From f5fcbe0e989f37ed08e46ed94f5f99660cea6340 Mon Sep 17 00:00:00 2001 From: Zoltan Fridrich Date: Thu, 27 May 2021 14:55:03 +0200 Subject: [PATCH] Fix important issues from static analysis --- aide-static-analysis.patch | 171 +++++++++++++++++++++++++++++++++++++ aide.spec | 7 +- 2 files changed, 176 insertions(+), 2 deletions(-) create mode 100644 aide-static-analysis.patch diff --git a/aide-static-analysis.patch b/aide-static-analysis.patch new file mode 100644 index 0000000..78b79ce --- /dev/null +++ b/aide-static-analysis.patch @@ -0,0 +1,171 @@ +Only in b: config.log +diff --color -ru a/contrib/sshaide.sh b/contrib/sshaide.sh +--- a/contrib/sshaide.sh 2016-07-25 22:56:55.000000000 +0200 ++++ b/contrib/sshaide.sh 2021-05-20 11:11:24.112542472 +0200 +@@ -260,7 +260,7 @@ + _randword=`grep -n . ${_wordlist} | grep "^${_linenum}:" | cut -d: -f2` + + # If $_randword has anything other than lower-case chars, try again +- (echo ${_randword} | LC_ALL=C grep '[^a-z]' 2>&1 >> /dev/null \ ++ ({ echo ${_randword} | LC_ALL=C grep '[^a-z]' 2>&1; } >> /dev/null \ + && gen_rand_word ) || \ + + # Return the word +diff --color -ru a/src/commandconf.c b/src/commandconf.c +--- a/src/commandconf.c 2021-05-20 10:37:53.842382143 +0200 ++++ b/src/commandconf.c 2021-05-25 14:16:43.278526146 +0200 +@@ -313,7 +313,7 @@ + } else { + /* gzread returns 0 even if uncompressed bytes were read*/ + error(240,"nread=%d,strlen(buf)=%lu,errno=%s,gzerr=%s\n", +- retval,(unsigned long)strnlen((char*)buf, max_size), ++ retval,(unsigned long)strnlen((char*)buf, retval), + strerror(errno),gzerror(*db_gzp,&err)); + if(retval==0){ + retval=strnlen((char*)buf, max_size); +@@ -836,6 +836,11 @@ + } + break; + } ++ default: { ++ error(0,"Unsupported dbtype.\n"); ++ free(u); ++ break; ++ } + } + } + free(val); +@@ -900,7 +905,7 @@ + } else { + error_init(u,0); + } +- ++ free(u->value); + free(u); + } + +diff --color -ru a/src/db_disk.c b/src/db_disk.c +--- a/src/db_disk.c 2021-05-20 10:37:53.842382143 +0200 ++++ b/src/db_disk.c 2021-05-20 12:37:00.081493364 +0200 +@@ -125,10 +125,10 @@ + + ret = (char *) malloc (len); + ret[0] = (char) 0; +- strncpy(ret, conf->root_prefix, conf->root_prefix_length+1); +- strncat (ret, r->path, len2); ++ strcpy(ret, conf->root_prefix); ++ strcat (ret, r->path); + if (r->path[len2 - 1] != '/') { +- strncat (ret, "/", 1); ++ strcat (ret, "/"); + } + strcat (ret, s); + return ret; +@@ -207,8 +207,8 @@ + if (!root_handled) { + root_handled = 1; + fullname=malloc((conf->root_prefix_length+2)*sizeof(char)); +- strncpy(fullname, conf->root_prefix, conf->root_prefix_length+1); +- strncat (fullname, "/", 1); ++ strcpy(fullname, conf->root_prefix); ++ strcat (fullname, "/"); + if (!get_file_status(&fullname[conf->root_prefix_length], &fs)) { + add = check_rxtree (&fullname[conf->root_prefix_length], conf->tree, &attr, fs.st_mode); + error (240, "%s match=%d, tree=%p, attr=%llu\n", &fullname[conf->root_prefix_length], add, +@@ -346,8 +346,8 @@ + error (255, "r->childs %p, r->parent %p,r->checked %i\n", + r->childs, r->parent, r->checked); + fullname=malloc((conf->root_prefix_length+strlen(r->path)+1)*sizeof(char)); +- strncpy(fullname, conf->root_prefix, conf->root_prefix_length+1); +- strncat(fullname, r->path, strlen(r->path)); ++ strcpy(fullname, conf->root_prefix); ++ strcat(fullname, r->path); + dirh=open_dir(fullname); + if (! dirh) { + +@@ -441,8 +441,8 @@ + + + char* fullname=malloc((conf->root_prefix_length+2)*sizeof(char)); +- strncpy(fullname, conf->root_prefix, conf->root_prefix_length+1); +- strncat (fullname, "/", 1); ++ strcpy(fullname, conf->root_prefix); ++ strcat (fullname, "/"); + dirh=open_dir(fullname); + free(fullname); + +diff --color -ru a/src/error.c b/src/error.c +--- a/src/error.c 2021-05-20 10:37:53.836382037 +0200 ++++ b/src/error.c 2021-05-21 11:49:09.781313097 +0200 +@@ -125,7 +125,7 @@ + fh=be_init(0,url,0); + if(fh!