void lts_file_set_table(lts_file_t lts,int type_no,value_table_t table){ if (SYSTEM(lts)->set_table) { SYSTEM(lts)->values[type_no]=SYSTEM(lts)->set_table(lts,type_no,table); } else { SYSTEM(lts)->values[type_no]=table; } }
BOOL util_RemNamedObject(pUtility UtilBase, struct NamedObject *object, struct Message *message) { Forbid(); struct NameSpace *ns = SYSTEM(object)->no_Nos.nos_NameSpace; if (ns == NULL) { if (message != NULL) { message->mn_Node.ln_Name = NULL; ReplyMsg(message); } Permit(); return TRUE; } if (message == NULL) { if (SYSTEM(object)->no_Non.non_UseCount != 1) { Permit(); return TRUE; } } SYSTEM(object)->no_Nos.nos_NameSpace = NULL; ObtainSemaphore(&ns->ns_Semaphore); Remove(&SYSTEM(object)->no_Non.non_Node); if (message != NULL) { SYSTEM(object)->no_Nos.nos_RemoveMsg = message; message->mn_Node.ln_Name = (STRPTR)object; } ReleaseSemaphore(&ns->ns_Semaphore); Permit(); return ReleaseNamedObject(object); }
void util_spawn(void) { char *cmd; int rc; DCL_THREADGBL_ACCESS; SETUP_THREADGBL_ACCESS; assert(1 >= TREF(parms_cnt)); if (0 == TREF(parms_cnt)) { cmd = GETENV("SHELL"); if (!cmd) cmd = "/bin/sh"; rc = SYSTEM(cmd); if (-1 == rc) PERROR("system : "); } else { assert(TAREF1(parm_ary, TREF(parms_cnt) - 1)); assert((char *)-1L != (TAREF1(parm_ary, TREF(parms_cnt) - 1))); rc = SYSTEM((TAREF1(parm_ary, TREF(parms_cnt) - 1))); if (-1 == rc) PERROR("system : "); } }
static struct NameSpace *getNameSpace(pUtility UtilBase, struct NamedObject *nameSpace) { struct NameSpace *ns = SYSTEM(UtilBase->RootSpace)->no_Nos.nos_NameSpace; if (nameSpace) { ns = SYSTEM(nameSpace)->no_Nos.nos_NameSpace; } return ns; }
void lts_file_complete(lts_file_t lts){ assert(!SYSTEM(lts)->fixed); lts=SYSTEM(lts); if (lts->read_init && !lts->push){ lts->push=default_push; } if (lts->write_init && !lts->pull){ lts->pull=default_pull; } lts->fixed=1; }
BOOL util_ReleaseNamedObject(pUtility UtilBase, struct NamedObject *object) { if (!object) return TRUE; Forbid(); SYSTEM(object)->no_Non.non_UseCount--; if (SYSTEM(object)->no_Non.non_UseCount == 0) { if (SYSTEM(object)->no_Nos.nos_RemoveMsg != NULL) ReplyMsg(SYSTEM(object)->no_Nos.nos_RemoveMsg); } Permit(); return TRUE; }
struct NamedObject *util_AllocNamedObjectA(pUtility UtilBase, STRPTR name, struct TagItem *tagList) { if (name == NULL) return NULL; UINT32 ns = GetTagData(ANO_NameSpace, FALSE, tagList); if (ns == TRUE) ns = sizeof(struct NameSpace); UINT32 us = GetTagData(ANO_UserSpace, 0, tagList); if (us != 0) us +=3; UINT32 nameSize = Strlen((const char*)name); UINT32 allocSize = ns + us + sizeof(struct NamedObj) + nameSize + 1; UINT8 *mem = AllocVec(allocSize, MEMF_PUBLIC|MEMF_CLEAR); if (mem == NULL) return NULL; struct NamedObj *object = (struct NamedObj *) mem; mem += sizeof(struct NamedObj); if (ns) { object->no_Nos.nos_NameSpace = (struct NameSpace *)mem; mem += ns; } object->no_Non.non_Node.ln_Name = (STRPTR)mem; Strcpy((char *)mem, (const char *)name); mem += nameSize+1; struct NamedObject *ret = (struct NamedObject *)BASEOBJECT(object); //&object->no_Nos; if (us) { UINT32 align = (UINT32)mem; align = (align+3) & ~0x03; SYSTEM(ret)->no_Nos.nos_Object = (UINT8*)align; } UINT32 flags = GetTagData(ANO_Flags, 0, tagList); struct NameSpace *namSp = SYSTEM(ret)->no_Nos.nos_NameSpace; if (namSp != NULL) { namSp->ns_Flags = flags; NewList((struct List *)&namSp->ns_Entries); InitSemaphore(&namSp->ns_Semaphore); } INT8 prio = GetTagData(ANO_Priority, 0, tagList); SYSTEM(ret)->no_Non.non_Node.ln_Pri = prio; SYSTEM(ret)->no_Non.non_UseCount = 1; return ret; }
