From e900ac51f909a8c0e5c4ab2058fcc350af070313 Mon Sep 17 00:00:00 2001 From: Vratislav Podzimek Date: Mon, 20 Nov 2023 12:47:39 +0100 Subject: [PATCH 1/5] Fix a couple bad strncpy() calls The last argument is buffer size into which the string including the terminating NUL byte has to fit. --- cf-agent/simulate_mode.c | 2 +- cf-agent/verify_files_utils.c | 2 +- libpromises/changes_chroot.c | 6 +++--- libpromises/cmdb.c | 2 +- libpromises/generic_agent.c | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/cf-agent/simulate_mode.c b/cf-agent/simulate_mode.c index 0a0a7ef2c3..db56b04072 100644 --- a/cf-agent/simulate_mode.c +++ b/cf-agent/simulate_mode.c @@ -360,7 +360,7 @@ bool ManifestRename(const char *orig_name, const char *new_name) static bool RunDiff(const char *path1, const char *path2) { char diff_path[PATH_MAX]; - strncpy(diff_path, GetBinDir(), sizeof(diff_path)); + strncpy(diff_path, GetBinDir(), sizeof(diff_path) - 1); JoinPaths(diff_path, sizeof(diff_path), "diff"); /* We use the '--label' option to override the paths in the output, for example: diff --git a/cf-agent/verify_files_utils.c b/cf-agent/verify_files_utils.c index 70565706c3..99dd73f360 100644 --- a/cf-agent/verify_files_utils.c +++ b/cf-agent/verify_files_utils.c @@ -2148,7 +2148,7 @@ static PromiseResult VerifyName(EvalContext *ctx, char *path, const struct stat } else { - strncpy(newname, path, sizeof(newname)); + strncpy(newname, path, sizeof(newname) - 1); ChopLastNode(newname); if (!PathAppend(newname, sizeof(newname), diff --git a/libpromises/changes_chroot.c b/libpromises/changes_chroot.c index 3b97118cd1..794faba4d2 100644 --- a/libpromises/changes_chroot.c +++ b/libpromises/changes_chroot.c @@ -46,18 +46,18 @@ static inline const char *GetLastFileSeparator(const char *path, const char *end return cp; } -static char *GetFirstNonExistingParentDir(const char *path, char *buf) +static char *GetFirstNonExistingParentDir(const char *path, char buf[PATH_MAX]) { /* Get rid of the trailing file separator (if any). */ size_t path_len = strlen(path); if (path[path_len - 1] == FILE_SEPARATOR) { - strncpy(buf, path, path_len); + strncpy(buf, path, PATH_MAX - 1); buf[path_len] = '\0'; } else { - strncpy(buf, path, path_len + 1); + strncpy(buf, path, PATH_MAX - 1); } char *last_sep = (char *) GetLastFileSeparator(buf, buf + path_len); diff --git a/libpromises/cmdb.c b/libpromises/cmdb.c index 1a310e1c25..38e70e3d8b 100644 --- a/libpromises/cmdb.c +++ b/libpromises/cmdb.c @@ -505,7 +505,7 @@ static bool ReadCMDBClasses(EvalContext *ctx, JsonElement *classes) bool LoadCMDBData(EvalContext *ctx) { char file_path[PATH_MAX] = {0}; - strncpy(file_path, GetDataDir(), sizeof(file_path)); + strncpy(file_path, GetDataDir(), sizeof(file_path) - 1); JoinPaths(file_path, sizeof(file_path), HOST_SPECIFIC_DATA_FILE); if (access(file_path, F_OK) != 0) { diff --git a/libpromises/generic_agent.c b/libpromises/generic_agent.c index 1f545031e3..187d3df7e4 100644 --- a/libpromises/generic_agent.c +++ b/libpromises/generic_agent.c @@ -944,7 +944,7 @@ void GenericAgentDiscoverContext(EvalContext *ctx, GenericAgentConfig *config, strcpy(VPREFIX, ""); if (program_name != NULL) { - strncpy(CF_PROGRAM_NAME, program_name, sizeof(CF_PROGRAM_NAME)); + strncpy(CF_PROGRAM_NAME, program_name, sizeof(CF_PROGRAM_NAME) - 1); } Log(LOG_LEVEL_VERBOSE, " %s", NameVersion()); From 3a83c775fbba73ee49c711351cb50946f8a2760e