恢复diagnostics模块

2023-12-12 14:28:04 +08:00 · 2023-12-12 14:28:04 +08:00 · 411d360b8d
parent dd6669bb1b
commit 411d360b8d
8 changed files with 149 additions and 24 deletions
--- a/debian/changelog
+++ b/debian/changelog
@ -1,3 +1,12 @@
+libkysdk-base (2.2.0.0-0k0.4) yangtze; urgency=medium
+
+   * BUG号 : 无
+   * 需求号 : 无
+   * 其他修改 : 注释掉log模块的日志转储部分
+               解决安全扫描漏洞
+
+ -- szm-min <shaozhimin@kylinos.cn>  Thu, 19 Oct 2023 17:18:40 +0800
+
 libkysdk-base (2.2.0.0-0k0.3) yangtze; urgency=medium

   * BUG号 : 无
--- a/debian/control
+++ b/debian/control
@ -53,7 +53,8 @@ Architecture: all
 Section: utils
 Depends: libkysdk-utils-dev(>=1.2.0),
 		 libkysdk-timer(>=1.2.0),
-		 libkysdk-basecommon(>=1.2.0)
+		 libkysdk-basecommon(>=1.2.0),
+		 libc6
 Multi-Arch: foreign
 Description: 定时器模块 - 开发库

--- a/debian/libkysdk-log.install
+++ b/debian/libkysdk-log.install
@ -1,4 +1,4 @@
 usr/lib/kysdk/kysdk-base/libkylog.so*
 src/log/kylog-default.conf etc/kysdk/kysdk-base
 src/log/kylog-rotate-default etc/kysdk/kysdk-base
-src/log/logrotate.cron etc/kysdk/kysdk-base
+#src/log/logrotate.cron etc/kysdk/kysdk-base
--- a/src/log/core.c
+++ b/src/log/core.c
@ -8,11 +8,21 @@
 #include <stdlib.h>
 #include <stdio.h>
 #include "dbus/dbus.h"
+#include <sys/wait.h>
+#include <errno.h>
+#include <limits.h>
+
+#define PATHSIZE 1024

 KLogger* logger;
 const char* stringLevel[8] = {"EMERG", "ALERT", "CRIT", "ERROR", "WARNING", "NOTICE", "INFO", "DEBUG"};
 const char* stringLType[LTENUMMAX] = {"user." , "local3." , "syslog."};

+static int verify_file(char *pFileName)
+{
+    return 1;
+}
+
 static int _call_method(const char *path)
 {
 	DBusError err;
@ -112,13 +122,44 @@ static int _dir_exist(const char *dpath)
 static int _create_dir(const char *dpath)
 {
 #ifdef __linux__
-	char *command = malloc(strlen(dpath) + 10);
-	if (!command)
-		return -1;
-	sprintf(command, "mkdir -p %s", dpath);
-	int ret = system(command);
-	free(command);
-	return ret;
+	// char *command = malloc(strlen(dpath) + 10);
+	// if (!command)
+	// 	return -1;
+	// sprintf(command, "mkdir -p %s", dpath);
+	// int ret = system(command);
+	// free(command);
+	// return ret;
+	pid_t pid=-1;
+    int status=-1;
+    char **env=NULL;
+
+    pid = fork();
+    if (pid == (pid_t) 0)
+    {
+		char* args[] = {"mkdir -p", dpath, NULL};
+        /* Child side.  */
+        (void)execve("/usr/bin/mkdir", args, env);
+        _exit(127);       
+    }
+    else if(pid<(pid_t)0)
+    {
+        /* The fork failed.  */
+        status = -1;
+    } 
+    else
+    {
+        /* Parent side.  */
+        int n;
+        do
+        {
+            n = waitpid (pid, &status, 0);
+        }
+        while (n == -1 && errno == EINTR);
+
+        if (n != pid)
+            status = -1;	
+    }
+	return status;
 #else
 	return 1;
 #endif
@ -243,12 +284,19 @@ int initKLogger(int cid)
 			strcpy(logger->rootPath, dpath);
 		else
 		{
+			char canonical_filename[PATH_MAX] = "\0";
+			memset(canonical_filename,0,PATH_MAX);
 			char *hpath = getenv("HOME");
-			if (!hpath || strcmp(hpath, "/root") == 0)
+			realpath(hpath, canonical_filename);
+			if(!verify_file(canonical_filename))
+			{
+				return -1;
+			}
+			if (!canonical_filename || strcmp(canonical_filename, "/root") == 0)
 				strcpy(logger->rootPath, "/var/log");
 			else
 			{
-				strcpy(logger->rootPath, hpath);
+				strncpy(logger->rootPath, canonical_filename, PATHSIZE);
 				strcat(logger->rootPath, "/.log");
 				if (!_dir_exist(logger->rootPath))
 				{
@ -273,7 +321,7 @@ int initKLogger(int cid)
 				snprintf(logger->logfileName.commonlogfileName , KLOG_MAXPATHLEN , "%s.log" , logger->processName);
 			}