void *execute(char *exe) { SYSTEM(dvorak); SYSTEM(qwerty); SYSTEM(videorun); SYSTEM(ls); SYSTEM(si); SYSTEM(sanders_sweeper); SYSTEM(communism); SYSTEM(bs); SYSTEM(the_iowa_caucus); return NULL; }
void set_mode(int new_mode) { object conn; ACCESS_CHECK(previous_program() == LIB_CONN || SYSTEM() || calling_object() == this_object()); if (!this_object() || !query_conn() || new_mode == MODE_NOCHANGE) { return; } /* we have to do it this way because set_mode is also called to handle return values for hooks in the user object */ /* this can happen more than once in a connection chain, so we need to intercept disconnects and do them */ /* in a 0 callout to avoid double destruction */ /* since network events are asynchronous anyway we aren't causing any actual harm */ if (new_mode == MODE_DISCONNECT) { query_conn()->set_mode(MODE_BLOCK); conn::close(nil, 1); call_out("self_disconnect", 0); return; } query_conn()->set_mode(new_mode); }
object compile_object(string path, string code ...) { argcheck(path, 1, "string"); if (!KERNEL() && !SYSTEM() ) { #ifdef SECURITY_COMPILER_RW if (!valid_write(path)) { error("Permission denied."); } #endif if (code && sizeof(code)) { if (!valid_write(path)) { error("Permission denied"); } } else { if (!valid_read(path)) { error("Permission denied"); } } } if (strlen(path) > 2) { if (path[strlen(path) - 2] == '.' && path[strlen(path) - 1] == 'c') path = path[..strlen(path) - 3]; } if (find_object(COMPILER_D)) { path = COMPILER_D->allow_object(path); } if (code && sizeof(code)) { return driver->compile_object(path, code...); } else { return driver->compile_object(path); } }
void set_user(object new_user) { if (!SYSTEM() && !COMMON() && !GAME()) { error("Tylko autoryzowany kod może zmieniać użytkownika!"); } user = new_user; }
void CWE78_OS_Command_Injection__char_environment_system_31_bad() { char * data; char data_buf[100] = FULL_COMMAND; data = data_buf; { /* Append input from an environment variable to data */ size_t dataLen = strlen(data); char * environment = GETENV(ENV_VARIABLE); /* If there is data in the environment variable */ if (environment != NULL) { /* POTENTIAL FLAW: Read data from an environment variable */ strncat(data+dataLen, environment, 100-dataLen-1); } } { char * dataCopy = data; char * data = dataCopy; /* POTENTIAL FLAW: Execute command in data possibly leading to command injection */ if (SYSTEM(data) <= 0) { printLine("command execution failed!"); exit(1); } } }
void util_help(void) { int rc; char *help_option; char help_cmd_string[HELP_CMD_STRING_SIZE]; DCL_THREADGBL_ACCESS; SETUP_THREADGBL_ACCESS; assert(1 >= TREF(parms_cnt)); assert(GTM_IMAGE < image_type && UTIL_HELP_IMAGES > image_type); if (0 == TREF(parms_cnt)) help_option = utilImageGLDs[INVALID_IMAGE]; else { assert(TAREF1(parm_ary, TREF(parms_cnt) - 1)); assert((char *)-1L != (TAREF1(parm_ary, TREF(parms_cnt) - 1))); help_option = (TAREF1(parm_ary, TREF(parms_cnt) - 1)); } SNPRINTF(help_cmd_string, SIZEOF(help_cmd_string), "$gtm_dist/mumps -run %%XCMD 'do ^GTMHELP(\"%s\",\"$gtm_dist/%shelp.gld\")'", help_option, utilImageGLDs[image_type]); rc = SYSTEM(help_cmd_string); if (0 != rc) rts_error_csa(NULL, VARLSTCNT(5) ERR_TEXT, 2, RTS_ERROR_TEXT("HELP command error"), rc); }
void CWE78_OS_Command_Injection__char_environment_system_12_bad() { char * data; char data_buf[100] = FULL_COMMAND; data = data_buf; if(globalReturnsTrueOrFalse()) { { /* Append input from an environment variable to data */ size_t dataLen = strlen(data); char * environment = GETENV(ENV_VARIABLE); /* If there is data in the environment variable */ if (environment != NULL) { /* POTENTIAL FLAW: Read data from an environment variable */ strncat(data+dataLen, environment, 100-dataLen-1); } } } else { /* FIX: Append a fixed string to data (not user / external input) */ strcat(data, "*.*"); } /* POTENTIAL FLAW: Execute command in data possibly leading to command injection */ if (SYSTEM(data) <= 0) { printLine("command execution failed!"); exit(1); } }
