From 6a70f944f648fedc7e866b4561372caa9091bf1a Mon Sep 17 00:00:00 2001 From: Tim Kosse Date: Fri, 1 May 2015 15:54:51 +0200 Subject: [PATCH] Fix format string vulnerabilities. Reported by Jong-Gwon Kim. Also fixes a few memory leaks in the process. --- unix/uxstore.c | 41 +++++++++++++++-------------------------- 1 file changed, 15 insertions(+), 26 deletions(-) diff --git a/unix/uxstore.c b/unix/uxstore.c index 411953ac..51242eab 100644 --- a/unix/uxstore.c +++ b/unix/uxstore.c @@ -617,9 +617,8 @@ void store_host_key(const char *hostname, int port, dir = make_filename(INDEX_DIR, NULL); if (mkdir(dir, 0700) < 0) { - char *msg = dupprintf("Unable to store host key: mkdir(\"%s\") " - "returned '%s'", dir, strerror(errno)); - nonfatal(msg); + nonfatal("Unable to store host key: mkdir(\"%s\") " + "returned '%s'", dir, strerror(errno)); sfree(dir); sfree(tmpfilename); return; @@ -629,9 +628,8 @@ void store_host_key(const char *hostname, int port, wfp = fopen(tmpfilename, "w"); } if (!wfp) { - char *msg = dupprintf("Unable to store host key: open(\"%s\") " - "returned '%s'", tmpfilename, strerror(errno)); - nonfatal(msg); + nonfatal("Unable to store host key: open(\"%s\") " + "returned '%s'", tmpfilename, strerror(errno)); sfree(tmpfilename); return; } @@ -662,10 +660,9 @@ void store_host_key(const char *hostname, int port, fclose(wfp); if (rename(tmpfilename, filename) < 0) { - char *msg = dupprintf("Unable to store host key: rename(\"%s\",\"%s\")" - " returned '%s'", tmpfilename, filename, - strerror(errno)); - nonfatal(msg); + nonfatal("Unable to store host key: rename(\"%s\",\"%s\")" + " returned '%s'", tmpfilename, filename, + strerror(errno)); } sfree(tmpfilename); @@ -704,10 +701,8 @@ void write_random_seed(void *data, int len) fd = open(fname, O_CREAT | O_WRONLY, 0600); if (fd < 0) { if (errno != ENOENT) { - char *msg = dupprintf("Unable to write random seed: open(\"%s\") " - "returned '%s'", fname, strerror(errno)); - nonfatal(msg); - sfree(msg); + nonfatal("Unable to write random seed: open(\"%s\") " + "returned '%s'", fname, strerror(errno)); sfree(fname); return; } @@ -715,10 +710,8 @@ void write_random_seed(void *data, int len) dir = make_filename(INDEX_DIR, NULL); if (mkdir(dir, 0700) < 0) { - char *msg = dupprintf("Unable to write random seed: mkdir(\"%s\") " - "returned '%s'", dir, strerror(errno)); - nonfatal(msg); - sfree(msg); + nonfatal("Unable to write random seed: mkdir(\"%s\") " + "returned '%s'", dir, strerror(errno)); sfree(fname); sfree(dir); return; @@ -727,10 +720,8 @@ void write_random_seed(void *data, int len) fd = open(fname, O_CREAT | O_WRONLY, 0600); if (fd < 0) { - char *msg = dupprintf("Unable to write random seed: open(\"%s\") " - "returned '%s'", fname, strerror(errno)); - nonfatal(msg); - sfree(msg); + nonfatal("Unable to write random seed: open(\"%s\") " + "returned '%s'", fname, strerror(errno)); sfree(fname); return; } @@ -739,10 +730,8 @@ void write_random_seed(void *data, int len) while (len > 0) { int ret = write(fd, data, len); if (ret < 0) { - char *msg = dupprintf("Unable to write random seed: write " - "returned '%s'", strerror(errno)); - nonfatal(msg); - sfree(msg); + nonfatal("Unable to write random seed: write " + "returned '%s'", strerror(errno)); break; } len -= ret;