fix potential uncontrolled format strings

indigo-dc · Nov 23, 2021 · 0bdf37f · 0bdf37f
1 parent 7b40d67
commit 0bdf37f
Show file tree

Hide file tree

Showing 6 changed files with 31 additions and 22 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -12,6 +12,12 @@
 <!-- ### Dependencies -->
 <!--  -->
 
+## oidc-agent 4.2.4
+
+### Bugfixes:
+
+- Fixed potential uncontrolled format string
+
 ## oidc-agent 4.2.3
 
 ### Bugfixes:

diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-4.2.3
+4.2.4
diff --git a/debian/changelog b/debian/changelog
@@ -1,4 +1,4 @@
-oidc-agent (4.2.3-1) unstable; urgency=medium
+oidc-agent (4.2.4-1) unstable; urgency=medium
 
   * Initial package for Debian. (Closes: #980462)
 

diff --git a/rpm/oidc-agent.spec b/rpm/oidc-agent.spec
@@ -1,5 +1,5 @@
 Name: oidc-agent
-Version: 4.2.3
+Version: 4.2.4
 Release: 1%{?dist}
 
 Summary: Command-line tool for obtaining OpenID Connect access tokens

diff --git a/src/account/issuer_helper.c b/src/account/issuer_helper.c
@@ -200,7 +200,7 @@ list_t* getSuggestableIssuers() {
         *space = '\0';
       }
       if (findInList(issuers, elem) == NULL) {
-        list_rpush(issuers, list_node_new(oidc_sprintf(elem)));
+        list_rpush(issuers, list_node_new(oidc_strcopy(elem)));
       }
       elem = strtok(NULL, "\n");
     }
@@ -216,7 +216,7 @@ list_t* getSuggestableIssuers() {
         *space = '\0';
       }
       if (findInList(issuers, elem) == NULL) {
-        list_rpush(issuers, list_node_new(oidc_sprintf(elem)));
+        list_rpush(issuers, list_node_new(oidc_strcopy(elem)));
       }
       elem = strtok(NULL, "\n");
     }

diff --git a/src/oidc-agent/oidcp/oidcp.c b/src/oidc-agent/oidcp/oidcp.c
@@ -248,7 +248,7 @@ int _waitForCodeExchangeRequest(time_t expiration, const char* expected_state,
                 connectionDB_getSize());
       continue;
     }
-    char* forwarded_res = ipc_communicateThroughPipe(pipes, client_req);
+    char* forwarded_res = ipc_communicateThroughPipe(pipes, "%s", client_req);
     secFree(client_req);
     if (forwarded_res == NULL) {
       if (oidc_errno == OIDC_EIPCDIS || oidc_errno == OIDC_EWRITE) {
@@ -264,7 +264,7 @@ int _waitForCodeExchangeRequest(time_t expiration, const char* expected_state,
                 connectionDB_getSize());
       continue;
     }
-    server_ipc_write(*(con->msgsock), forwarded_res);
+    server_ipc_write(*(con->msgsock), "%s", forwarded_res);
     secFree(forwarded_res);
     char* state = extractParameterValueFromUri(_uri, "state");
     if (strequal(expected_state, state)) {
@@ -291,7 +291,8 @@ void doReauthenticate(struct ipcPipe pipes, int sock,
   logger(DEBUG, "Doing automatic reauthentication");
   char* shortname = _extractShortnameFromReauthenticateInfo(info);
   if (shortname == NULL) {
-    server_ipc_write(sock, oidcd_res);  // Forward oidcd response to client
+    server_ipc_write(sock, "%s",
+                     oidcd_res);  // Forward oidcd response to client
     return;
   }
   logger(DEBUG, "Extracted shortname '%s'", shortname);
@@ -300,7 +301,7 @@ void doReauthenticate(struct ipcPipe pipes, int sock,
   SHUTDOWN_IF_D_DIED(reauth_res);
   INIT_KEY_VALUE(IPC_KEY_DEVICE, IPC_KEY_URI, OIDC_KEY_STATE);
   if (CALL_GETJSONVALUES(reauth_res) < 0) {
-    server_ipc_write(sock, oidcd_res);
+    server_ipc_write(sock, "%s", oidcd_res);
     secFree(reauth_res);
     SEC_FREE_KEY_VALUES();
     return;
@@ -311,7 +312,7 @@ void doReauthenticate(struct ipcPipe pipes, int sock,
     agent_displayAuthCodeURL(_url, shortname);
     time_t timeout = time(NULL) + AGENT_PROMPT_TIMEOUT;
     if (_waitForCodeExchangeRequest(timeout, _state, pipes)) {
-      server_ipc_write(sock, oidcd_res);
+      server_ipc_write(sock, "%s", oidcd_res);
       SEC_FREE_KEY_VALUES();
       return;
     }
@@ -321,31 +322,32 @@ void doReauthenticate(struct ipcPipe pipes, int sock,
     SHUTDOWN_IF_D_DIED(lookup_res);
     char* config = parseStateLookupRes(lookup_res);
     if (config == NULL) {
-      server_ipc_write(sock, oidcd_res);
+      server_ipc_write(sock, "%s", oidcd_res);
       SEC_FREE_KEY_VALUES();
       secFree(shortname);
       return;
     }
     SEC_FREE_KEY_VALUES();
     if (writeOIDCFile(config, shortname) != OIDC_SUCCESS) {
-      server_ipc_write(sock, oidcd_res);
+      server_ipc_write(sock, "%s", oidcd_res);
       secFree(config);
       secFree(shortname);
       return;
     }
     secFree(shortname);
     secFree(config);
 
