static void
nslookupComplain(const char *sysloginfo,
const char *net_queryname,
const char *complaint,
const char *net_dname,
const struct databuf *a_rr,
const struct databuf *nsdp)
{
char queryname[INSZ+1], dname[INSZ+1];
const char *a, *ns;
const char *a_type;
int print_a;
strncpy(queryname, net_queryname, sizeof queryname);
queryname[(sizeof queryname) - 1] = EOS;
strncpy(dname, net_dname, sizeof dname);
dname[(sizeof dname) - 1] = EOS;
if (sysloginfo && queryname && !haveComplained(queryname, complaint))
{
char buf[BUFSZ];
a = ns = (char *)NULL;
print_a = (a_rr->d_type == T_A);
a_type = p_type(a_rr->d_type);
if ( a != NULL || ns != NULL) {
/* BAD */
r_strcpy (buf, sysloginfo);
} else {
/* BAD */
r_strcpy (buf, sysloginfo);
}
}
}
char *realpath(char const *pathname , char *result , char *chroot_path )
{ char curpath[256] ;
char workpath[256] ;
char linkpath[256] ;
char namebuf[256] ;
char *where ;
int len ;
int tmp ;
char *__retres ;
{where = curpath;
tmp = nondet_int();
if (tmp == 1) {len = readlink((char const *)(namebuf), linkpath, 256);
if (len <= 0) {__retres = (char *)((void *)0);
goto return_label;}
/* STAC: BAD */
linkpath[len] = (char)0;
if ((int )linkpath[0] == '/') {workpath[0] = (char)0;}
if ((int )*(where + 0) != 0) {r_strcat(linkpath, "/");
r_strcat(linkpath, where);}
/* STAC: BAD */
r_strcpy(curpath, linkpath);}
__retres = result;
return_label: /* CIL Label */
return (__retres);}
}
int fetchsms (char *pdu, int sim)
{
char answer[ANSWERSIZE];
int position;
int beginning;
int end;
int foo,err;
/* Added for STAC: the input data must be considered tainted! */
answer[0] = taint();
/* Input magically appears */
answer[ANSWERSIZE-1] = EOS;
/* Search for NEEDLE and skip it */
position=istrstr(answer,NEEDLE);
if (position==-1)
return 0;
beginning = position + NEEDLE_SZ + 1;
/* BAD */
r_strcpy(pdu,answer+beginning);
return sim;
}
int fetchsms(char *pdu , int sim )
{ char answer[(2 + 2 * 256) + 2] ;
int position ;
int beginning ;
int end ;
int __retres ;
{answer[0] = (char )taint();
answer[((2 + 2 * 256) + 2) - 1] = (char)0;
position = istrstr(answer, "+C");
if (position == -1) {__retres = 0;
goto return_label;}
beginning = (position + 2) + 1;
end = beginning;
while (1) {if ((int )answer[end] != 0)
{if (! ((int )answer[end] != '\r')) {break;}
}
else {break;}
end ++;}
if ((int )answer[end] == 0) {__retres = 0;
goto return_label;}
else {if (end - beginning < 256) {__retres = 0;
goto return_label;}
}
end ++;
while (1) {if ((int )answer[end] != 0)
{if (! ((int )answer[end] != '\r')) {break;}
}
else {break;}
end ++;}
if ((int )answer[end] == 0) {__retres = 0;
goto return_label;}
else {if (end - beginning < 256) {__retres = 0;
goto return_label;}
}
/* STAC: BAD */
answer[end] = (char)0;
/* STAC: BAD */
r_strcpy(pdu, answer + beginning);
__retres = sim;
return_label: /* CIL Label */
return (__retres);}
}
int main ()
{
struct sockaddr_un serv_adr;
char filename [FILENAME_SZ];
/* server filename */
filename[FILENAME_SZ-1] = EOS;
/* initialize the server address structure */
/* BAD */
r_strcpy (serv_adr.sun_path, filename);
return 0;
}