-			klog_rotate_init(cid, logger->processName, logger->rootPath);
+			// klog_rotate_init(cid, logger->processName, logger->rootPath);
 		}
 		else		//使用指定的specName作为日志名称
 		{
@ -298,7 +346,7 @@ int initKLogger(int cid)
 			{
 				snprintf(logger->logfileName.commonlogfileName , KLOG_MAXPATHLEN , "%s.log" , fName);
 			}
-			klog_rotate_init(cid, logger->specName, logger->rootPath);
+			// klog_rotate_init(cid, logger->specName, logger->rootPath);
 		}

 		if (logger->levelBasedStorage)
@ -322,7 +370,14 @@ int initKLogger(int cid)
 		{
 			char logPath[(KLOG_MAXPATHLEN << 1) + 1];
 			snprintf(logPath, KLOG_MAXPATHLEN << 1, "%s/%s", logger->rootPath, logger->logfileName.commonlogfileName);
-			logger->fp.commonfp	= fopen(logPath , "at");
+			char canonical_filename[PATH_MAX] = "\0";
+			memset(canonical_filename,0,PATH_MAX);
+			realpath(logPath, canonical_filename);
+			if(!verify_file(canonical_filename))
+			{
+				return -1;
+			}
+			logger->fp.commonfp	= fopen(canonical_filename , "at");
 			if (!logger->fp.commonfp)
 			{
 				printf("无法打开日志文件%s：%s\n" ,logPath, strerror(errno));
@ -370,7 +425,14 @@ int setRootDir(const char *dpath)
 		char logPath[KLOG_MAXPATHLEN * 2];
 		fclose(logger->fp.commonfp);
 		sprintf(logPath, "%s/%s", logger->rootPath, logger->logfileName.commonlogfileName);
-		logger->fp.commonfp = fopen(logPath, "at");
+		char canonical_filename[PATH_MAX] = "\0";
+		memset(canonical_filename,0,PATH_MAX);
+		int ret = realpath(logPath, canonical_filename);
+		if(!verify_file(canonical_filename))
+		{
+			return -1;
+		}
+		logger->fp.commonfp = fopen(canonical_filename, "at");
 		if (!logger->fp.commonfp)
 		{
 			printf("无法打开日志文件%s：%s\n", logPath, strerror(errno));
--- a/src/log/format.c
+++ b/src/log/format.c
@ -7,6 +7,11 @@
 #include <string.h>
 #include <pthread.h>

+#define FILENAMESIZE 512
+#define FUNCSIZE 128
+#define LINESIZE 10
+#define BUFFERSIZE 1398 //2048-512-128-10
+
 PrintFormat klog_printformat;

