mirror
/
sane-project-backends
kopia lustrzana https://gitlab.com/sane-project/backends
1
0
Forkuj 0
Kod Zgłoszenia Projekty Wydania Wiki Aktywność

Check the IP address of the remote host before any communication occurs. 

Check for a errors before trsuting values that came from remote.  Make sure
that strings are 0-terminated.
merge-requests/1/head
Henning Geinitz 2003-02-09 11:23:41 +00:00
rodzic b04729487f
commit e3ceee04be
4 zmienionych plików z 102 dodań i 13 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

7
ChangeLog
Wyświetl plik

@ -1,3 +1,10 @@
2003-02-09 Henning Meier-Geinitz <henning@meier-geinitz.de>
* frontend/saned.c sanei/sanei_codec_bin.c sanei/sanei_wire.c: Check
the IP address of the remote host before any communication occurs.
Check for a errors before trsuting values that came from remote.
Make sure that strings are 0-terminated.
2003-02-09 Stéphane Voltz <svoltz@wanadoo.fr>
* backend/umax_pp.c: fixed big bug related to color plane

73
frontend/saned.c
Wyświetl plik

@ -183,6 +183,12 @@ auth_callback (SANE_String_Const res,
return;
}
if (wire.status)
{
DBG(DBG_ERR, "auth_callback: bad status %d\n", wire.status);
return;
}
switch (current_request)
{
case SANE_NET_OPEN:
@ -222,10 +228,24 @@ auth_callback (SANE_String_Const res,
current_request, res);
break;
}
if (wire.status)
{
DBG(DBG_ERR, "auth_callback: bad status %d\n", wire.status);
return;
}
reset_watchdog ();
sanei_w_set_dir (&wire, WIRE_DECODE);
sanei_w_word (&wire, &word);
if (wire.status)
{
DBG(DBG_ERR, "auth_callback: bad status %d\n", wire.status);
return;
}
procnum = word;
if (procnum != SANE_NET_AUTHORIZE)
{
@ -237,6 +257,12 @@ auth_callback (SANE_String_Const res,
}
sanei_w_authorization_req (&wire, &req);
if (wire.status)
{
DBG(DBG_ERR, "auth_callback: bad status %d\n", wire.status);
return;
}
if (req.username)
strcpy (username, req.username);
if (req.password)
@ -514,30 +540,51 @@ init (Wire * w)
reset_watchdog ();
sanei_w_set_dir (w, WIRE_DECODE);
sanei_w_word (w, &word); /* decode procedure number */
sanei_w_init_req (w, &req);
w->version = SANEI_NET_PROTOCOL_VERSION;
status = check_host (w->io.fd);
if (status != SANE_STATUS_GOOD)
{
DBG (DBG_WARN, "init: access by host %s denied\n", remote_hostname);
return -1;
}
sanei_w_set_dir (w, WIRE_DECODE);
if (w->status)
{
DBG (DBG_ERR, "init: bad status after sanei_w_set_dir: %d\n", w->status);
return -1;
}
sanei_w_word (w, &word); /* decode procedure number */
if (w->status || word != SANE_NET_INIT)
{
DBG (DBG_ERR, "init: bad status=%d or procnum=%d\n",
w->status, word);
return -1;
}
sanei_w_init_req (w, &req);
if (w->status)
{
DBG (DBG_ERR, "init: bad status after sanei_w_init_req: %d\n", w->status);
return -1;
}
w->version = SANEI_NET_PROTOCOL_VERSION;
if (req.username)
default_username = strdup (req.username);
sanei_w_free (w, (WireCodecFunc) sanei_w_init_req, &req);
if (w->status)
{
DBG (DBG_ERR, "init: bad status after sanei_w_free: %d\n", w->status);
return -1;
}
reply.version_code = SANE_VERSION_CODE (V_MAJOR, V_MINOR,
SANEI_NET_PROTOCOL_VERSION);
status = check_host (w->io.fd);
DBG (DBG_WARN, "init: access by %s@%s %s\n",
default_username, remote_hostname,
(status == SANE_STATUS_GOOD) ? "accepted" : "rejected");
DBG (DBG_WARN, "init: access by %s@%s accepted\n",
default_username, remote_hostname);
if (status == SANE_STATUS_GOOD)
{
@ -823,6 +870,14 @@ process_request (Wire * w)
DBG (DBG_DBG, "process_request: waiting for request\n");
sanei_w_set_dir (w, WIRE_DECODE);
sanei_w_word (w, &word); /* decode procedure number */
if (w->status)
{
DBG (DBG_ERR,
"process_request: bad status %d\n", w->status);
quit (0);
}
current_request = word;
DBG (DBG_MSG, "process_request: got request %d\n", current_request);

15
sanei/sanei_codec_bin.c
Wyświetl plik

@ -54,6 +54,9 @@ bin_w_byte (Wire *w, void *v)
SANE_Byte *b = v;
sanei_w_space (w, 1);
if (w->status)
return;
switch (w->direction)
{
case WIRE_ENCODE:
@ -82,8 +85,14 @@ bin_w_string (Wire *w, void *v)
len = strlen (*s) + 1;
}
sanei_w_array (w, &len, v, w->codec.w_byte, 1);
if (w->direction == WIRE_DECODE && !len)
*s = 0;
if (w->direction == WIRE_DECODE)
{
if (len == 0)
*s = 0;
else if (w->status == 0)
*(*s + len - 1) = '\0';
}
}
static void
@ -92,6 +101,8 @@ bin_w_word (Wire *w, void *v)
SANE_Word val, *word = v;
sanei_w_space (w, 4);
if (w->status)
return;
switch (w->direction)
{
case WIRE_ENCODE:

20
sanei/sanei_wire.c
Wyświetl plik

@ -192,8 +192,14 @@ sanei_w_array (Wire * w, SANE_Word * len_ptr, void **v,
len = *len_ptr;
DBG (4, "sanei_w_array: send/receive array length\n");
sanei_w_word (w, &len);
DBG (4, "sanei_w_array: array has %d elements\n", len);
if (w->status)
{
DBG (1, "sanei_w_array: bad status: %d\n", w->status);
return;
}
DBG (4, "sanei_w_array: array has %d elements\n", len);
if (w->direction == WIRE_DECODE)
{
*len_ptr = len;
@ -219,6 +225,11 @@ sanei_w_array (Wire * w, SANE_Word * len_ptr, void **v,
{
(*w_element) (w, val);
val += element_size;
if (w->status)
{
DBG (1, "sanei_w_array: bad status: %d\n", w->status);
return;
}
}
DBG (4, "sanei_w_array: done\n");
}
@ -251,6 +262,11 @@ sanei_w_ptr (Wire * w, void **v, WireCodecFunc w_value, size_t value_size)
DBG (4, "sanei_w_ptr: send/receive is_null\n");
sanei_w_word (w, &is_null);
if (w->status)
{
DBG (1, "sanei_w_ptr: bad status: %d\n", w->status);
return;
}
if (!is_null)
{
@ -307,7 +323,7 @@ sanei_w_string (Wire * w, SANE_String * v)
{
DBG (3, "sanei_w_string: wire %d\n", w->io.fd);
(*w->codec.w_string) (w, v);
if (w->direction != WIRE_FREE)
if (w->direction != WIRE_FREE && w->status == 0)
DBG (4, "sanei_w_string: value = %s\n", *v);
}