From 411d360b8dd014f9bf93dde656897d6fd751ff4b Mon Sep 17 00:00:00 2001 From: shaozhimin Date: Tue, 12 Dec 2023 14:28:04 +0800 Subject: [PATCH] =?UTF-8?q?=E6=81=A2=E5=A4=8Ddiagnostics=E6=A8=A1=E5=9D=97?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- debian/changelog | 9 ++++ debian/control | 3 +- debian/libkysdk-log.install | 2 +- src/log/core.c | 88 +++++++++++++++++++++++++++++++------ src/log/format.c | 21 ++++++--- src/log/klog_dump.c | 15 ++++++- src/log/writeFile.c | 17 ++++++- src/utils/kyutils.c | 18 ++++++++ 8 files changed, 149 insertions(+), 24 deletions(-) diff --git a/debian/changelog b/debian/changelog index 0b96992..d254dac 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,12 @@ +libkysdk-base (2.2.0.0-0k0.4) yangtze; urgency=medium + + * BUG号 : 无 + * 需求号 : 无 + * 其他修改 : 注释掉log模块的日志转储部分 + 解决安全扫描漏洞 + + -- szm-min Thu, 19 Oct 2023 17:18:40 +0800 + libkysdk-base (2.2.0.0-0k0.3) yangtze; urgency=medium * BUG号 : 无 diff --git a/debian/control b/debian/control index 15fbfd6..d48f463 100644 --- a/debian/control +++ b/debian/control @@ -53,7 +53,8 @@ Architecture: all Section: utils Depends: libkysdk-utils-dev(>=1.2.0), libkysdk-timer(>=1.2.0), - libkysdk-basecommon(>=1.2.0) + libkysdk-basecommon(>=1.2.0), + libc6 Multi-Arch: foreign Description: 定时器模块 - 开发库 diff --git a/debian/libkysdk-log.install b/debian/libkysdk-log.install index c1d9754..0e696dd 100644 --- a/debian/libkysdk-log.install +++ b/debian/libkysdk-log.install @@ -1,4 +1,4 @@ usr/lib/kysdk/kysdk-base/libkylog.so* src/log/kylog-default.conf etc/kysdk/kysdk-base src/log/kylog-rotate-default etc/kysdk/kysdk-base -src/log/logrotate.cron etc/kysdk/kysdk-base +#src/log/logrotate.cron etc/kysdk/kysdk-base diff --git a/src/log/core.c b/src/log/core.c index 477172d..60231b2 100644 --- a/src/log/core.c +++ b/src/log/core.c @@ -8,11 +8,21 @@ #include #include #include "dbus/dbus.h" +#include +#include +#include + +#define PATHSIZE 1024 KLogger* logger; const char* stringLevel[8] = {"EMERG", "ALERT", "CRIT", "ERROR", "WARNING", "NOTICE", "INFO", "DEBUG"}; const char* stringLType[LTENUMMAX] = {"user." , "local3." , "syslog."}; +static int verify_file(char *pFileName) +{ + return 1; +} + static int _call_method(const char *path) { DBusError err; @@ -112,13 +122,44 @@ static int _dir_exist(const char *dpath) static int _create_dir(const char *dpath) { #ifdef __linux__ - char *command = malloc(strlen(dpath) + 10); - if (!command) - return -1; - sprintf(command, "mkdir -p %s", dpath); - int ret = system(command); - free(command); - return ret; + // char *command = malloc(strlen(dpath) + 10); + // if (!command) + // return -1; + // sprintf(command, "mkdir -p %s", dpath); + // int ret = system(command); + // free(command); + // return ret; + pid_t pid=-1; + int status=-1; + char **env=NULL; + + pid = fork(); + if (pid == (pid_t) 0) + { + char* args[] = {"mkdir -p", dpath, NULL}; + /* Child side. */ + (void)execve("/usr/bin/mkdir", args, env); + _exit(127); + } + else if(pid<(pid_t)0) + { + /* The fork failed. */ + status = -1; + } + else + { + /* Parent side. */ + int n; + do + { + n = waitpid (pid, &status, 0); + } + while (n == -1 && errno == EINTR); + + if (n != pid) + status = -1; + } + return status; #else return 1; #endif @@ -243,12 +284,19 @@ int