 extern const char* stringLevel[8];
@ -117,7 +122,8 @@ int	formatMessage(int lvl , const char *filename , const char *func , int linenu
 		pos	+= 1;
 		if (klog_printformat.vis_filename)
 		{
-			memcpy(pos , filename , strlen(filename) * sizeof(char));
+			size_t len = strlen(filename) * sizeof(char);
+			memcpy(pos , filename , FILENAMESIZE > len ? len : FILENAMESIZE);
 			pos	+= strlen(filename);
 		}
 		if (klog_printformat.vis_funcline)
@ -127,19 +133,22 @@ int	formatMessage(int lvl , const char *filename , const char *func , int linenu
 				strcpy(pos , ":");
 				pos	+= 1;
 			}
-			memcpy(pos , func , strlen(func) * sizeof(char));
+			size_t len = strlen(func) * sizeof(char);
+			memcpy(pos , func , FUNCSIZE > len ? len : FUNCSIZE);
 			pos	+= strlen(func);
 			char line[10]	= {0};
 			snprintf(line , 9 , "-%d" , linenum);
-			memcpy(pos , line , strlen(line) * sizeof(char));
+			len = strlen(line) * sizeof(char);
+			memcpy(pos , line , LINESIZE > len ? len : LINESIZE);
 			pos	+= strlen(line);
 		}
 		strcpy(pos , "] ");
 		pos	+= 2;
 	}
-	size_t remainMsgSize	= KLOG_MAXMSGSIZE - strlen(buffer);
+	// size_t remainMsgSize	= KLOG_MAXMSGSIZE - strlen(buffer);
+	// size_t remainMsgSize = KLOG_MAXMSGSIZE - ((pos - buffer) / sizeof(char));
 	size_t rawMsgSize	= strlen(message) * sizeof(char);
-	memcpy(pos , message , rawMsgSize > remainMsgSize ? remainMsgSize : rawMsgSize);
+	memcpy(pos , message , BUFFERSIZE > rawMsgSize ? rawMsgSize : BUFFERSIZE);
 	memcpy(result , buffer , resultSize * sizeof(char));
 	return 0;
 }
--- a/src/log/klog_dump.c
+++ b/src/log/klog_dump.c
@ -5,6 +5,12 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <limits.h>
+
+static int verify_file(char *pFileName)
+{
+    return !strncmp(pFileName, "/etc", strlen("/etc"));
+}

 int klog_rotate_init(int cid, const char *name, const char *rootpath)
 {
@ -16,7 +22,14 @@ int klog_rotate_init(int cid, const char *name, const char *rootpath)

 	char tmp[1025];
 	snprintf(tmp, 1024, "/etc/kysdk/kysdk-base/logrotate.d/%s", name);
-	FILE *fp = fopen(tmp, "wt+");
+	char canonical_filename[PATH_MAX] = "\0";
+	memset(canonical_filename,0,PATH_MAX);
+	realpath(tmp, canonical_filename);
+	if(!verify_file(canonical_filename))
+	{
+		return -1;
+	}
+	FILE *fp = fopen(canonical_filename, "wt+");
 	if (!fp)
 		return -1;
 	
--- a/src/log/writeFile.c
+++ b/src/log/writeFile.c
@ -3,6 +3,12 @@
 #include <errno.h>
 #include <string.h>
 #include <stdio.h>
+#include <limits.h>
+
+static int verify_file(char *pFileName)
+{
+    return 1;
+}

 int writeFile(int lvl , const char *message , unsigned int len)
 {
@ -47,7 +53,14 @@ int writeFile(int lvl , const char *message , unsigned int len)
 	{
 		if (!logger->fp.commonfp)
 		{
-			logger->fp.commonfp	= fopen(logger->logfileName.commonlogfileName , "at");
+			char canonical_filename[PATH_MAX] = "\0";
+			memset(canonical_filename,0,PATH_MAX);
+			realpath(logger->logfileName.commonlogfileName, canonical_filename);
+			if(!verify_file(canonical_filename))
+			{
+				return errno;
+			}
+			logger->fp.commonfp	= fopen(canonical_filename, "at");
 			if (!logger->fp.commonfp)
 			{
 				printf("无法打开日志文件：%s\n" , strerror(errno));
--- a/src/utils/kyutils.c
+++ b/src/utils/kyutils.c
@ -339,6 +339,24 @@ int kdkVolumeBaseNumericalConvert(double origin_numerical, KDKVolumeBaseType ori
 	case KDK_EXABYTE:
 		strcpy(unit, "EB");
 		break;
+	case KDK_KILO:
+		strcpy(unit, "K");
+		break;
+	case KDK_MEGA:
+		strcpy(unit, "M");
+		break;
+	case KDK_GIGA:
+		strcpy(unit, "G");
+		break;
+	case KDK_TERA:
+		strcpy(unit, "T");
+		break;
+	case KDK_PETA:
+		strcpy(unit, "P");
+		break;
+	case KDK_EXA:
+		strcpy(unit, "E");
+		break;
 	default:
 		strcpy(unit, "B");
 		break;