From 4225b3ffd98f365dd8e73dd7f9e8b6a0054b5e2a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anton=20Luka=20=C5=A0ijanec?= Date: Tue, 5 Oct 2021 16:10:31 +0200 Subject: 0.0.16, read debian/changelog --- .gitignore | 1 + Makefile | 4 ++-- debian/changelog | 13 ++++++++++++- src/httpd.c | 15 +++++++++------ src/i18n.h | 7 ++++--- 5 files changed, 28 insertions(+), 12 deletions(-) diff --git a/.gitignore b/.gitignore index 2a46c53..5e9d484 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ sear.c tmp/ valgrind-out.txt +core diff --git a/Makefile b/Makefile index bd7c26b..6db7b8c 100644 --- a/Makefile +++ b/Makefile @@ -1,5 +1,5 @@ DESTDIR=/ - +CC = cc .NOTPARALLEL: default: mkdir tmp -p @@ -9,7 +9,7 @@ default: echo ', 0' >> tmp/hp.xxd xxd -i < src/osdd.xml > tmp/osdd.xxd echo ', 0' >> tmp/osdd.xxd - gcc -Wall -Wextra -pedantic -Wno-unused-parameter -g -Isrc -Itmp -pthread src/main.c $$(xml2-config --libs --cflags) -lmicrohttpd -lm -osear.c + $(CC) -Wall -Wextra -pedantic -Wno-unused-parameter -g -Isrc -Itmp -pthread src/main.c $$(xml2-config --libs --cflags) -lmicrohttpd -lm -osear.c install: mkdir -p $(DESTDIR)/usr/bin/ diff --git a/debian/changelog b/debian/changelog index 39ba5db..5dcb664 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,8 +1,19 @@ +sear.c (0.0.16-1) stable; urgency=low + + * fixed a DoS and possibly RCE security vulnerability that was introduced in + 0.0.12 because of not accounting for length of add_form and not accounting + for the added parameter in hp printf format string + * added notice when SC_LOGMEM is disabled for accessing logs and enabling + heap logging + * all users of versions 0.0.12, 0.0.13, 0.0.14 and 0.0.15 must upgrade asap + + -- Anton Luka Šijanec Tue, 05 Oct 2021 16:00:00 +0200 + sear.c (0.0.15-1) stable; urgency=low * fixed osdd inclusion mechanism for firefox browsers, link needed title - -- Anton Luka Šijanec Tue, 21 Sep 2021 14:00:00 +0200 + -- Anton Luka Šijanec Tue, 21 Sep 2021 14:00:00 +0200 sear.c (0.0.14-3) stable; urgency=low diff --git a/src/httpd.c b/src/httpd.c index dfa06db..514f57a 100644 --- a/src/httpd.c +++ b/src/httpd.c @@ -152,16 +152,19 @@ enum MHD_Result sc_httpd (void * cls, sprintf(response, sc_osdd, host); content_type = "application/opensearchdescription+xml"; break; -#ifdef SC_LOGMEM case 'l': /* logs.html */ { +#ifdef SC_LOGMEM char * logshtml = sc_logshtml(c); - response = malloc(strlen((char *) sc_hp)+strlen(SC_I18N_LOGS)+strlen(logshtml ? logshtml : SC_I18N_LOGS_ERROR)); - sprintf(response, (char *) sc_hp, "", "", SC_I18N_LOGS, logshtml ? logshtml : SC_I18N_LOGS_ERROR); + response = malloc(strlen((char *) sc_hp)+strlen(SC_I18N_LOGS)+strlen(logshtml ? logshtml : SC_I18N_LOGS_ERROR)+strlen(add_form)); + sprintf(response, (char *) sc_hp, "", "", add_form, SC_I18N_LOGS, logshtml ? logshtml : SC_I18N_LOGS_ERROR); free(logshtml); +#else + response = malloc(strlen((char *) sc_hp)+strlen(SC_I18N_LOGS_NOT_ENABLED)+strlen(SC_I18N_HP_ERROR_HEADING)+strlen(SC_I18N_LOGS)+strlen(add_form)); + sprintf(response, (char *) sc_hp, SC_I18N_HP_ERROR_HEADING, "", add_form, SC_I18N_LOGS, SC_I18N_LOGS_NOT_ENABLED); +#endif } break; -#endif } if (!response) { response = malloc(strlen((char *) sc_hp)+strlen(SC_I18N_HP_HEADING)+strlen(SC_I18N_HP_BODY)+strlen(add_form)); @@ -187,8 +190,8 @@ retry: sc_query_google(query, c, NULL, opt); if (already_retried++) { char * safequery = htmlspecialchars(query); - response = malloc(strlen((char*) sc_hp)+strlen(safequery)*2+strlen(SC_I18N_HP_ERROR_HEADING)+strlen(SC_I18N_HP_ERROR_BODY)); - sprintf(response, (char *) sc_hp, safequery, safequery, SC_I18N_HP_ERROR_HEADING, SC_I18N_HP_ERROR_BODY); + response = malloc(strlen((char*) sc_hp)+strlen(safequery)*2+strlen(SC_I18N_HP_ERROR_HEADING)+strlen(SC_I18N_HP_ERROR_BODY)+strlen(add_form)); + sprintf(response, (char *) sc_hp, safequery, safequery, add_form, SC_I18N_HP_ERROR_HEADING, SC_I18N_HP_ERROR_BODY); free(safequery); } else goto retry; } diff --git a/src/i18n.h b/src/i18n.h index 9b5a7cc..8e97c33 100644 --- a/src/i18n.h +++ b/src/i18n.h @@ -3,7 +3,7 @@ #define SC_I18N_NO_DESCRIPTION "ni opisa" #define SC_I18N_HP_HEADING "dobrodošli na prvo stran sear.c" #define SC_I18N_HP_BODY "sear.c je program za anonimizacijo in predpomnenje rezultatov spletnih iskalnikov. " \ - "Za uporabo nekaj vnesite v iskalno vrstico zgoraj in pritisnite gumb za iskanje." + "Za uporabo nekaj vnesite v iskalno vrstico zgoraj in pritisnite gumb za iskanje." #define SC_I18N_NUMBER_OF_RESULTS "število zadetkov" #define SC_I18N_QUERY_TIME "čas poizvedbe" #define SC_I18N_DATETIME_FORMAT "%c" @@ -12,7 +12,8 @@ #define SC_I18N_FAILED "ni uspelo" #define SC_I18N_HP_ERROR_HEADING "napaka!" #define SC_I18N_HP_ERROR_BODY "Pridobivanje rezultatov ni uspelo. Mogoče ni rezultatov. " \ - "Preberite dnevniške zapise." + "Preberite sistemske dnevnike." #define SC_I18N_LOGS "dnevniški zapisi" -#define SC_I18N_LOGS_ERROR "napaka pri branju dnevniških datotek" +#define SC_I18N_LOGS_ERROR "napaka pri branju dnevnikov" +#define SC_I18N_LOGS_NOT_ENABLED "Zbiranje dnevniških zapisov v delovni pomnilnik ni omogočeno. sear.c prevedite z make -e CC=\"cc -DSC_LOGMEM\"; z nastavitvijo zastavice SC_LOGMEM omogočite pregled dnevniških zapisov znotraj aplikacije. Vselej pa se vsi dnevniški zapisi pišejo tudi na standardni izhod, kar se v primeru uporabe sear.c kot systemd storitve shranjuje v sistemske dnevnike." #define SC_I18N_GIT_URL "//git.sijanec.eu/sijanec/sear.c" -- cgit v1.2.3