diff options
Diffstat (limited to 'service/src')
| -rw-r--r-- | service/src/.gitignore | 4 | ||||
| -rw-r--r-- | service/src/Makefile | 1 | ||||
| -rw-r--r-- | service/src/main.c | 27 | ||||
| -rw-r--r-- | service/src/patches/flagstore1.diff | 17 | ||||
| -rw-r--r-- | service/src/patches/flagstore2.diff | 11 | ||||
| -rw-r--r-- | service/src/stlfile.c | 9 | ||||
| -rw-r--r-- | service/src/stlfile.h | 2 | ||||
| -rw-r--r-- | service/src/util.c | 8 | ||||
| -rw-r--r-- | service/src/util.h | 2 |
9 files changed, 20 insertions, 61 deletions
diff --git a/service/src/.gitignore b/service/src/.gitignore deleted file mode 100644 index 5f14e4d..0000000 --- a/service/src/.gitignore +++ /dev/null @@ -1,4 +0,0 @@ -stldoctor -*.o -vgcore.* -safe_* diff --git a/service/src/Makefile b/service/src/Makefile index d7732b3..2fee8c4 100644 --- a/service/src/Makefile +++ b/service/src/Makefile @@ -1,6 +1,5 @@ CFLAGS = -g -I . -# fortify source code CFLAGS += -fPIE -fstack-protector-strong -D_FORTIFY_SOURCE=2 -O2 LDFLAGS = -Wl,-z,now -Wl,-z,relro diff --git a/service/src/main.c b/service/src/main.c index de2bd48..d76ceb8 100644 --- a/service/src/main.c +++ b/service/src/main.c @@ -144,21 +144,21 @@ upload_cmd(const char *arg) bufp = ask("How large is your file? "); len = strtoul(bufp, &end, 10); if (len <= 0 || len >= MAXFILESIZE || *end) { - fprintf(stderr, "Invalid file length!\n"); + printf("Invalid file length!\n"); return; } printf("Ok! Im listening..\n"); contents = checkp(malloc(len + 1)); if (fread(contents, 1, len, stdin) != len) { - fprintf(stderr, "Hm, I'm missing some bytes.. try again!\n"); + printf("Hm, I'm missing some bytes.. try again!\n"); goto cleanup; } contents[len] = '\0'; if ((cached.valid = parse_file(&cached, contents, len))) { if (save_submission(&cached, contents, len) != OK) - fprintf(stderr, "Failed to save your submission!\n"); + printf("Failed to save your submission!\n"); else printf("Your file was saved with ID %s!\n", cached.hash); } @@ -180,7 +180,7 @@ search_cmd(const char *arg) if (arg && !strcmp(arg, "last")) { if (!cached.valid) { - fprintf(stderr, "No cached info report available\n"); + printf("No cached info report available\n"); return; } hash = cached.hash; @@ -201,12 +201,12 @@ search_cmd(const char *arg) } if (i == 0) { - fprintf(stderr, "Sorry, couldnt find a matching scan result!\n"); + printf("Sorry, couldnt find a matching scan result!\n"); goto cleanup; } else { which = strtoul(ask("Which of these results? "), &end, 10); if (which >= i || which < 0 || *end) { - fprintf(stderr, "Invalid index!\n"); + printf("Invalid index!\n"); goto cleanup; } } @@ -224,9 +224,8 @@ search_cmd(const char *arg) } } - /* file got cleaned up during race condition by background task */ if (!scandir) { - fprintf(stderr, "Selected result spontaneously combusted!\n"); + printf("Selected result spontaneously combusted!\n"); goto cleanup; } @@ -271,7 +270,7 @@ list_cmd(const char *arg) DIR *d; if (!loggedin) { - fprintf(stderr, "Not logged in!\n"); + printf("Not logged in!\n"); return; } @@ -283,7 +282,7 @@ list_cmd(const char *arg) path = aprintf("%s/%s/info", resultdir, de->d_name); if ((f = fopen(path, "r"))) { if (load_info(&info, f) != OK) - fprintf(stderr, "Failed to read saved file info!\n"); + printf("Failed to read saved file info!\n"); else print_info(&info); fclose(f); @@ -301,7 +300,7 @@ auth_cmd(const char *arg) int ret; if (loggedin) { - fprintf(stderr, "Already logged in!\n"); + printf("Already logged in!\n"); return; } @@ -313,7 +312,7 @@ auth_cmd(const char *arg) } else if (ret && errno == EEXIST) { printf("Success!\nWelcome back!\n"); } else { - fprintf(stderr, "Auth failed!\n"); + printf("Auth failed!\n"); return; } @@ -339,7 +338,7 @@ main() int exit, i, cmdlen; if (!(resultdir = checkp(strdup(getenv("RESULTDIR"))))) { - fprintf(stderr, "RESULTDIR not defined\n"); + printf("RESULTDIR not defined\n"); return 1; } @@ -371,6 +370,6 @@ main() } if (i == ARRSIZE(commands) && strlen(cmd) != 0) - fprintf(stderr, "No such command!