From 89620e8751b78ab1d9d57763cb239c5bf8d0e9bf Mon Sep 17 00:00:00 2001 From: lily Date: Tue, 13 Jan 2026 13:03:16 +1100 Subject: [PATCH] Fix vulnerabilities --- src/main.c | 55 +++++++++++++++++++++++++++++++++++++++++++++++++--- src/solver.c | 14 ++++++++----- 2 files changed, 61 insertions(+), 8 deletions(-) diff --git a/src/main.c b/src/main.c index afe2cc1..bd1ad78 100644 --- a/src/main.c +++ b/src/main.c @@ -2,6 +2,10 @@ #include #include #include +#include +#include +#include +#include #include "config.h" void check_init() { @@ -20,9 +24,54 @@ void check_init() { } void run(int runlevel) { - char command[1024]; - snprintf(command, sizeof(command), "cd %s && PATH=\"$PATH:%s\" %s %d", INIT_DIRECTORY, INIT_DIRECTORY, SHELL, runlevel); - system(command); + char runlevel_str[12]; + snprintf(runlevel_str, sizeof(runlevel_str), "%d", runlevel); + + pid_t pid = fork(); + if (pid == -1) { + perror("fork"); + exit(1); + } + + if (pid == 0) { + // Child process + if (chdir(INIT_DIRECTORY) != 0) { + perror("chdir"); + _exit(1); + } + + const char *old_path = getenv("PATH"); + char *new_path = NULL; + if (old_path) { + size_t len = strlen(old_path) + strlen(INIT_DIRECTORY) + 2; + new_path = (char *)malloc(len); + if (new_path) { + snprintf(new_path, len, "%s:%s", old_path, INIT_DIRECTORY); + } + } else { + size_t len = strlen(INIT_DIRECTORY) + 1; + new_path = (char *)malloc(len); + if (new_path) { + snprintf(new_path, len, "%s", INIT_DIRECTORY); + } + } + + if (new_path) { + setenv("PATH", new_path, 1); + free(new_path); + } + + execl(SHELL, SHELL, runlevel_str, (char *)NULL); + perror("execl"); + _exit(1); + } else { + // Parent process + int status; + if (waitpid(pid, &status, 0) == -1) { + perror("waitpid"); + exit(1); + } + } } int main(int argc, char* argv[]) { diff --git a/src/solver.c b/src/solver.c index e4b5ff2..714d70a 100644 --- a/src/solver.c +++ b/src/solver.c @@ -45,15 +45,16 @@ static int has_char_before_dot(const char *filename, char c) { static void get_generic_name(const char *filename, char *dest) { const char *dot = strchr(filename, '.'); if (dot) { - strcpy(dest, dot + 1); + strncpy(dest, dot + 1, MAX_NAME - 1); } else { - strcpy(dest, filename); + strncpy(dest, filename, MAX_NAME - 1); } + dest[MAX_NAME - 1] = '\0'; } static int find_script_idx(const char *generic_name) { for (int i = 0; i < num_scripts; i++) { - if (strcmp(scripts[i].generic_name, generic_name) == 0) { + if (strncmp(scripts[i].generic_name, generic_name, MAX_NAME) == 0) { return i; } } @@ -82,7 +83,8 @@ void solve_dependencies(char runlevel) { if (num_scripts >= MAX_SCRIPTS) break; Script *s = &scripts[num_scripts]; - strncpy(s->full_name, dir->d_name, MAX_NAME); + strncpy(s->full_name, dir->d_name, MAX_NAME - 1); + s->full_name[MAX_NAME - 1] = '\0'; get_generic_name(dir->d_name, s->generic_name); s->num_dependencies = 0; s->in_degree = 0; @@ -100,7 +102,9 @@ void solve_dependencies(char runlevel) { } char *token = strtok(start, " \t\n\r"); while (token && s->num_dependencies < MAX_DEPS) { - strncpy(s->dependencies[s->num_dependencies++], token, MAX_NAME); + strncpy(s->dependencies[s->num_dependencies], token, MAX_NAME - 1); + s->dependencies[s->num_dependencies][MAX_NAME - 1] = '\0'; + s->num_dependencies++; token = strtok(NULL, " \t\n\r"); } }