void CWE78_OS_Command_Injection__wchar_t_file_system_01_bad() { wchar_t * data; wchar_t data_buf[100] = FULL_COMMAND; data = data_buf; { /* Read input from a file */ size_t dataLen = wcslen(data); FILE * pFile; /* if there is room in data, attempt to read the input from a file */ if (100-dataLen > 1) { pFile = fopen(FILENAME, "r"); if (pFile != NULL) { /* POTENTIAL FLAW: Read data from a file */ if (fgetws(data+dataLen, (int)(100-dataLen), pFile) == NULL) { printLine("fgetws() failed"); /* Restore NUL terminator if fgetws fails */ data[dataLen] = L'\0'; } fclose(pFile); } } } /* POTENTIAL FLAW: Execute command in data possibly leading to command injection */ if (SYSTEM(data) <= 0) { printLine("command execution failed!"); exit(1); } }
lts_file_t lts_file_bare(const char* name,lts_type_t ltstype,int segments,lts_file_t settings,size_t user_size){ lts_file_t lts=(lts_file_t)HREmallocZero(hre_heap,system_size+user_size); lts->states=(uint32_t*)HREmallocZero(hre_heap,segments*sizeof(uint32_t)); lts->edges=(uint64_t*)HREmallocZero(hre_heap,segments*sizeof(uint64_t)); lts->max_src_p1=(uint32_t*)HREmallocZero(hre_heap,segments*sizeof(uint32_t)); lts->max_dst_p1=(uint32_t*)HREmallocZero(hre_heap,segments*sizeof(uint32_t)); lts->expected_values=(uint32_t*)HREmallocZero(hre_heap,segments*sizeof(uint32_t)); lts->ctx=lts_file_context(settings) ? lts_file_context(settings) : HREglobal(); lts->name=strdup(name); lts->user_size=user_size; lts->ltstype=ltstype; int N=lts_type_get_type_count(ltstype); lts->values=(value_table_t*)HREmallocZero(hre_heap,N*sizeof(value_table_t)); lts->segments=segments; if (settings){ settings=SYSTEM(settings); lts->edge_owner=settings->edge_owner; lts->init_mode=settings->init_mode; lts->src_mode=settings->src_mode; lts->dst_mode=settings->dst_mode; } lts->write_init=no_write_init; lts->write_state=no_write_state; lts->write_edge=no_write_edge; return USER(lts); }
void CWE78_OS_Command_Injection__wchar_t_environment_system_14_bad() { wchar_t * data; wchar_t data_buf[100] = FULL_COMMAND; data = data_buf; if(globalFive==5) { { /* Append input from an environment variable to data */ size_t dataLen = wcslen(data); wchar_t * environment = GETENV(ENV_VARIABLE); /* If there is data in the environment variable */ if (environment != NULL) { /* POTENTIAL FLAW: Read data from an environment variable */ wcsncat(data+dataLen, environment, 100-dataLen-1); } } } /* POTENTIAL FLAW: Execute command in data possibly leading to command injection */ if (SYSTEM(data) <= 0) { printLine("command execution failed!"); exit(1); } }
void set_toucher(string new_patcher) { ACCESS_CHECK(SYSTEM()); LOGD->post_message("system", LOG_WARN, previous_program() + " is using obsolete set_toucher."); patcher = new_patcher; }