Mon Sep 17 00:00:00 2001 From: Vratislav Podzimek Date: Mon, 20 Nov 2023 12:54:31 +0100 Subject: [PATCH 2/5] Use CURLOPT_PROTOCOLS_STR instead of CURLOPT_PROTOCOLS The latter is deprecated since curl 7.85.0. --- libpromises/evalfunction.c | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/libpromises/evalfunction.c b/libpromises/evalfunction.c index 43504f3ea6..82bf17054f 100644 --- a/libpromises/evalfunction.c +++ b/libpromises/evalfunction.c @@ -2744,14 +2744,9 @@ static FnCallResult FnCallUrlGet(ARG_UNUSED EvalContext *ctx, curl_easy_setopt(curl, CURLOPT_TIMEOUT, 3L); // set default timeout curl_easy_setopt(curl, CURLOPT_VERBOSE, 0); curl_easy_setopt(curl, - CURLOPT_PROTOCOLS, - + CURLOPT_PROTOCOLS_STR, // Allowed protocols - CURLPROTO_FILE | - CURLPROTO_FTP | - CURLPROTO_FTPS | - CURLPROTO_HTTP | - CURLPROTO_HTTPS); + "file,ftp,ftps,http,https"); curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, cfengine_curl_write_callback); curl_easy_setopt(curl, CURLOPT_HEADERFUNCTION, cfengine_curl_write_callback); From 74d5c192d50fddbfb6a7dfb6ee69a0e89f893949 Mon Sep 17 00:00:00 2001 From: Vratislav Podzimek Date: Mon, 20 Nov 2023 13:09:51 +0100 Subject: [PATCH 3/5] Avoid string truncation and overflows on cf-monitord observables We use the observable name as a suffix for varible names so it cannot be of the full maximum variable name length. And we should also be more careful with the lengths of the observables' descriptions. --- cf-monitord/env_monitor.c | 7 ++++--- cf-monitord/monitoring.c | 14 +++++++------- cf-monitord/monitoring.h | 2 +- 3 files changed, 12 insertions(+), 11 deletions(-) diff --git a/cf-monitord/env_monitor.c b/cf-monitord/env_monitor.c index 6f68b99399..616c794097 100644 --- a/cf-monitord/env_monitor.c +++ b/cf-monitord/env_monitor.c @@ -385,7 +385,7 @@ static Averages EvalAvQ(EvalContext *ctx, char *t) char desc[CF_BUFSIZE]; double This; name[0] = '\0'; - GetObservable(i, name, desc); + GetObservable(i, name, sizeof(name), desc, sizeof(desc)); /* Overflow protection */ @@ -589,7 +589,8 @@ static void ArmClasses(EvalContext *ctx, const Averages *const av) double sigma; Item *ip, *mon_data = NULL; int i, j, k; - char buff[CF_BUFSIZE], ldt_buff[CF_BUFSIZE], name[CF_MAXVARSIZE]; + char buff[CF_BUFSIZE], ldt_buff[CF_BUFSIZE]; + char name[CF_MAXVARSIZE - 100]; /* used for names of variables with all sorts of prefixes */ static int anomaly[CF_OBSERVABLES][LDT_BUFSIZE] = { { 0 } }; extern Item *ALL_INCOMING; extern Item *MON_UDP4, *MON_UDP6, *MON_TCP4, *MON_TCP6; @@ -598,7 +599,7 @@ static void ArmClasses(EvalContext *ctx, const Averages *const av) { char desc[CF_BUFSIZE]; - GetObservable(i, name, desc); + GetObservable(i, name, sizeof(name), desc, sizeof(desc)); sigma = SetClasses(ctx, name, CF_THIS[i], av->Q[i].expect, av->Q[i].var, LOCALAV.Q[i].expect, LOCALAV.Q[i].var, &mon_data); SetVariable(name, CF_THIS[i], av->Q[i].expect, sigma, &mon_data); diff --git a/cf-monitord/monitoring.c b/cf-monitord/monitoring.c index 790ac9b3b1..f37b142f0f 100644 --- a/cf-monitord/monitoring.c +++ b/cf-monitord/monitoring.c @@ -147,26 +147,26 @@ static void Nova_DumpSlots(void) } } -void GetObservable(int i, char *name, char *desc) +void GetObservable(int i, char *name, size_t name_size, char *desc, size_t desc_size) { Nova_LoadSlots(); if (i < ob_spare) { - strncpy(name, OBSERVABLES[i][0], CF_MAXVARSIZE - 1); - strncpy(desc, OBSERVABLES[i][1], CF_MAXVARSIZE - 1); + strncpy(name, OBSERVABLES[i][0], name_size - 1); + strncpy(desc, OBSERVABLES[i][1], desc_size - 1); } else { if (SLOTS[i - ob_spare]) { - strncpy(name, SLOTS[i - ob_spare]->name, CF_MAXVARSIZE - 1); - strncpy(desc, SLOTS[i - ob_spare]->description, CF_MAXVARSIZE - 1); + strncpy(name, SLOTS[i - ob_spare]->name, name_size - 1); + strncpy(desc, SLOTS[i - ob_spare]->description, desc_size - 1); } else { - strncpy(name, OBSERVABLES[i][0], CF_MAXVARSIZE - 1); - strncpy(desc, OBSERVABLES[i][1], CF_MAXVARSIZE - 1); + strncpy(name, OBSERVABLES[i][0], name_size - 1); + strncpy(desc, OBSERVABLES[i][1], desc_size - 1); } } } diff --git a/cf-monitord/monitoring.h b/cf-monitord/monitoring.h index 10dadd02e0..1fcbd9155e 100644 --- a/cf-monitord/monitoring.h +++ b/cf-monitord/monitoring.h @@ -34,7 +34,7 @@ int NovaRegisterSlot(const char *name, const char *description, const char *units, double expected_minimum, double expected_maximum, bool consolidable); void NovaNamedEvent(const char *eventname, double value); -void GetObservable(int i, char *name, char *desc); +void GetObservable(int i, char *name, size_t name_size, char *desc, size_t desc_size); void SetMeasurementPromises(Item ** classlist); void LoadSlowlyVaryingObservations(EvalContext *ctx); void MakeTimekey(time_t time, char *result); From 62f7d7a589358a9e27012091077850b10294c3d7 Mon Sep 17 00:00:00 2001 From: Vratislav Podzimek Date: Mon, 20 Nov 2023 15:07:24 +0100 Subject: [PATCH 4/5] Tell GCC in static checks to ignore enum-int-mismatch Otherwise it fails with the following: ``` logging.c:330:6: error: conflicting types for 'LogToSystemLogStructured' due to enum/integer mismatch; have 'void(const int, ...)' [-Werror=enum-int-mismatch] 330 | void LogToSystemLogStructured(const int level, ...) | ^~~~~~~~~~~~~~~~~~~~~~~~ In file included from logging.c:25: ./logging.h:147:6: note: previous declaration of 'LogToSystemLogStructured' with type 'void(LogLevel, ...)' 147 | void LogToSystemLogStructured(LogLevel level, ...); | ^~~~~~~~~~~~~~~~~~~~~~~~ ``` --- tests/static-check/run_checks.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/static-check/run_checks.sh b/tests/static-check/run_checks.sh index 07853c02fc..8077c69b81 100755 --- a/tests/static-check/run_checks.sh +++ b/tests/static-check/run_checks.sh @@ -8,7 +8,7 @@ function check_with_gcc() { rm -f config.cache make clean ./configure -C --enable-debug CC=gcc - local gcc_exceptions="-Wno-sign-compare" + local gcc_exceptions="-Wno-sign-compare -Wno-enum-int-mismatch" make -j -l${n_procs} --keep-going CFLAGS="-Werror -Wall -Wextra $gcc_exceptions" } From 032c83fc37302894a247fb8b12277d3a25c6c0ed Mon Sep 17 00:00:00 2001 From: Vratislav Podzimek Date: Mon, 20 Nov 2023 15:08:47 +0100 Subject: [PATCH 5/5] Use Fedora 39 for static checks by default Freshly released, with the latest and greatest tools. --- tests/static-check/run.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/static-check/run.sh b/tests/static-check/run.sh index 5cfdfb74d9..9b47189ea2 100755 --- a/tests/static-check/run.sh +++ b/tests/static-check/run.sh @@ -4,7 +4,7 @@ set -e trap "echo FAILURE" ERR if [ -z "$STATIC_CHECKS_FEDORA_VERSION" ]; then - default_f_ver="37" + default_f_ver="39" echo "No Fedora version for static checks specified, using the default (Fedora $default_f_ver)" BASE_IMG="fedora:$default_f_ver" STATIC_CHECKS_FEDORA_VERSION="$default_f_ver"