Closed
Bug 281666
Opened 20 years ago
Closed 19 years ago
Fixes unchecked use of strcpy/strcat + memory holes in nsDirPrefs.cpp
Categories
(MailNews Core :: Address Book, defect)
MailNews Core
Address Book
Tracking
(Not tracked)
VERIFIED
FIXED
People
(Reporter: tim.ruehsen, Assigned: standard8)
References
Details
Attachments
(3 files, 3 obsolete files)
51.24 KB,
patch
|
standard8
:
review+
neil
:
superreview+
|
Details | Diff | Splinter Review |
62.10 KB,
patch
|
Details | Diff | Splinter Review | |
1.19 KB,
patch
|
Bienvenu
:
review+
Bienvenu
:
superreview+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (compatible; Konqueror/3.3; Linux) KHTML/3.3.2 (like Gecko) Build Identifier: - found 2 or 3 places with memory not freed in any case (e.g. see dir_SaveReplicationInfo()) - introduced more NULL checks for function params - replaced strcpy/strcat by PR_snprintf+assertion on buffer overflow - removed these ugly and confusing 'scratch' buffers (this introduces a larger stack usage) Reproducible: Always
Reporter | ||
Comment 1•20 years ago
|
||
Attachment #173865 -
Flags: review?(bienvenu)
Updated•19 years ago
|
Assignee: sspitzer → mail
Assignee | ||
Updated•19 years ago
|
Assignee: mail → nobody
Component: Address Book → MailNews: Address Book
Product: Mozilla Application Suite → Core
QA Contact: addressbook
Version: unspecified → Trunk
Assignee | ||
Comment 2•19 years ago
|
||
Comment on attachment 173865 [details] [diff] [review] cvs diff for nsDirPrefs.cpp I'm setting r- on behalf of bienvenu. This patch currently bitrots on apply, could you update it and post a fresh one? (and we'll try and review it a bit sooner this time). Generally the idea looks good and it'll be nice to have a bit more of a tidy up in nsDirPrefs. However whilst I'm here a couple of comments from a quick look at it: + if (!server) + { + NS_ASSERTION(PR_FALSE, "server is null"); + return NS_ERROR_FAILURE; + } a check for a null pointer passed to a function can be done better by NS_ENSURE_ARG_POINTER(server) IMHO it would be better to convert the "scratch" buffer: - PL_strcpy(scratch, prefRoot); - PL_strcat(scratch, "."); - PL_strcat(scratch, prefLeaf); to nsAutoString or something similar rather than use PR_snprintf.
Attachment #173865 -
Flags: review?(bienvenu) → review-
Assignee | ||
Comment 3•19 years ago
|
||
I have checked with Tim, and he's no longer working on Mozilla :-( However, he said I could take his patch on and update it, so I'll do this at some stage in the next couple of weeks and tidy up nsDirPrefs a bit more.
Assignee: nobody → bugzilla
Assignee | ||
Comment 4•19 years ago
|
||
This takes Tim's original patch and reimplements it for the current tree. In addiiton, I've tried to make some improvements on the way, and also only checked for the presence of parameters where I think its really necessary (typically when the calling functions don't do it). I have also done a lot of tab removal and whitespace clean up - hence the -w patch.
Attachment #204856 -
Flags: review?(bienvenu)
Assignee | ||
Comment 5•19 years ago
|
||
Updated•19 years ago
|
Attachment #204856 -
Flags: review?(bienvenu) → review+
Assignee | ||
Updated•19 years ago
|
Attachment #204856 -
Flags: superreview?(neil.parkwaycc.co.uk)
Comment 6•19 years ago
|
||
Comment on attachment 204856 [details] [diff] [review] New version (-w) Mostly OK, but a couple of issues that apply in several places: >+ nsXPIDLCString prefValue; >+ >+ prefValue.Append(prefRoot); >+ prefValue.Append('.'); >+ prefValue.Append(prefLeaf); > >+ if (NS_SUCCEEDED(pPref->GetCharPref(prefValue, getter_Copies(value)))) This should be something like nsCAutoString prefLocation(prefRoot); and prefLocation.get(); >+ replPrefName.Append(NS_LITERAL_CSTRING(".replication")); Don't Append an NS_LITERAL_CSTRING when you can AppendLiteral instead. >+ if (!PR_snprintf (prefLocation, 128, "%s.filter%d", prefstring, filterNum)) >+ { >+ NS_WARNING("DIR_GetCustomFilterPrefs: Buffer too small"); >+ continue; >+ } > >+ nsCAutoString branch(prefLocation); Please construct an nsCAutoString prefLocation.
Attachment #204856 -
Flags: superreview?(neil.parkwaycc.co.uk) → superreview-
Assignee | ||
Comment 7•19 years ago
|
||
Revised version addressing Neil's review comments.
Attachment #204856 -
Attachment is obsolete: true
Attachment #206917 -
Flags: superreview?(neil.parkwaycc.co.uk)
Attachment #206917 -
Flags: review+
Assignee | ||
Comment 8•19 years ago
|
||
The non -w version.
Attachment #204857 -
Attachment is obsolete: true
Assignee | ||
Updated•19 years ago
|
Attachment #173865 -
Attachment is obsolete: true
Comment 9•19 years ago
|
||
Comment on attachment 206917 [details] [diff] [review] New version v2 (-w) Some double blank lines strangely showed up on the interdiff, although there's obviously no sign of them here.
Attachment #206917 -
Flags: superreview?(neil.parkwaycc.co.uk) → superreview+
Assignee | ||
Comment 10•19 years ago
|
||
Comment on attachment 206918 [details] [diff] [review] New version v2 (normal patch), checked in. This patch has now been checked in. Checking in mailnews/addrbook/src/nsDirPrefs.cpp; /cvsroot/mozilla/mailnews/addrbook/src/nsDirPrefs.cpp,v <-- nsDirPrefs.cpp new revision: 1.102; previous revision: 1.101
Attachment #206918 -
Attachment description: New version v2 (normal patch) → New version v2 (normal patch), checked in.
Assignee | ||
Comment 11•19 years ago
|
||
This bug is now fixed, thanks to Tim for the initial patch.
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 12•19 years ago
|
||
I just noticed I caused a regression in address book prefs - we are setting extra string prefs even when the values are the default values :-(
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Assignee | ||
Comment 13•19 years ago
|
||
This patch fixes the comparison of the default value with the new value (not the prefLocation - opps). Think I probably overdid the copy & paste.
Attachment #207112 -
Flags: superreview?(bienvenu)
Attachment #207112 -
Flags: review?(bienvenu)
Updated•19 years ago
|
Attachment #207112 -
Flags: superreview?(bienvenu)
Attachment #207112 -
Flags: superreview+
Attachment #207112 -
Flags: review?(bienvenu)
Attachment #207112 -
Flags: review+
Assignee | ||
Updated•19 years ago
|
Attachment #207112 -
Attachment description: regression fix → regression fix (checked in)
Assignee | ||
Comment 14•19 years ago
|
||
Regression fix checked in -> fixed.
Status: REOPENED → RESOLVED
Closed: 19 years ago → 19 years ago
Resolution: --- → FIXED
Verified via proxy (reviews, code inspection using LXR, etc.)
Status: RESOLVED → VERIFIED
Updated•16 years ago
|
Product: Core → MailNews Core
You need to log in
before you can comment on or make changes to this bug.
Description
•