=NULL) { + conf->report_fd=list_append(conf->report_fd,(void*)fh); +- conf->report_url=list_append(conf->report_url,(void*)url); ++ conf->report_url=list_append(conf->report_url,(void*)strdup(url)); + return RETOK; + } + +diff --color -ru a/src/util.c b/src/util.c +--- a/src/util.c 2021-05-20 10:37:53.843382160 +0200 ++++ b/src/util.c 2021-05-25 11:04:39.507278771 +0200 +@@ -105,13 +105,15 @@ + for(i=0;r[0]!='/'&&r[0]!='\0';r++,i++); + if(r[0]=='\0'){ + error(0,"Invalid file-URL,no path after hostname: file:%s\n",t); ++ free(u); ++ free(val_copy); + free(hostname); + return NULL; + } + u->value=strdup(r); + r[0]='\0'; + if(gethostname(hostname,MAXHOSTNAMELEN)==-1){ +- strncpy(hostname,"localhost", 10); ++ strncpy(hostname,"localhost",MAXHOSTNAMELEN); + } + + if( (strcmp(t,"localhost")==0)||(strcmp(t,hostname)==0)){ +@@ -119,6 +121,9 @@ + break; + } else { + error(0,"Invalid file-URL, cannot use hostname other than localhost or %s: file:%s\n",hostname,u->value); ++ free(u->value); ++ free(u); ++ free(val_copy); + free(hostname); + return NULL; + } +@@ -229,6 +234,10 @@ + int i=0; + + pc=(char*)malloc(sizeof(char)*11); ++ if (!pc) { ++ error(0, "Memory allocation failed.\n"); ++ return NULL; ++ } + for(i=0;i<10;i++){ + pc[i]='-'; + } +@@ -369,14 +378,17 @@ + + if (path != NULL) { + if (path[0] == '~') { +- if((homedir=getenv("HOME")) != NULL) { ++ if ((homedir=getenv("HOME")) != NULL) { + path_len = strlen(path+sizeof(char)); + homedir_len = strlen(homedir); + full_len = homedir_len+path_len; + full = malloc(sizeof(char) * (full_len+1)); +- strncpy(full, homedir, homedir_len); +- strncpy(full+homedir_len, path+sizeof(char), path_len); +- full[full_len] = '\0'; ++ if (!full) { ++ error(0, "Memory allocation failed.\n"); ++ return path; ++ } ++ strcpy(full, homedir); ++ strcat(full, path+sizeof(char)); + free(path); + /* Don't free(homedir); because it is not safe on some platforms */ + path = full; diff --git a/aide.spec b/aide.spec index cfdbb65..c3b6c38 100644 --- a/aide.spec +++ b/aide.spec @@ -1,7 +1,7 @@ Summary: Intrusion detection environment Name: aide Version: 0.16 -Release: 19%{?dist} +Release: 20%{?dist} URL: http://sourceforge.net/projects/aide License: GPLv2+ @@ -37,6 +37,7 @@ Patch5: aide-0.16-crypto-disable-haval-and-others.patch Patch6: coverity.patch Patch7: aide-0.16-crash-elf.patch Patch8: aide-configure.patch +Patch9: aide-static-analysis.patch %description AIDE (Advanced Intrusion Detection Environment) is a file integrity @@ -83,10 +84,12 @@ mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide %dir %attr(0700,root,root) %{_localstatedir}/log/aide %changelog -* Thu May 20 2021 Zoltan Fridrich - 0.16-19 +* Thu May 27 2021 Zoltan Fridrich - 0.16-20 - fix configuration option with-dbhmactype - do not use sha1 and md5 by default Resolves: rhbz#1935457 +- fix important static analysis issues + Resolves: rhbz#1938676 * Mon May 10 2021 Zoltan Fridrich - 0.16-19 - use gating and config file from rhel-8.5