int parse_expression (char *str) {
char *except;
char str2 [LINE_LENGTH+1];
except = strstr(str, NEEDLE);
if (except) {
strncpy (str2, str, (unsigned int)(except-str));
} else {
/* OK */
r_strcpy (str2, str);
}
return 0;
}
int parse_expression (char *str) {
char *except;
char str2 [LINE_LENGTH];
except = strstr(str, NEEDLE);
if (except) {
// SAFE: the needle is not copied
strncpy (str2, str, (unsigned int)(except-str));
} else {
// UNSAFE: can copy up to LINE_LENGTH+1 characters
/* BAD */
r_strcpy (str2, str);
}
return 0;
}
void ftpls(char *line )
{ int j ;
int tmp ;
char user[256] ;
{j = 0;
while ((int )*(line + j) != 0) {tmp = strchr("-", *(line + j));
if (! tmp) {break;}
j ++;}
if (j == 2) {if ((int )*(line + j) == ' ') {/* STAC: BAD */
r_strcpy(user, line + j);}
}
return;}
}
char *
realpath(const char *pathname, char *result, char* chroot_path)
{
char curpath[MAXPATHLEN];
if (result == NULL)
return(NULL);
if(pathname == NULL){
*result = EOS;
return(NULL);
}
/* BAD */
r_strcpy(curpath, pathname);
return result;
}
int fetchsms (char *pdu, int sim)
{
char answer[ANSWERSIZE];
int position;
int beginning;
int end;
int foo,err;
/* Added for STAC: the input data must be considered tainted! */
answer[0] = taint();
/* Input magically appears */
answer[ANSWERSIZE-1] = EOS;
/* Search for NEEDLE and skip it */
position=istrstr(answer,NEEDLE);
if (position==-1)
return 0;
beginning = position + NEEDLE_SZ + 1;
/* Answer must contain NEEDLE2; we don't need to skip it. */
if (istrstr(answer, NEEDLE2) == -1)
return 0;
/* Find (something)\r(something)\r, where each (something) is at
* least MIN_DIFF characters
*
* If we don't find anything satisfying that, abort
*/
for( end=beginning ; answer[end] != EOS && answer[end] != '\r' ; end++ );
if ( answer[end] == EOS || end-beginning < MIN_DIFF)
return 0;
for( end=end+1 ; answer[end] != EOS && answer[end] !='\r' ; end++ );
if ( answer[end] == EOS || end-beginning < MIN_DIFF )
return 0;
/* Change the last '\r' to an EOS */
answer[end] = EOS;
/* BAD */
r_strcpy(pdu,answer+beginning);
return sim;
}
void ftpls (char *line)
{
int j;
/* Stop at either:
* (1) first char before EOS which isn't in "-rwxdls", or,
* (2) first EOS
*/
for(j = 0; line[j] != EOS; ++j)
if (!strchr("-", line[j]))
break;
if(j == J && line[j] == ' ') { /* long list */
/* BUG! No bounds check. */
char user[USERSZ];
/* BAD */
r_strcpy (user, line + j);
}
}
int
main (void)
{
// these were parameters
char login[LOGIN + 1];
char gecos[GECOS + 1];
char buf[BUF + 1];
char c;
int i, j;
login[(int) (sizeof login - 1)] = EOS;
gecos[(int) (sizeof gecos - 1)] = EOS;
j = 0;
/* BAD */
(void) r_strcpy (buf + j, login);
return 0;
}
int fetchsms(char *pdu , int sim )
{ char answer[(2 + 2 * 256) + 2] ;
int position ;
int beginning ;
int __retres ;
{answer[0] = (char )taint();
answer[((2 + 2 * 256) + 2) - 1] = (char)0;
position = istrstr(answer, "+C");
if (position == -1) {__retres = 0;
goto return_label;}
beginning = (position + 2) + 1;
/* STAC: BAD */
r_strcpy(pdu, answer + beginning);
__retres = sim;
return_label: /* CIL Label */
return (__retres);}
}
