1
0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-25 01:02:24 +00:00

Fix format string vulnerabilities.

Reported by Jong-Gwon Kim. Also fixes a few memory leaks in the
process.
This commit is contained in:
Tim Kosse 2015-05-01 15:54:51 +02:00 committed by Simon Tatham
parent 8ff3b22243
commit 6a70f944f6

View File

@ -617,9 +617,8 @@ void store_host_key(const char *hostname, int port,
dir = make_filename(INDEX_DIR, NULL);
if (mkdir(dir, 0700) < 0) {
char *msg = dupprintf("Unable to store host key: mkdir(\"%s\") "
nonfatal("Unable to store host key: mkdir(\"%s\") "
"returned '%s'", dir, strerror(errno));
nonfatal(msg);
sfree(dir);
sfree(tmpfilename);
return;
@ -629,9 +628,8 @@ void store_host_key(const char *hostname, int port,
wfp = fopen(tmpfilename, "w");
}
if (!wfp) {
char *msg = dupprintf("Unable to store host key: open(\"%s\") "
nonfatal("Unable to store host key: open(\"%s\") "
"returned '%s'", tmpfilename, strerror(errno));
nonfatal(msg);
sfree(tmpfilename);
return;
}
@ -662,10 +660,9 @@ void store_host_key(const char *hostname, int port,
fclose(wfp);
if (rename(tmpfilename, filename) < 0) {
char *msg = dupprintf("Unable to store host key: rename(\"%s\",\"%s\")"
nonfatal("Unable to store host key: rename(\"%s\",\"%s\")"
" returned '%s'", tmpfilename, filename,
strerror(errno));
nonfatal(msg);
}
sfree(tmpfilename);
@ -704,10 +701,8 @@ void write_random_seed(void *data, int len)
fd = open(fname, O_CREAT | O_WRONLY, 0600);
if (fd < 0) {
if (errno != ENOENT) {
char *msg = dupprintf("Unable to write random seed: open(\"%s\") "
nonfatal("Unable to write random seed: open(\"%s\") "
"returned '%s'", fname, strerror(errno));
nonfatal(msg);
sfree(msg);
sfree(fname);
return;
}
@ -715,10 +710,8 @@ void write_random_seed(void *data, int len)
dir = make_filename(INDEX_DIR, NULL);
if (mkdir(dir, 0700) < 0) {
char *msg = dupprintf("Unable to write random seed: mkdir(\"%s\") "
nonfatal("Unable to write random seed: mkdir(\"%s\") "
"returned '%s'", dir, strerror(errno));
nonfatal(msg);
sfree(msg);
sfree(fname);
sfree(dir);
return;
@ -727,10 +720,8 @@ void write_random_seed(void *data, int len)
fd = open(fname, O_CREAT | O_WRONLY, 0600);
if (fd < 0) {
char *msg = dupprintf("Unable to write random seed: open(\"%s\") "
nonfatal("Unable to write random seed: open(\"%s\") "
"returned '%s'", fname, strerror(errno));
nonfatal(msg);
sfree(msg);
sfree(fname);
return;
}
@ -739,10 +730,8 @@ void write_random_seed(void *data, int len)
while (len > 0) {
int ret = write(fd, data, len);
if (ret < 0) {
char *msg = dupprintf("Unable to write random seed: write "
nonfatal("Unable to write random seed: write "
"returned '%s'", strerror(errno));
nonfatal(msg);
sfree(msg);
break;
}
len -= ret;