-    char* final_res = ipc_communicateThroughPipe(pipes, original_client_req);
-    server_ipc_write(sock, final_res);
+    char* final_res =
+        ipc_communicateThroughPipe(pipes, "%s", original_client_req);
+    server_ipc_write(sock, "%s", final_res);
     secFree(final_res);
     return;
   }
   if (_device) {
     struct oidc_device_code* dc = getDeviceCodeFromJSON(_device);
     if (dc == NULL) {
       SEC_FREE_KEY_VALUES();
-      server_ipc_write(sock, oidcd_res);
+      server_ipc_write(sock, "%s", oidcd_res);
       secFree(shortname);
       return;
     }
@@ -358,26 +360,27 @@ void doReauthenticate(struct ipcPipe pipes, int sock,
         0, &pipes);
     SEC_FREE_KEY_VALUES();
     if (config == NULL) {
-      server_ipc_write(sock, oidcd_res);
+      server_ipc_write(sock, "%s", oidcd_res);
       secFree(shortname);
       return;
     }
     if (writeOIDCFile(config, shortname) != OIDC_SUCCESS) {
-      server_ipc_write(sock, oidcd_res);
+      server_ipc_write(sock, "%s", oidcd_res);
       secFree(config);
       secFree(shortname);
       return;
     }
     secFree(config);
     secFree(shortname);
 
-    char* final_res = ipc_communicateThroughPipe(pipes, original_client_req);
-    server_ipc_write(sock, final_res);
+    char* final_res =
+        ipc_communicateThroughPipe(pipes, "%s", original_client_req);
+    server_ipc_write(sock, "%s", final_res);
     secFree(final_res);
     return;
   }
   SEC_FREE_KEY_VALUES();
-  server_ipc_write(sock, oidcd_res);
+  server_ipc_write(sock, "%s", oidcd_res);
   secFree(shortname);
   return;
 }
@@ -390,7 +393,7 @@ void handleOidcdComm(struct ipcPipe pipes, int sock, const char* msg,
                  IPC_KEY_INFO);
   while (1) {
     // RESET_KEY_VALUE_VALUES_TO_NULL();
-    char* oidcd_res = ipc_communicateThroughPipe(pipes, send);
+    char* oidcd_res = ipc_communicateThroughPipe(pipes, "%s", send);
     secFree(send);
     SHUTDOWN_IF_D_DIED(oidcd_res);
     // check response, it might be an internal request
@@ -415,7 +418,7 @@ void handleOidcdComm(struct ipcPipe pipes, int sock, const char* msg,
         secFree(oidcd_res);
         return;
       }
-      server_ipc_write(sock,
+      server_ipc_write(sock, "%s",
                        oidcd_res);  // Forward oidcd response to client
       secFree(oidcd_res);
       SEC_FREE_KEY_VALUES();