diff options
Diffstat (limited to 'service/src/util.c')
| -rw-r--r-- | service/src/util.c | 59 |
1 files changed, 34 insertions, 25 deletions
diff --git a/service/src/util.c b/service/src/util.c index bf6e872..31a2628 100644 --- a/service/src/util.c +++ b/service/src/util.c @@ -43,45 +43,52 @@ aprintf(const char *fmtstr, ...) } const char* -mhash(const char *filename, int len) +mhash(const char *str, int len) { - static const char *hexalph = "0123456789ABCDEF"; - static char buf[2 * MHASHLEN + 1]; - int i, k; - - if (len == -1) len = strlen(filename); - - for (i = 0; i < MIN(MHASHLEN, len); i++) { - unsigned char v = 0; - for (k = i; k < len; k += MHASHLEN) - v ^= filename[k]; - buf[i*2+0] = hexalph[(v >> 4) & 0x0f]; - buf[i*2+1] = hexalph[(v >> 0) & 0x0f]; - } + static char buf[MHASHLEN + 1]; + int i, k, v; + char c, *bp; - if (i == 0) { - memset(buf, '0', MHASHLEN); - } else if (i < MHASHLEN) { - for (k = 0; k < MHASHLEN; k++) - buf[k] = buf[k % i]; - } + /* VULN #2: BUFFER OVERFLOW */ + /* see documentation/README.md for more details */ + + if (len == -1) len = strlen(str) + 1; - buf[MHASHLEN] = '\0'; + for (v = 0, i = 0; i < len; i++) v += str[i]; + srand(v); + + for (bp = buf, i = 0; i < MHASHLEN / 2; i++) + bp += sprintf(bp, "%02x", str[i % len] ^ (rand() % 256)); return buf; } +int +checkalph(const char *str, const char *alph) +{ + int i; + + for (i = 0; i < strlen(str); i++) + if (!strchr(alph, str[i])) return 0; + + return 1; +} + void freadstr(FILE *f, char **dst) { - size_t start, len; + size_t start, len, tmp; + char c; + + /* VULN #1: BAD CAST */ + /* see documentation/README.md for more details */ start = ftell(f); - for (len = 0; fgetc(f) > 0; len++); + for (len = 0; (c = fgetc(f)) != EOF && c; len++); fseek(f, start, SEEK_SET); *dst = checkp(calloc(1, len + 1)); - fread(*dst, len, 1, f); + tmp = fread(*dst, len, 1, f); fgetc(f); } @@ -111,6 +118,8 @@ ask(const char *fmtstr, ...) if (echo) printf("%s\n", linebuf); } + if (fail) errno = EBADMSG; + return fail ? "" : linebuf; } @@ -123,7 +132,7 @@ dump(const char *filename) if (!(f = fopen(filename, "r"))) return; - while ((nb = fread(buf, 1, sizeof(buf), f))) + while ((nb = fread(buf, 1, sizeof(buf) - 1, f))) printf("%.*s\n", nb, buf); fclose(f); |