\n"); + printf("No such command!\n"); } } diff --git a/service/src/patches/flagstore1.diff b/service/src/patches/flagstore1.diff deleted file mode 100644 index f0f8d4a..0000000 --- a/service/src/patches/flagstore1.diff +++ /dev/null @@ -1,17 +0,0 @@ ---- a/service/src/safe_util.c -+++ b/service/src/safe_util.c -@@ -78,13 +78,12 @@ void - freadstr(FILE *f, char **dst) - { - size_t start, len, tmp; -- char c; - - /* VULN #1: BAD CAST */ - /* see documentation/README.md for more details */ - - start = ftell(f); -- for (len = 0; (c = fgetc(f)) != EOF && c; len++); -+ for (len = 0; fgetc(f) > 0; len++); - fseek(f, start, SEEK_SET); - - *dst = checkp(calloc(1, len + 1)); diff --git a/service/src/patches/flagstore2.diff b/service/src/patches/flagstore2.diff deleted file mode 100644 index b34a0c0..0000000 --- a/service/src/patches/flagstore2.diff +++ /dev/null @@ -1,11 +0,0 @@ ---- a/service/src/safe_util.c -+++ b/service/src/safe_util.c -@@ -58,7 +58,7 @@ mhash(const char *str, int len) - srand(v); - - for (bp = buf, i = 0; i < MHASHLEN / 2; i++) -- bp += sprintf(bp, "%02x", str[i % len] ^ (rand() % 256)); -+ bp += sprintf(bp, "%02x", (unsigned char) str[i % len] ^ (rand() % 256)); - - return buf; - } diff --git a/service/src/stlfile.c b/service/src/stlfile.c index 88fc430..7b37df4 100644 --- a/service/src/stlfile.c +++ b/service/src/stlfile.c @@ -98,7 +98,7 @@ consume_keyword(char **start) for (i = 0; i < ARRSIZE(kwmap); i++) { len = strlen(kwmap[i].str); if (!strncmp(kwmap[i].str, bp, len) && (!bp[len] || isws(bp[len]))) { - // printf("GOT: %s\n", kwmap[i].str); + *start = bp + len + (bp[len] ? 1 : 0); return kwmap[i].code; } @@ -108,7 +108,7 @@ consume_keyword(char **start) } #define PARSE_FAIL(...) \ - do { fprintf(stderr, "FORMAT ERR: " __VA_ARGS__); goto fail; } while (0) + do { printf("FORMAT ERR: " __VA_ARGS__); goto fail; } while (0) int parse_file_ascii(struct parseinfo *info, char *buf, size_t len) @@ -272,13 +272,12 @@ parse_file(struct parseinfo *info, char *buf, size_t len) if (info->valid) free_info(info); if (len < 7) { - fprintf(stderr, "File too small!\n"); + printf("File too small!\n"); return FAIL; } info->filesize = len; - /* check bin vs ascii with first keyword */ for (bp = buf; isws(*bp); bp++); status = !strncmp("solid", bp, 5) && isws(bp[5]) ? parse_file_ascii(info, buf, len) @@ -290,7 +289,7 @@ parse_file(struct parseinfo *info, char *buf, size_t len) if (!info->modelname) { resp = ask("Please enter your model name: "); if (strlen(resp) < 4) { - fprintf(stderr, "Model name is too short!\n"); + printf("Model name is too short!\n"); return FAIL; } info->modelname = checkp(strdup(resp)); diff --git a/service/src/stlfile.h b/service/src/stlfile.h index d321282..11b7f66 100644 --- a/service/src/stlfile.h +++ b/service/src/stlfile.h @@ -51,4 +51,4 @@ int load_info(struct parseinfo *info, FILE *f); void print_info(struct parseinfo *info); void free_info(struct parseinfo *info); -#endif /* STLFILE_H */ +#endif diff --git a/service/src/util.c b/service/src/util.c index ce22c4e..140d08b 100644 --- a/service/src/util.c +++ b/service/src/util.c @@ -13,7 +13,7 @@ die(const char *fmtstr, ...) va_list ap; va_start(ap, fmtstr); - vfprintf(stderr, fmtstr, ap); + vprintf(fmtstr, ap); va_end(ap); exit(EXIT_FAILURE); @@ -49,9 +49,6 @@ mhash(const char *str, int len) int i, k, v; char c, *bp; - /* VULN #2: BUFFER OVERFLOW */ - /* see documentation/README.md for more details */ - if (len == -1) len = strlen(str); for (v = 0, i = 0; i < len; i++) v += str[i]; @@ -80,9 +77,6 @@ freadstr(FILE *f, char **dst) size_t start, len, tmp; char c; - /* VULN #1: BAD CAST */ - /* see documentation/README.md for more details */ - start = ftell(f); for (len = 0; (c = fgetc(f)) != EOF && c; len++); fseek(f, start, SEEK_SET); diff --git a/service/src/util.h b/service/src/util.h index c0e9064..7b6eed0 100644 --- a/service/src/util.h +++ b/service/src/util.h @@ -35,4 +35,4 @@ float fle32toh(float v); extern int echo; -#endif /* UTIL_H */ +#endif |