initKLogger(int cid) strcpy(logger->rootPath, dpath); else { + char canonical_filename[PATH_MAX] = "\0"; + memset(canonical_filename,0,PATH_MAX); char *hpath = getenv("HOME"); - if (!hpath || strcmp(hpath, "/root") == 0) + realpath(hpath, canonical_filename); + if(!verify_file(canonical_filename)) + { + return -1; + } + if (!canonical_filename || strcmp(canonical_filename, "/root") == 0) strcpy(logger->rootPath, "/var/log"); else { - strcpy(logger->rootPath, hpath); + strncpy(logger->rootPath, canonical_filename, PATHSIZE); strcat(logger->rootPath, "/.log"); if (!_dir_exist(logger->rootPath)) { @@ -273,7 +321,7 @@ int initKLogger(int cid) snprintf(logger->logfileName.commonlogfileName , KLOG_MAXPATHLEN , "%s.log" , logger->processName); } - klog_rotate_init(cid, logger->processName, logger->rootPath); + // klog_rotate_init(cid, logger->processName, logger->rootPath); } else //使用指定的specName作为日志名称 { @@ -298,7 +346,7 @@ int initKLogger(int cid) { snprintf(logger->logfileName.commonlogfileName , KLOG_MAXPATHLEN , "%s.log" , fName); } - klog_rotate_init(cid, logger->specName, logger->rootPath); + // klog_rotate_init(cid, logger->specName, logger->rootPath); } if (logger->levelBasedStorage) @@ -322,7 +370,14 @@ int initKLogger(int cid) { char logPath[(KLOG_MAXPATHLEN << 1) + 1]; snprintf(logPath, KLOG_MAXPATHLEN << 1, "%s/%s", logger->rootPath, logger->logfileName.commonlogfileName); - logger->fp.commonfp = fopen(logPath , "at"); + char canonical_filename[PATH_MAX] = "\0"; + memset(canonical_filename,0,PATH_MAX); + realpath(logPath, canonical_filename); + if(!verify_file(canonical_filename)) + { + return -1; + } + logger->fp.commonfp = fopen(canonical_filename , "at"); if (!logger->fp.commonfp) { printf("无法打开日志文件%s:%s\n" ,logPath, strerror(errno)); @@ -370,7 +425,14 @@ int setRootDir(const char *dpath) char logPath[KLOG_MAXPATHLEN * 2]; fclose(logger->fp.commonfp); sprintf(logPath, "%s/%s", logger->rootPath, logger->logfileName.commonlogfileName); - logger->fp.commonfp = fopen(logPath, "at"); + char canonical_filename[PATH_MAX] = "\0"; + memset(canonical_filename,0,PATH_MAX); + int ret = realpath(logPath, canonical_filename); + if(!verify_file(canonical_filename)) + { + return -1; + } + logger->fp.commonfp = fopen(canonical_filename, "at"); if (!logger->fp.commonfp) { printf("无法打开日志文件%s:%s\n", logPath, strerror(errno)); diff --git a/src/log/format.c b/src/log/format.c index 2190e8c..6011f1e 100644 --- a/src/log/format.c +++ b/src/log/format.c @@ -7,6 +7,11 @@ #include #include +#define FILENAMESIZE 512 +#define FUNCSIZE 128 +#define LINESIZE 10 +#define BUFFERSIZE 1398 //2048-512-128-10 + PrintFormat klog_printformat; extern const char* stringLevel[8]; @@ -117,7 +122,8 @@ int formatMessage(int lvl , const char *filename , const char *func , int linenu pos += 1; if (klog_printformat.vis_filename) { - memcpy(pos , filename , strlen(filename) * sizeof(char)); + size_t len = strlen(filename) * sizeof(char); + memcpy(pos , filename , FILENAMESIZE > len ? len : FILENAMESIZE); pos += strlen(filename); } if (klog_printformat.vis_funcline) @@ -127,19 +133,22 @@ int formatMessage(int lvl , const char *filename , const char *func , int linenu strcpy(pos , ":"); pos += 1; } - memcpy(pos , func , strlen(func) * sizeof(char)); + size_t len = strlen(func) * sizeof(char); + memcpy(pos , func , FUNCSIZE > len ? len : FUNCSIZE); pos += strlen(func); char line[10] = {0}; snprintf(line , 9 , "-%d" , linenum); - memcpy(pos , line , strlen(line) * sizeof(char)); + len = strlen(line) * sizeof(char); + memcpy(pos , line , LINESIZE > len ? len : LINESIZE); pos += strlen(line); } strcpy(pos , "] "); pos += 2; } - size_t remainMsgSize = KLOG_MAXMSGSIZE - strlen(buffer); + // size_t remainMsgSize = KLOG_MAXMSGSIZE - strlen(buffer); + // size_t remainMsgSize = KLOG_MAXMSGSIZE - ((pos - buffer) / sizeof(char)); size_t rawMsgSize = strlen(message) * sizeof(char); - memcpy(pos , message , rawMsgSize > remainMsgSize ? remainMsgSize : rawMsgSize); + memcpy(pos , message , BUFFERSIZE > rawMsgSize ? rawMsgSize : BUFFERSIZE); memcpy(result , buffer , resultSize * sizeof(char)); return 0; -} \ No newline at end of file +} diff --git a/src/log/klog_dump.c b/src/log/klog_dump.c index c5de4e5..593e027 100644 --- a/src/log/klog_dump.c +++ b/src/log/klog_dump.c @@ -5,6 +5,12 @@ #include #include #include +#include + +static int verify_file(char *pFileName) +{ + return !strncmp(pFileName, "/etc", strlen("/etc")); +} int klog_rotate_init(int cid, const char *name, const char *rootpath) { @@ -16,7 +22,14 @@ int klog_rotate_init(int cid, const char *name, const char *rootpath) char tmp[1025]; snprintf(tmp, 1024, "/etc/kysdk/kysdk-base/logrotate.d/%s", name); - FILE *fp = fopen(tmp, "wt+"); + char canonical_filename[PATH_MAX] = "\0"; + memset(canonical_filename,0,PATH_MAX); + realpath(tmp, canonical_filename); + if(!verify_file(canonical_filename)) + { + return -1; + } + FILE *fp = fopen(canonical_filename, "wt+"); if (!fp) return -1; diff --git a/src/log/writeFile.c b/src/log/writeFile.c index 9627e7a..f71144d 100644 --- a/src/log/writeFile.c +++ b/src/log/writeFile.c @@ -3,6 +3,12 @@ #include #include #include +#include + +static int verify_file(char *pFileName) +{ + return 1; +} int writeFile(int lvl , const char *message , unsigned int len) { @@ -47,7 +53,14 @@ int writeFile(int lvl , const char *message , unsigned int len) { if (!logger->fp.commonfp) { - logger->fp.commonfp = fopen(logger->logfileName.commonlogfileName , "at"); + char canonical_filename[PATH_MAX] = "\0"; + memset(canonical_filename,0,PATH_MAX); + realpath(logger->logfileName.commonlogfileName, canonical_filename); + if(!verify_file(canonical_filename)) + { + return errno; + } + logger->fp.commonfp = fopen(canonical_filename, "at"); if (!logger->fp.commonfp) { printf("无法打开日志文件:%s\n" , strerror(errno)); @@ -61,4 +74,4 @@ int writeFile(int lvl , const char *message , unsigned int len) } } return 0; -} \ No newline at end of file +} diff --git a/src/utils/kyutils.c b/src/utils/kyutils.c index 1db5aa5..5814b71 100644 --- a/src/utils/kyutils.c +++ b/src/utils/kyutils.c @@ -339,6 +339,24 @@ int kdkVolumeBaseNumericalConvert(double origin_numerical, KDKVolumeBaseType ori case KDK_EXABYTE: strcpy(unit, "EB"); break; + case KDK_KILO: + strcpy(unit, "K"); + break; + case KDK_MEGA: + strcpy(unit, "M"); + break; + case KDK_GIGA: + strcpy(unit, "G"); + break; + case KDK_TERA: + strcpy(unit, "T"); + break; + case KDK_PETA: + strcpy(unit, "P"); + break; + case KDK_EXA: + strcpy(unit, "E"); + break; default: strcpy(unit, "B"); break;