From 1c01f3ec2993020ecf3e7a32d43a70f706bc9662 Mon Sep 17 00:00:00 2001 From: Thomas Ries Date: Thu, 17 Sep 2020 17:50:54 +0200 Subject: [PATCH] Improved string handling on some more places. --- src/log.c | 4 ++-- src/plugin_shortdial.c | 3 +-- src/plugin_stats.c | 10 ++++++---- src/plugin_stun.c | 17 ++++++++++------- src/plugins.c | 5 ++--- src/proxy.c | 17 +++++++++++------ src/register.c | 24 ++++++++++++++++++------ src/rtpproxy_relay.c | 22 ++++++++++++++-------- src/utils.c | 5 +++-- 9 files changed, 67 insertions(+), 40 deletions(-) diff --git a/src/log.c b/src/log.c index 504d397..4bfa578 100644 --- a/src/log.c +++ b/src/log.c @@ -415,8 +415,8 @@ void log_dump_buffer(unsigned int class, char *file, int line, } for (i=0; iurl->host); - contact->url->host=osip_malloc(host_len+1); /* *_len excluding \0 */ - strcpy(contact->url->host, new_to_host); + contact->url->host=osip_strdup(new_to_host); } osip_list_add(&(ticket->sipmsg->contacts),contact,0); diff --git a/src/plugin_stats.c b/src/plugin_stats.c index 6d7b810..8275c28 100644 --- a/src/plugin_stats.c +++ b/src/plugin_stats.c @@ -415,8 +415,8 @@ static void stats_to_file(void) { int i; int ii; FILE *stream; - char remip[16]; - char lclip[16]; + char remip[IPSTRING_SIZE]; + char lclip[IPSTRING_SIZE]; time_t now; if (plugin_cfg.filename) { @@ -465,9 +465,11 @@ static void stats_to_file(void) { fprintf(stream, "%s@%s;", rtp_proxytable[ii].callid_number, rtp_proxytable[ii].callid_host); fprintf(stream, "%s;", (rtp_proxytable[ii].call_direction==DIR_INCOMING)? "Incoming":"Outgoing"); fprintf(stream, "%s;", (rtp_proxytable[ii].direction==DIR_INCOMING)? "Incoming":"Outgoing"); - strcpy(lclip, utils_inet_ntoa(rtp_proxytable[ii].local_ipaddr)); + strncpy(lclip, utils_inet_ntoa(rtp_proxytable[ii].local_ipaddr), sizeof(lclip)); + lclip[sizeof(lclip)-1]='\0'; fprintf(stream, "%s;", lclip); - strcpy(remip, utils_inet_ntoa(rtp_proxytable[ii].remote_ipaddr)); + strncpy(remip, utils_inet_ntoa(rtp_proxytable[ii].remote_ipaddr), sizeof(lclip)); + remip[sizeof(remip)-1]='\0'; fprintf(stream, "%s", remip); fprintf(stream, "\n"); diff --git a/src/plugin_stun.c b/src/plugin_stun.c index 3a08a26..929c63c 100644 --- a/src/plugin_stun.c +++ b/src/plugin_stun.c @@ -225,7 +225,7 @@ int PLUGIN_PROCESS(int stage, sip_ticket_t *ticket){ ip[0], ip[1], ip[2], ip[3], port); /* remember normal IP address only if not yet known */ if (got_address == 0) { - snprintf(ipstring, IPSTRING_SIZE-1, "%u.%u.%u.%u", + snprintf(ipstring, IPSTRING_SIZE, "%u.%u.%u.%u", ip[0], ip[1], ip[2], ip[3]); ipstring[IPSTRING_SIZE-1]='\0'; got_address=1; @@ -257,7 +257,7 @@ int PLUGIN_PROCESS(int stage, sip_ticket_t *ticket){ ip[0], ip[1], ip[2], ip[3], port); /* remember XORed IP address always (preferred) */ - snprintf(ipstring, IPSTRING_SIZE-1, "%u.%u.%u.%u", + snprintf(ipstring, IPSTRING_SIZE, "%u.%u.%u.%u", ip[0], ip[1], ip[2], ip[3]); ipstring[IPSTRING_SIZE-1]='\0'; got_address=1; @@ -280,12 +280,15 @@ int PLUGIN_PROCESS(int stage, sip_ticket_t *ticket){ configuration.outbound_host:"NULL" , ipstring); - if (configuration.outbound_host) { - free(configuration.outbound_host); + if (configuration.outbound_host == NULL) { + configuration.outbound_host=malloc(IPSTRING_SIZE); + if (configuration.outbound_host == NULL) { + ERROR("Plugin '%s': could not mallo() %i bytes", name, IPSTRING_SIZE); + return STS_FAILURE; + } } - configuration.outbound_host=malloc(IPSTRING_SIZE); - - strcpy(configuration.outbound_host, ipstring); + strncpy(configuration.outbound_host, ipstring, IPSTRING_SIZE); + configuration.outbound_host[IPSTRING_SIZE-1]='\0'; } } diff --git a/src/plugins.c b/src/plugins.c index 8428e04..8755638 100644 --- a/src/plugins.c +++ b/src/plugins.c @@ -78,10 +78,9 @@ int load_plugins (void) { for (i=0; ifrom && mymsg->from->url && mymsg->from->url->username && mymsg->from->url->host) { - snprintf(client_id.idstring, CLIENT_ID_SIZE-1, "%s@%s", + snprintf(client_id.idstring, CLIENT_ID_SIZE, "%s@%s", mymsg->from->url->username, mymsg->from->url->host); } else { char *tmp=NULL; /* get the Contact Header if present */ osip_message_get_contact(mymsg, 0, &contact); if (contact) osip_contact_to_str(contact, &tmp); - if (tmp) strncpy(client_id.idstring, tmp, CLIENT_ID_SIZE-1); + if (tmp) { + strncpy(client_id.idstring, tmp, CLIENT_ID_SIZE); + client_id.idstring[CLIENT_ID_SIZE-1]='\0'; + } } /* if from header */ /* Incoming call (RQ in, RS out => use the "to" field to identify local client */ @@ -1069,14 +1072,17 @@ if (configuration.debuglevel) /* I have a full TO SIP URI 'user@host' */ if (mymsg->to && mymsg->to->url && mymsg->to->url->username && mymsg->to->url->host) { - snprintf(client_id.idstring, CLIENT_ID_SIZE-1, "%s@%s", + snprintf(client_id.idstring, CLIENT_ID_SIZE, "%s@%s", mymsg->to->url->username, mymsg->to->url->host); } else { char *tmp=NULL; /* get the Contact Header if present */ osip_message_get_contact(mymsg, 0, &contact); if (contact) osip_contact_to_str(contact, &tmp); - if (tmp) strncpy(client_id.idstring, tmp, CLIENT_ID_SIZE-1); + if (tmp) { + strncpy(client_id.idstring, tmp, CLIENT_ID_SIZE); + client_id.idstring[CLIENT_ID_SIZE-1]='\0'; + } } /* if to header */ } @@ -1273,8 +1279,7 @@ int proxy_rewrite_useragent(sip_ticket_t *ticket){ DEBUGC(DBCLASS_PROXY,"proxy_rewrite_useragent: [%s] -> [%s]", ua_hdr->hvalue, configuration.ua_string); osip_free(ua_hdr->hvalue); - ua_hdr->hvalue=osip_malloc(strlen(configuration.ua_string)+1); - strcpy(ua_hdr->hvalue, configuration.ua_string); + ua_hdr->hvalue=osip_strdup(configuration.ua_string); } return STS_SUCCESS; } diff --git a/src/register.c b/src/register.c index 46f6f41..6ca4983 100644 --- a/src/register.c +++ b/src/register.c @@ -401,9 +401,15 @@ int register_client(sip_ticket_t *ticket, int force_lcl_masq) { (url1_contact->host) ? url1_contact->host : "*NULL*", (url1_contact->username) ? url1_contact->username : "*NULL*", configuration.masked_host.string[j]); - urlmap[i].masq_url->host=realloc(urlmap[i].masq_url->host, - strlen(configuration.masked_host.string[j])+1); - strcpy(urlmap[i].masq_url->host, configuration.masked_host.string[j]); + + if (strcmp(urlmap[i].masq_url->host, configuration.masked_host.string[j]) != 0) { + /* new/different host, update urlmap (+1 includes terminating \0) */ + urlmap[i].masq_url->host=realloc(urlmap[i].masq_url->host, + strlen(configuration.masked_host.string[j])+1); + strncpy(urlmap[i].masq_url->host, configuration.masked_host.string[j], + strlen(configuration.masked_host.string[j])+1); + urlmap[i].masq_url->host[strlen(configuration.masked_host.string[j])]='\0'; + } } } else { /* if new entry */ /* This is an existing entry */ @@ -440,19 +446,25 @@ int register_client(sip_ticket_t *ticket, int force_lcl_masq) { * as it might change */ /* host part */ addrstr = utils_inet_ntoa(addr); + DEBUGC(DBCLASS_REG,"masquerading Contact %s@%s local %s@%s", (url1_contact->username) ? url1_contact->username : "*NULL*", (url1_contact->host) ? url1_contact->host : "*NULL*", (url1_contact->username) ? url1_contact->username : "*NULL*", addrstr); - urlmap[i].masq_url->host=realloc(urlmap[i].masq_url->host, + + if (strcmp(urlmap[i].masq_url->host, addrstr) != 0) { + /* new address, update urlmap (+1 includes terminating \0) */ + urlmap[i].masq_url->host=realloc(urlmap[i].masq_url->host, strlen(addrstr)+1); - strcpy(urlmap[i].masq_url->host, addrstr); + strncpy(urlmap[i].masq_url->host, addrstr, strlen(addrstr)+1); + urlmap[i].masq_url->host[strlen(addrstr)]='\0'; + } /* port