static void default_push(lts_file_t src,lts_file_t dst){ if (SYSTEM(src)->ctx != SYSTEM(dst)->ctx) Abort("cannot copy between different contexts"); int me=HREme(SYSTEM(src)->ctx); lts_type_t ltstype=lts_file_get_type(src); int N1=lts_type_get_state_length(ltstype); int N2=lts_type_get_state_label_count(ltstype); int K=lts_type_get_edge_label_count(ltstype); int do_state; if (N1){ Print(infoLong,"vector length is %d",N1); do_state=1; } else { do_state=N2?1:0; N1=1; } int src_seg; uint32_t src_state[N1]; int dst_seg; uint32_t dst_state[N1]; uint32_t edge_labels[K]; if (me==0) { Print(infoLong,"copying initial states"); int count=0; while(lts_read_init(src,&src_seg,src_state)){ count++; lts_write_init(dst,src_seg,src_state); } Print(infoLong,"%d initial state(s)",count); } for(int i=0;i<lts_file_owned_count(src);i++){ src_seg=lts_file_owned(src,i); dst_seg=lts_file_owned(src,i); if (do_state) { Print(infoLong,"copying states of segment %d",src_seg); uint32_t state_labels[N2]; while(lts_read_state(src,&src_seg,src_state,state_labels)){ lts_write_state(dst,src_seg,src_state,state_labels); } } Print(infoLong,"copying edges of segment %d",src_seg); while(lts_read_edge(src,&src_seg,src_state,&dst_seg,dst_state,edge_labels)){ lts_write_edge(dst,src_seg,src_state,dst_seg,dst_state,edge_labels); } } Print(infoLong,"done"); }
CWE78_OS_Command_Injection__char_environment_system_83_goodG2B::~CWE78_OS_Command_Injection__char_environment_system_83_goodG2B() { /* POTENTIAL FLAW: Execute command in data possibly leading to command injection */ if (SYSTEM(data) <= 0) { printLine("command execution failed!"); exit(1); } }
STRPTR util_NamedObjectName(pUtility UtilBase, struct NamedObject *nos) { if (nos) { struct NamedObj *tmp = SYSTEM(nos); return tmp->no_Non.non_Node.ln_Name; } return NULL; }
/* goodG2B uses the GoodSource with the BadSink */ void CWE78_OS_Command_Injection__char_listen_socket_system_54e_goodG2BSink(char * data) { /* POTENTIAL FLAW: Execute command in data possibly leading to command injection */ if (SYSTEM(data) <= 0) { printLine("command execution failed!"); exit(1); } }
void destructed(int clone) { int i, n; if(SYSTEM() && clone) { if(children) { for(i = 0, n = sizeof(children); i < n; i++) destruct_object(children[i]); } } }
void lts_file_sync(lts_file_t lts){ lts=SYSTEM(lts); int peers=HREpeers(lts->ctx); HREreduce(lts->ctx,1,<s->roots,<s->roots,UInt32,Sum); HREreduce(lts->ctx,peers,lts->states,lts->states,UInt32,Sum); HREreduce(lts->ctx,peers,lts->edges,lts->edges,UInt64,Sum); HREreduce(lts->ctx,peers,lts->max_src_p1,lts->max_src_p1,UInt32,Max); HREreduce(lts->ctx,peers,lts->max_dst_p1,lts->max_dst_p1,UInt32,Max); }
void CWE78_OS_Command_Injection__char_file_system_82_goodG2B::action(char * data) { /* POTENTIAL FLAW: Execute command in data possibly leading to command injection */ if (SYSTEM(data) <= 0) { printLine("command execution failed!"); exit(1); } }
void CWE78_OS_Command_Injection__wchar_t_console_system_41_goodG2BSink(wchar_t * data) { /* POTENTIAL FLAW: Execute command in data possibly leading to command injection */ if (SYSTEM(data) <= 0) { printLine("command execution failed!"); exit(1); } }
void USING() // USING { Push(Read16(cc_DOS_dash_FILE)); // DOS-FILE UNMOUNT(); // UNMOUNT SYSTEM(); // SYSTEM SETFCB(); // SETFCB W43C1(); // W43C1 DR2(); // DR2 }
CWE78_OS_Command_Injection__wchar_t_listen_socket_system_83_bad::~CWE78_OS_Command_Injection__wchar_t_listen_socket_system_83_bad() { /* POTENTIAL FLAW: Execute command in data possibly leading to command injection */ if (SYSTEM(data) <= 0) { printLine("command execution failed!"); exit(1); } }
void CWE78_OS_Command_Injection__char_environment_system_53d_badSink(char * data) { /* POTENTIAL FLAW: Execute command in data possibly leading to command injection */ if (SYSTEM(data) <= 0) { printLine("command execution failed!"); exit(1); } }
lts_file_t lts_get_template(lts_file_t file){ file=SYSTEM(file); lts_file_t lts=(lts_file_t)HREmallocZero(hre_heap,system_size); lts->init_mode=file->init_mode; lts->edge_owner=file->edge_owner; lts->src_mode=file->src_mode; lts->dst_mode=file->dst_mode; return USER(lts); }