nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-03-22 14:39:24 -05:00
Code Issues Projects Releases Wiki Activity

Fix format string vulnerabilities.

Browse Source 
Reported by Jong-Gwon Kim. Also fixes a few memory leaks in the
process.
This commit is contained in:
Tim Kosse 2015-05-01 15:54:51 +02:00 committed by Simon Tatham
parent 8ff3b22243
commit 6a70f944f6
1 changed files with 15 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
unix/uxstore.c
View File

@ -617,9 +617,8 @@ void store_host_key(const char *hostname, int port,
dir = make_filename(INDEX_DIR, NULL); dir = make_filename(INDEX_DIR, NULL);
if (mkdir(dir, 0700) < 0) { if (mkdir(dir, 0700) < 0) {
char *msg = dupprintf("Unable to store host key: mkdir(\"%s\") " nonfatal("Unable to store host key: mkdir(\"%s\") "
"returned '%s'", dir, strerror(errno)); "returned '%s'", dir, strerror(errno));
nonfatal(msg);
sfree(dir); sfree(dir);
sfree(tmpfilename); sfree(tmpfilename);
return; return;
@ -629,9 +628,8 @@ void store_host_key(const char *hostname, int port,
wfp = fopen(tmpfilename, "w"); wfp = fopen(tmpfilename, "w");
} }
if (!wfp) { if (!wfp) {
char *msg = dupprintf("Unable to store host key: open(\"%s\") " nonfatal("Unable to store host key: open(\"%s\") "
"returned '%s'", tmpfilename, strerror(errno)); "returned '%s'", tmpfilename, strerror(errno));
nonfatal(msg);
sfree(tmpfilename); sfree(tmpfilename);
return; return;
} }
@ -662,10 +660,9 @@ void store_host_key(const char *hostname, int port,
fclose(wfp); fclose(wfp);
if (rename(tmpfilename, filename) < 0) { if (rename(tmpfilename, filename) < 0) {
char *msg = dupprintf("Unable to store host key: rename(\"%s\",\"%s\")" nonfatal("Unable to store host key: rename(\"%s\",\"%s\")"
" returned '%s'", tmpfilename, filename, " returned '%s'", tmpfilename, filename,
strerror(errno)); strerror(errno));
nonfatal(msg);
} }
sfree(tmpfilename); sfree(tmpfilename);
@ -704,10 +701,8 @@ void write_random_seed(void *data, int len)
fd = open(fname, O_CREAT | O_WRONLY, 0600); fd = open(fname, O_CREAT | O_WRONLY, 0600);
if (fd < 0) { if (fd < 0) {
if (errno != ENOENT) { if (errno != ENOENT) {
char *msg = dupprintf("Unable to write random seed: open(\"%s\") " nonfatal("Unable to write random seed: open(\"%s\") "
"returned '%s'", fname, strerror(errno)); "returned '%s'", fname, strerror(errno));
nonfatal(msg);
sfree(msg);
sfree(fname); sfree(fname);
return; return;
} }
@ -715,10 +710,8 @@ void write_random_seed(void *data, int len)
dir = make_filename(INDEX_DIR, NULL); dir = make_filename(INDEX_DIR, NULL);
if (mkdir(dir, 0700) < 0) { if (mkdir(dir, 0700) < 0) {
char *msg = dupprintf("Unable to write random seed: mkdir(\"%s\") " nonfatal("Unable to write random seed: mkdir(\"%s\") "
"returned '%s'", dir, strerror(errno)); "returned '%s'", dir, strerror(errno));
nonfatal(msg);
sfree(msg);
sfree(fname); sfree(fname);
sfree(dir); sfree(dir);
return; return;
@ -727,10 +720,8 @@ void write_random_seed(void *data, int len)
fd = open(fname, O_CREAT | O_WRONLY, 0600); fd = open(fname, O_CREAT | O_WRONLY, 0600);
if (fd < 0) { if (fd < 0) {
char *msg = dupprintf("Unable to write random seed: open(\"%s\") " nonfatal("Unable to write random seed: open(\"%s\") "
"returned '%s'", fname, strerror(errno)); "returned '%s'", fname, strerror(errno));
nonfatal(msg);
sfree(msg);
sfree(fname); sfree(fname);
return; return;
} }
@ -739,10 +730,8 @@ void write_random_seed(void *data, int len)
while (len > 0) { while (len > 0) {
int ret = write(fd, data, len); int ret = write(fd, data, len);
if (ret < 0) { if (ret < 0) {
char *msg = dupprintf("Unable to write random seed: write " nonfatal("Unable to write random seed: write "
"returned '%s'", strerror(errno)); "returned '%s'", strerror(errno));
nonfatal(msg);
sfree(msg);
break; break;
} }
len -= ret; len -= ret;