number if required */ if (configuration.sip_listen_port != SIP_PORT) { urlmap[i].masq_url->port=realloc(urlmap[i].masq_url->port, 16); - sprintf(urlmap[i].masq_url->port, "%i", + snprintf(urlmap[i].masq_url->port, 16, "%i", configuration.sip_listen_port); } diff --git a/src/rtpproxy_relay.c b/src/rtpproxy_relay.c index 115638a..c48de26 100644 --- a/src/rtpproxy_relay.c +++ b/src/rtpproxy_relay.c @@ -753,13 +753,15 @@ int rtp_relay_start_fwd (osip_call_id_t *callid, client_id_t client_id, rtp_proxytable[freeidx].rtp_con_rx_sock = sock_con; if (callid->number) { - strcpy(rtp_proxytable[freeidx].callid_number, callid->number); + strncpy(rtp_proxytable[freeidx].callid_number, callid->number, CALLIDNUM_SIZE); + rtp_proxytable[freeidx].callid_number[CALLIDNUM_SIZE-1]='\0'; } else { rtp_proxytable[freeidx].callid_number[0]='\0'; } if (callid->host) { - strcpy(rtp_proxytable[freeidx].callid_host, callid->host); + strncpy(rtp_proxytable[freeidx].callid_host, callid->host, CALLIDHOST_SIZE); + rtp_proxytable[freeidx].callid_host[CALLIDHOST_SIZE-1]='\0'; } else { rtp_proxytable[freeidx].callid_host[0]='\0'; } @@ -1093,17 +1095,21 @@ static int match_socket (int rtp_proxytable_idx) { (call_direction == rtp_proxytable[j].call_direction) && // same Call direction (media_stream_no == rtp_proxytable[j].media_stream_no) && // same stream (rtp_direction != rtp_proxytable[j].direction) ) { // opposite RTP dir - char remip1[16], remip2[16]; - char lclip1[16], lclip2[16]; + char remip1[IPSTRING_SIZE], remip2[IPSTRING_SIZE]; + char lclip1[IPSTRING_SIZE], lclip2[IPSTRING_SIZE]; /* connect the two sockets */ rtp_proxytable[rtp_proxytable_idx].rtp_tx_sock = rtp_proxytable[j].rtp_rx_sock; rtp_proxytable[rtp_proxytable_idx].rtp_con_tx_sock = rtp_proxytable[j].rtp_con_rx_sock; - strcpy(remip1, utils_inet_ntoa(rtp_proxytable[j].remote_ipaddr)); - strcpy(lclip1, utils_inet_ntoa(rtp_proxytable[j].local_ipaddr)); - strcpy(remip2, utils_inet_ntoa(rtp_proxytable[rtp_proxytable_idx].remote_ipaddr)); - strcpy(lclip2, utils_inet_ntoa(rtp_proxytable[rtp_proxytable_idx].local_ipaddr)); + strncpy(remip1, utils_inet_ntoa(rtp_proxytable[j].remote_ipaddr), IPSTRING_SIZE); + remip1[IPSTRING_SIZE-1]='\0'; + strncpy(lclip1, utils_inet_ntoa(rtp_proxytable[j].local_ipaddr), IPSTRING_SIZE); + lclip1[IPSTRING_SIZE-1]='\0'; + strncpy(remip2, utils_inet_ntoa(rtp_proxytable[rtp_proxytable_idx].remote_ipaddr), IPSTRING_SIZE); + remip2[IPSTRING_SIZE-1]='\0'; + strncpy(lclip2, utils_inet_ntoa(rtp_proxytable[rtp_proxytable_idx].local_ipaddr), IPSTRING_SIZE); + lclip2[IPSTRING_SIZE-1]='\0'; rtp_proxytable[rtp_proxytable_idx].opposite_entry=j; rtp_proxytable[j].opposite_entry=rtp_proxytable_idx; diff --git a/src/utils.c b/src/utils.c index 55bae75..bed3d12 100644 --- a/src/utils.c +++ b/src/utils.c @@ -518,7 +518,8 @@ int get_ip_by_ifname(char *ifname, struct in_addr *retaddr) { } /*&&&*/DEBUGC(DBCLASS_BABBLE,"&&&6 ifname=0x%p",ifname); - strcpy(ifr.ifr_name, ifname); + strncpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name)); + ifr.ifr_name[sizeof(ifr.ifr_name)]='\0'; sin->sin_family = AF_INET; /* get interface flags */ @@ -589,7 +590,7 @@ int get_ip_by_ifname(char *ifname, struct in_addr *retaddr) { * * Returns pointer to a STATIC character string. * NOte: BE AWARE OF THE STATIC NATURE of the string! Never pass it as - * calling argument to a function and use it immediately or strcpy() + * calling argument to a function and use it immediately or str(n)cpy() * it into a buffer. * !! Any subsequent call to this function will DESTROY the previous * !! value - and may result in very strange effects like magically