1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
|
diff -Nur squidGuard-1.4.orig/src/sg.h.in squidGuard-1.4/src/sg.h.in
--- squidGuard-1.4.orig/src/sg.h.in 2007-11-16 23:58:32.000000000 +0700
+++ squidGuard-1.4/src/sg.h.in 2015-02-07 22:26:18.632797069 +0700
@@ -73,7 +73,7 @@
#define REQUEST_TYPE_REDIRECT 2
#define REQUEST_TYPE_PASS 3
-#define MAX_BUF 4096
+#define MAX_BUF 12288
#define DEFAULT_LOGFILE "squidGuard.log"
#define WARNING_LOGFILE "squidGuard.log"
diff -Nur squidGuard-1.4.orig/src/sgDiv.c.in squidGuard-1.4/src/sgDiv.c.in
--- squidGuard-1.4.orig/src/sgDiv.c.in 2008-07-14 23:02:43.000000000 +0700
+++ squidGuard-1.4/src/sgDiv.c.in 2015-02-07 22:26:18.632797069 +0700
@@ -745,7 +745,7 @@
p++;
break;
case 'u': /* Requested URL */
- strcat(buf, req->orig);
+ strncat(buf, req->orig, 2048);
p++;
break;
default:
diff -Nur squidGuard-1.4.orig/src/sgLog.c squidGuard-1.4/src/sgLog.c
--- squidGuard-1.4.orig/src/sgLog.c 2007-11-16 23:58:32.000000000 +0700
+++ squidGuard-1.4/src/sgLog.c 2015-02-07 22:26:39.122853889 +0700
@@ -2,7 +2,7 @@
By accepting this notice, you agree to be bound by the following
agreements:
- This software product, squidGuard, is copyrighted (C) 1998-2007
+ This software product, squidGuard, is copyrighted (C) 1998-2009
by Christine Kronberg, Shalla Secure Services. All rights reserved.
This program is free software; you can redistribute it and/or modify it
@@ -55,8 +55,8 @@
char msg[MAX_BUF];
va_list ap;
VA_START(ap, format);
- if(vsprintf(msg, format, ap) > (MAX_BUF - 1))
- fprintf(stderr,"overflow in vsprintf (sgLog): %s",strerror(errno));
+ if(vsnprintf(msg, MAX_BUF, format, ap) > (MAX_BUF - 1))
+ fprintf(stderr,"overflow in vsnprintf (sgLog): %s",strerror(errno));
va_end(ap);
date = niso(0);
if(globalDebug || log == NULL) {
@@ -87,8 +87,8 @@
char msg[MAX_BUF];
va_list ap;
VA_START(ap, format);
- if(vsprintf(msg, format, ap) > (MAX_BUF - 1))
- sgLogFatalError("overflow in vsprintf (sgLogError): %s",strerror(errno));
+ if(vsnprintf(msg, MAX_BUF, format, ap) > (MAX_BUF - 1))
+ sgLog(globalErrorLog, "overflow in vsnprintf (sgLogError): %s",strerror(errno));
va_end(ap);
sgLog(globalErrorLog,"%s",msg);
}
@@ -104,8 +104,8 @@
char msg[MAX_BUF];
va_list ap;
VA_START(ap, format);
- if(vsprintf(msg, format, ap) > (MAX_BUF - 1))
- return;
+ if(vsnprintf(msg, MAX_BUF, format, ap) > (MAX_BUF - 1))
+ sgLog(globalErrorLog, "overflow in vsnprintf (sgLogError): %s",strerror(errno));
va_end(ap);
sgLog(globalErrorLog,"%s",msg);
sgEmergency();
|