/*==============================================================================
函数: <UpLoadFile>
功能: <xh_Func:>
参数:
Created By 徐崇 2012.10.16 16:24:27 For Ftp
==============================================================================*/
int32_t DirDetectFile(int8_t *UpLoadFilePath)
{
int8_t filename[MAX_FILE_PATH_LEN];
FILE *pmd5file = NULL;
FILE *plistfile = NULL;
int32_t ret = 0;
if((UpLoadFilePath == NULL))
{
return -1;
}
r_strcpy(filename,UpLoadFilePath);
r_strncat(filename,"/filelist.xml",r_strlen("filelist.xml")+1);
plistfile = fopen(filename,"w+");
if(NULL == plistfile)
{
return -1;
}
fprintf(plistfile,"<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n");
fprintf(plistfile,"<DirContent>\n");
ret = ScnDir(plistfile, UpLoadFilePath);
fprintf(plistfile," <num>%d</num>\n",ret);
fprintf(plistfile,"</DirContent>\n");
if(plistfile != NULL)
{
fclose(plistfile);
}
return ret;
}
int fetchsms (char *pdu, int sim)
{
char answer[ANSWERSIZE];
int position;
int beginning;
int end;
int foo,err;
/* Input magically appears */
answer[ANSWERSIZE-1] = EOS;
/* Don't skip anything */
position = 0;
if (position==-1)
return 0;
beginning = position + NEEDLE_SZ + 1;
/* Find (something)\r(something)\r, where each (something) is at
* least MIN_DIFF characters
*
* If we don't find anything satisfying that, abort
*/
for( end=beginning ; answer[end] != EOS && answer[end] != '\r' ; end++ );
if ( answer[end] == EOS || end-beginning < MIN_DIFF)
return 0;
for( end=end+1 ; answer[end] != EOS && answer[end] !='\r' ; end++ );
if ( answer[end] == EOS || end-beginning < MIN_DIFF )
return 0;
/* Change the last '\r' to an EOS */
answer[end] = EOS;
/* BAD */
r_strcpy(pdu,answer+beginning);
return sim;
}
char *
realpath(const char *pathname, char *result, char* chroot_path)
{
char curpath[MAXPATHLEN],
workpath[MAXPATHLEN],
linkpath[MAXPATHLEN],
namebuf[MAXPATHLEN];
int len;
int where;
int ptr;
int last;
if (result == NULL)
return(NULL);
if(pathname == NULL){
*result = EOS;
return(NULL);
}
strcpy(curpath, pathname);
if (pathname[0] != '/') {
uid_t userid;
if (!getcwd(workpath,MAXPATHLEN)) {
userid = geteuid();
delay_signaling();
seteuid(0);
if (!getcwd(workpath,MAXPATHLEN)) {
strcpy(result, ".");
seteuid(userid);
enable_signaling();
return (NULL);
}
seteuid(userid);
enable_signaling();
}
} else
workpath[0] = EOS;
where = 0;
while (curpath[where] != EOS) {
if (!strcmp(curpath + where, ".")) {
where++;
continue;
}
strcpy(namebuf, workpath);
for (last = 0; namebuf[last] != EOS; last++)
continue;
/* Chop out the out-of-bounds writes.... */
}
/* Stand-in for checking stat fields. */
if (nondet_int() == 1) {
len = readlink(namebuf, linkpath, MAXPATHLEN);
if (len <= 0)
return NULL;
linkpath[len] = EOS;
if (linkpath[0] == '/')
workpath[0] = EOS;
if (curpath[where] != EOS) {
/* BAD */
r_strcat(linkpath, "/");
/* BAD */
r_strcat(linkpath, curpath + where);
}
/* BAD */
r_strcpy(curpath, linkpath);
}
return result;
}
void set_local_addr(sockaddr_un_t *local_addr, int8_t *unixstr_path)
{
r_bzero(local_addr, sizeof(sockaddr_un_t));
local_addr->sun_family = AF_LOCAL;
r_strcpy(local_addr->sun_path, unixstr_path);
}
