Skip to content

Commit e17fdf0

Browse files
robang74robang74
committed
util-linux/ipcs.c: use of potentially dangerous function (fix 1)
Alerts: mirror#96-93,91,88-83,81-77 +:git-shell:security:busybox> size busybox text data bss dec hex filename 1155501 18124 2056 1175681 11f081 busybox 1155670 18132 2056 1175858 11f132 busybox Total +177 Signed-off-by: Roberto A. Foglietta <roberto.foglietta@gmail.com>
1 parent b6c9c72 commit e17fdf0

1 file changed

Lines changed: 25 additions & 19 deletions

File tree

util-linux/ipcs.c

Lines changed: 25 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -205,17 +205,18 @@ static NOINLINE void do_shm(int format)
205205
pw = getpwuid(ipcp->uid);
206206
switch (format) {
207207
case TIME:
208+
char tbuf[CTIME_BUF_MAXLEN];
208209
if (pw)
209210
printf("%-10d %-10.10s", shmid, pw->pw_name);
210211
else
211212
printf("%-10d %-10d", shmid, ipcp->uid);
212-
/* ctime uses static buffer: use separate calls */
213+
/* ctime_r uses the same buffer: do separate calls */
213214
printf(" %-20.16s", shmseg.shm_atime
214-
? ctime(&shmseg.shm_atime) + 4 : "Not set");
215+
? ctime_r(&shmseg.shm_atime,tbuf) + 4 : "Not set");
215216
printf(" %-20.16s", shmseg.shm_dtime
216-
? ctime(&shmseg.shm_dtime) + 4 : "Not set");
217+
? ctime_r(&shmseg.shm_dtime,tbuf) + 4 : "Not set");
217218
printf(" %-20.16s\n", shmseg.shm_ctime
218-
? ctime(&shmseg.shm_ctime) + 4 : "Not set");
219+
? ctime_r(&shmseg.shm_ctime,tbuf) + 4 : "Not set");
219220
break;
220221
case PID:
221222
if (pw)
@@ -321,15 +322,16 @@ static NOINLINE void do_sem(int format)
321322
pw = getpwuid(ipcp->uid);
322323
switch (format) {
323324
case TIME:
325+
char tbuf[CTIME_BUF_MAXLEN];
324326
if (pw)
325327
printf("%-8d %-10.10s", semid, pw->pw_name);
326328
else
327329
printf("%-8d %-10d", semid, ipcp->uid);
328-
/* ctime uses static buffer: use separate calls */
330+
/* ctime_r uses the same buffer: do separate calls */
329331
printf(" %-26.24s", semary.sem_otime
330-
? ctime(&semary.sem_otime) : "Not set");
332+
? ctime_r(&semary.sem_otime,tbuf) : "Not set");
331333
printf(" %-26.24s\n", semary.sem_ctime
332-
? ctime(&semary.sem_ctime) : "Not set");
334+
? ctime_r(&semary.sem_ctime,tbuf) : "Not set");
333335
break;
334336
case PID:
335337
break;
@@ -422,16 +424,17 @@ static NOINLINE void do_msg(int format)
422424
pw = getpwuid(ipcp->uid);
423425
switch (format) {
424426
case TIME:
427+
char tbuf[CTIME_BUF_MAXLEN];
425428
if (pw)
426429
printf("%-8d %-10.10s", msqid, pw->pw_name);
427430
else
428431
printf("%-8d %-10d", msqid, ipcp->uid);
429432
printf(" %-20.16s", msgque.msg_stime
430-
? ctime(&msgque.msg_stime) + 4 : "Not set");
433+
? ctime_r(&msgque.msg_stime,tbuf) + 4 : "Not set");
431434
printf(" %-20.16s", msgque.msg_rtime
432-
? ctime(&msgque.msg_rtime) + 4 : "Not set");
435+
? ctime_r(&msgque.msg_rtime,tbuf) + 4 : "Not set");
433436
printf(" %-20.16s\n", msgque.msg_ctime
434-
? ctime(&msgque.msg_ctime) + 4 : "Not set");
437+
? ctime_r(&msgque.msg_ctime,tbuf) + 4 : "Not set");
435438
break;
436439
case PID:
437440
if (pw)
@@ -464,6 +467,7 @@ static void print_shm(int shmid)
464467
{
465468
struct shmid_ds shmds;
466469
struct ipc_perm *ipcp = &shmds.shm_perm;
470+
char tbuf[CTIME_BUF_MAXLEN];
467471

