FGFS-4.1/OpenSceneGraph
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added safety check for getenv parsing to prevent overflow attacks via getenv.

Browse Source
This commit is contained in:
Robert Osfield 2017-11-01 16:43:32 +00:00
parent 3b85aa35df
commit 0e7e06349e
1 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
include/osg/EnvVar
View File

@ -22,6 +22,13 @@
namespace osg { namespace osg {
inline unsigned int getClampedLength(const char* str, unsigned int maxNumChars=4096)
{
unsigned int i = 0;
while(i<maxNumChars && str[i]!=0) { ++i; }
return i;
}
template<typename T> template<typename T>
inline bool getEnvVar(const char* name, T& value) inline bool getEnvVar(const char* name, T& value)
{ {
@ -29,7 +36,7 @@ inline bool getEnvVar(const char* name, T& value)
const char* ptr = getenv(name); const char* ptr = getenv(name);
if (!ptr) return false; if (!ptr) return false;
std::istringstream str(ptr); std::istringstream str(std::string(ptr, getClampedLength(ptr)));
str >> value; str >> value;
return !str.fail(); return !str.fail();
#else #else
@ -44,7 +51,7 @@ inline bool getEnvVar(const char* name, std::string& value)
const char* ptr = getenv(name); const char* ptr = getenv(name);
if (!ptr) return false; if (!ptr) return false;
value = ptr; value.assign(ptr, getClampedLength(ptr));
return true; return true;
#else #else
return false; return false;
@ -58,7 +65,7 @@ inline bool getEnvVar(const char* name, T1& value1, T2& value2)
const char* ptr = getenv(name); const char* ptr = getenv(name);
if (!ptr) return false; if (!ptr) return false;
std::istringstream str(ptr); std::istringstream str(std::string(ptr, getClampedLength(ptr)));
str >> value1 >> value2; str >> value1 >> value2;
return !str.fail(); return !str.fail();
#else #else
@ -73,7 +80,7 @@ inline bool getEnvVar(const char* name, T1& value1, T2& value2, T3& value3)
const char* ptr = getenv(name); const char* ptr = getenv(name);
if (!ptr) return false; if (!ptr) return false;
std::istringstream str(ptr); std::istringstream str(std::string(ptr, getClampedLength(ptr)));
str >> value1 >> value2 >> value3; str >> value1 >> value2 >> value3;
return !str.fail(); return !str.fail();
#else #else
@ -88,7 +95,7 @@ inline bool getEnvVar(const char* name, T1& value1, T2& value2, T3& value3, T4&
const char* ptr = getenv(name); const char* ptr = getenv(name);
if (!ptr) return false; if (!ptr) return false;
std::istringstream str(ptr); std::istringstream str(std::string(ptr, getClampedLength(ptr)));
str >> value1 >> value2 >> value3 >> value4; str >> value1 >> value2 >> value3 >> value4;
return !str.fail(); return !str.fail();
#else #else