Make chiseldir_info.m_dir a C++ std::string

This fixes a few potential overflows
draios · Aug 6, 2019 · ce8281b · ce8281b
1 parent 249b355
commit ce8281b
Show file tree

Hide file tree

Showing 4 changed files with 25 additions and 17 deletions.
diff --git a/userspace/libsinsp/chisel.cpp b/userspace/libsinsp/chisel.cpp
@@ -1106,7 +1106,7 @@ void sinsp_chisel::get_chisel_list(vector<chisel_desc>* chisel_descs)
 
 		tinydir_dir dir = {};
 
-		tinydir_open(&dir, it->m_dir);
+		tinydir_open(&dir, it->m_dir.c_str());
 
 		while(dir.has_next)
 		{

diff --git a/userspace/libsinsp/chisel.h b/userspace/libsinsp/chisel.h
@@ -38,7 +38,7 @@ typedef struct lua_State lua_State;
 typedef struct chiseldir_info
 {
 	bool m_need_to_resolve;
-	char m_dir[1024];
+	std::string m_dir;
 }chiseldir_info;
 
 class chiselarg_desc

diff --git a/userspace/libsinsp/sinsp.cpp b/userspace/libsinsp/sinsp.cpp
@@ -1948,7 +1948,7 @@ void sinsp::add_chisel_dir(string dirname, bool front_add)
 
 	chiseldir_info ncdi;
 
-	strcpy(ncdi.m_dir, dirname.c_str());
+	ncdi.m_dir = std::move(dirname);
 	ncdi.m_need_to_resolve = false;
 
 	if(front_add)

diff --git a/userspace/libsinsp/utils.cpp b/userspace/libsinsp/utils.cpp
@@ -31,6 +31,7 @@ limitations under the License.
 #include <strings.h>
 #include <sys/ioctl.h>
 #include <fnmatch.h>
+#include <string>
 #else
 #pragma comment(lib, "Ws2_32.lib")
 #include <WinSock2.h>
@@ -71,19 +72,29 @@ const chiseldir_info g_chisel_dirs_array[] =
 #endif
 
 #ifndef _WIN32
-char* realpath_ex(const char *path, char *buff)
+static std::string realpath_ex(const std::string& path)
 {
 	char *home;
+	char* resolved;
 
-	if(*path=='~' && (home = getenv("HOME")))
+	if(!path.empty() && path[0]=='~' && (home = getenv("HOME")))
 	{
-		char s[PATH_MAX];
-		return realpath(strncat(strncpy(s, home, sizeof(s)), path+1, sizeof(path)+1), buff);
-		}
+		std::string expanded_home = home;
+		expanded_home += path.c_str()+1;
+		resolved = realpath(expanded_home.c_str(), nullptr);
+	}
 	else
 	{
-		return realpath(path, buff);
+		resolved = realpath(path.c_str(), nullptr);
+	}
+
+	if (!resolved)
+	{
+		return "";
 	}
+	std::string ret = resolved;
+	free(resolved);
+	return resolved;
 }
 #endif
 
@@ -133,20 +144,17 @@ sinsp_initializer::sinsp_initializer()
 		if(g_chisel_dirs_array[j].m_need_to_resolve)
 		{
 #ifndef _WIN32
-			char resolved_path[PATH_MAX];
-
-			if(realpath_ex(g_chisel_dirs_array[j].m_dir, resolved_path) != NULL)
+			std::string resolved_path = realpath_ex(g_chisel_dirs_array[j].m_dir);
+			if(!resolved_path.empty())
 			{
-				string resolved_path_str(resolved_path);
-
-				if(resolved_path_str[resolved_path_str.size() -1] != '/')
+				if(resolved_path[resolved_path.size() - 1] != '/')
 				{
-					resolved_path_str += "/";
+					resolved_path += '/';
 				}
 
 				chiseldir_info cdi;
 				cdi.m_need_to_resolve = false;
-				sprintf(cdi.m_dir, "%s", resolved_path_str.c_str());
+				cdi.m_dir = std::move(resolved_path);
 				g_chisel_dirs->push_back(cdi);
 			}
 #else