468472
if (shmctl(shmid, IPC_STAT, &shmds) == -1) {
469473
bb_simple_perror_msg("shmctl");
@@ -480,16 +484,18 @@ static void print_shm(int shmid)
480484
(long) shmds.shm_segsz, shmds.shm_lpid, shmds.shm_cpid,
481485
(long) shmds.shm_nattch);
482486
printf("att_time=%-26.24s\n",
483-
shmds.shm_atime ? ctime(&shmds.shm_atime) : "Not set");
487+
shmds.shm_atime ? ctime_r(&shmds.shm_atime,tbuf) : "Not set");
484488
printf("det_time=%-26.24s\n",
485-
shmds.shm_dtime ? ctime(&shmds.shm_dtime) : "Not set");
486-
printf("change_time=%-26.24s\n\n", ctime(&shmds.shm_ctime));
489+
shmds.shm_dtime ? ctime_r(&shmds.shm_dtime,tbuf) : "Not set");
490+
printf("change_time=%-26.24s\n\n",
491+
ctime_r(&shmds.shm_ctime,tbuf));
487492
}
488493

489494
static void print_msg(int msqid)
490495
{
491496
struct msqid_ds buf;
492497
struct ipc_perm *ipcp = &buf.msg_perm;
498+
char tbuf[CTIME_BUF_MAXLEN];
493499

494500
if (msgctl(msqid, IPC_STAT, &buf) == -1) {
495501
bb_simple_perror_msg("msgctl");
@@ -510,17 +516,18 @@ static void print_msg(int msqid)
510516
(long) buf.msg_qnum, buf.msg_lspid, buf.msg_lrpid);
511517

512518
printf("send_time=%-26.24s\n",
513-
buf.msg_stime ? ctime(&buf.msg_stime) : "Not set");
519+
buf.msg_stime ? ctime_r(&buf.msg_stime,tbuf) : "Not set");
514520
printf("rcv_time=%-26.24s\n",
515-
buf.msg_rtime ? ctime(&buf.msg_rtime) : "Not set");
521+
buf.msg_rtime ? ctime_r(&buf.msg_rtime,tbuf) : "Not set");
516522
printf("change_time=%-26.24s\n\n",
517-
buf.msg_ctime ? ctime(&buf.msg_ctime) : "Not set");
523+
buf.msg_ctime ? ctime_r(&buf.msg_ctime,tbuf) : "Not set");
518524
}
519525

520526
static void print_sem(int semid)
521527
{
522528
struct semid_ds semds;
523529
struct ipc_perm *ipcp = &semds.sem_perm;
530+
char tbuf[CTIME_BUF_MAXLEN];
524531
union semun arg;
525532
unsigned int i;
526533

@@ -539,10 +546,9 @@ static void print_sem(int semid)
539546
ipcp->uid, ipcp->gid, ipcp->cuid, ipcp->cgid,
540547
ipcp->mode, ipcp->mode & 0777,
541548
(long) semds.sem_nsems,
542-
semds.sem_otime ? ctime(&semds.sem_otime) : "Not set");
549+
semds.sem_otime ? ctime_r(&semds.sem_otime,tbuf) : "Not set");
543550
printf("ctime = %-26.24s\n"
544-
"%-10s %-10s %-10s %-10s %-10s\n",
545-
ctime(&semds.sem_ctime),
551+
"%-10s %-10s %-10s %-10s %-10s\n", ctime_r(&semds.sem_ctime,tbuf),
546552
"semnum", "value", "ncount", "zcount", "pid");
547553

548554
arg.val = 0;

0 commit comments

Comments
 (0)