tests/rotctl.c b/tests/rotctl.c index c1248aa88..b565502b1 100644 --- a/tests/rotctl.c +++ b/tests/rotctl.c @@ -106,7 +106,7 @@ static struct option long_options[] = {0, 0, 0, 0} }; -#define MAXCONFLEN 128 +#define MAXCONFLEN 1024 /* variable for readline support */ #ifdef HAVE_LIBREADLINE @@ -210,6 +210,13 @@ int main(int argc, char *argv[]) strcat(conf_parms, ","); } + if (strlen(conf_parms) + strlen(optarg) > MAXCONFLEN - 24) + { + printf("Length of conf_parms exceeds internal maximum of %d\n", + MAXCONFLEN - 24); + return 1; + } + strncat(conf_parms, optarg, MAXCONFLEN - strlen(conf_parms)); break; diff --git a/tests/rotctld.c b/tests/rotctld.c index 23ed83546..c7e6aeee8 100644 --- a/tests/rotctld.c +++ b/tests/rotctld.c @@ -110,7 +110,7 @@ const char *src_addr = NULL; /* INADDR_ANY */ azimuth_t az_offset; elevation_t el_offset; -#define MAXCONFLEN 128 +#define MAXCONFLEN 1024 static void handle_error(enum rig_debug_level_e lvl, const char *msg) @@ -243,6 +243,13 @@ int main(int argc, char *argv[]) strcat(conf_parms, ","); } + if (strlen(conf_parms) + strlen(optarg) > MAXCONFLEN - 24) + { + printf("Length of conf_parms exceeds internal maximum of %d\n", + MAXCONFLEN - 24); + return 1; + } + strncat(conf_parms, optarg, MAXCONFLEN - strlen(conf_parms)); break;