1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
|
From: Matthew Pruett <matthewtpruett@yahoo.com>
Date: Mon, 29 Apr 2024 16:56:56 -0400
Subject: Fix handling externally-controlled format strings and buffer overflows
Origin: upstream, https://github.com/jaygreig86/dmitry/pull/12/
Forwarded: not-needed
---
src/dmitry.c | 9 ++++++---
src/iwhois.c | 4 ++--
src/mailsearch.c | 9 ++++++---
src/subsearch.c | 7 +++++--
4 files changed, 19 insertions(+), 10 deletions(-)
diff --git a/src/dmitry.c b/src/dmitry.c
index 2844192..567482d 100644
--- a/src/dmitry.c
+++ b/src/dmitry.c
@@ -96,7 +96,8 @@ int main(int argc, char **argv)
snprintf(outputfile, sizeof(outputfile), "%s.txt", argv[argc-1]);
}
else {
- strcpy(outputfile, optarg);
+ strncpy(outputfile, optarg, sizeof(outputfile) - 1);
+ outputfile[sizeof(outputfile) - 1] = '\0';
}
break;
case 'v':
@@ -143,14 +144,16 @@ int main(int argc, char **argv)
print_line("ERROR: Unable to locate Host IP addr. for %s\n", argv[argc - 1]);
print_line("Continuing with limited modules\n");
}
- strcpy(host_name, argv[argc - 1]);
+ strncpy(host_name, argv[argc - 1], MAXNAMELEN - 1);
+ host_name[MAXNAMELEN - 1] = '\0';
break;
default:
if (! get_host(argv[argc - 1], host_name) ) {
print_line("ERROR: Unable to locate Host Name for %s\n", argv[argc - 1]);
print_line("Continuing with limited modules\n");
}
- strcpy(host_ip, argv[argc - 1]);
+ strncpy(host_ip, argv[argc - 1], MAXIPLEN - 1);
+ host_ip[MAXIPLEN - 1] = '\0';
break;
}
print_line("HostIP:%s\n", host_ip);
diff --git a/src/iwhois.c b/src/iwhois.c
index 6b25e7e..c629013 100644
--- a/src/iwhois.c
+++ b/src/iwhois.c
@@ -9,11 +9,11 @@ int get_iwhois(char *host)
/* Print introduction to function */
memset(linebuff, '\0', sizeof(linebuff));
snprintf(linebuff, sizeof(linebuff), "\nGathered Inet-whois information for %s\n", host);
- print_line(linebuff);
+ print_line("%s", linebuff);
memset(linebuff, '\0', sizeof(linebuff));
snprintf(linebuff, sizeof(linebuff), "---------------------------------\n\n");
- print_line(linebuff);
+ print_line("%s", linebuff);
if (! host[0] ){
print_line("ERROR: No Host IP to work from\n");
if ( strlen(outputfile) ) file_close();
diff --git a/src/mailsearch.c b/src/mailsearch.c
index 8b72d94..4dcb734 100644
--- a/src/mailsearch.c
+++ b/src/mailsearch.c
@@ -20,7 +20,10 @@ int get_emails(char *host)
} while ( host[ctr] != '\n' && host[ctr] != '\0' );
hostwww[strlen(hostwww)] = '\0';
}
- else strcpy(hostwww, host);
+ else {
+ strncpy(hostwww, host, sizeof(hostwww) - 1);
+ hostwww[sizeof(hostwww) - 1] = '\0';
+ }
if (strlen(outputfile)) file_open();
@@ -76,7 +79,7 @@ int get_emails(char *host)
memset(sendbuff, '\0', sizeof(sendbuff));
snprintf(sendbuff, sizeof(sendbuff), "Found %d E-Mail(s) for host %s, Searched %d pages containing %d results\n", emailcount, hostwww, totalpages, totalpages*100);
- print_line(sendbuff);
+ print_line("%s", sendbuff);
if (strlen(outputfile)) file_close();
return 0;
}
@@ -177,7 +180,7 @@ int emaillist(char *email, char *host)
strcpy(emailbuff[emailcount], email);
snprintf(output, sizeof(output), "%s%s\n", emailbuff[emailcount], host);
- print_line(output);
+ print_line("%s", output);
emailcount++;
return 0;
}
diff --git a/src/subsearch.c b/src/subsearch.c
index df6bdff..be42303 100644
--- a/src/subsearch.c
+++ b/src/subsearch.c
@@ -20,7 +20,10 @@ int get_subdomains(char *host)
} while ( host[ctr] != '\n' && host[ctr] != '\0' );
hostwww[strlen(hostwww)] = '\0';
}
- else strcpy(hostwww, host);
+ else {
+ strncpy(hostwww, host, sizeof(hostwww) - 1);
+ hostwww[sizeof(hostwww) - 1] = '\0';
+ }
if (strlen(outputfile)) file_open();
@@ -74,7 +77,7 @@ int get_subdomains(char *host)
if (subcount == -1) subcount = 0;
memset(sendbuff, '\0', sizeof(sendbuff));
snprintf(sendbuff, sizeof(sendbuff), "Found %d possible subdomain(s) for host %s, Searched %d pages containing %d results\n", subcount, hostwww, totalpages, totalpages*100);
- print_line(sendbuff);
+ print_line("%s", sendbuff);
if (strlen(outputfile)) file_close();
return 0;
}
|
