Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[WIP] Safer CPL path functions #11639

Draft
wants to merge 17 commits into
base: master
Choose a base branch
from
Draft

[WIP] Safer CPL path functions #11639

wants to merge 17 commits into from
+2,147 −1,533

Conversation

rouault
Copy link
Member

@rouault rouault commented Jan 11, 2025
edited
Loading

Candidate implementation of RFC 105 "Add and use safe path manipulation functions" / #11640

@rouault
Fix read heap-buffer-overflow on nested /vsitar/ calls
c80a461 
Fixes https://issues.oss-fuzz.com/issues/388868487

This is just a band-aid... The use of CPLFormFilename() and
friends is so dangerous with the rotating TLS buffers that
may end up overwritten if too many calls are nested...
@rouault
Add CPLFormFilenameSafe() and CPLFormFilenameCISafe()
4457700
@rouault
port/: use CPLFormFilenameSafe() wherever possible
32df413
@rouault rouault force-pushed the CPLFormFilenameSafe branch from 9700ce9 to 7474f93 Compare January 11, 2025 16:08
@rouault
gcore/: use CPLFormFilenameSafe()
0cc942a
@rouault
Add CPLGetPathSafe(), CPLGetDirnameSafe(), CPLGetBasenameSafe(), CPLG…
543e974 
…etExtensionSafe()
@rouault
port/: use CPLGetPathSafe(), CPLGetDirnameSafe(), CPLGetBasenameSafe(…
34d6cc1 
…), CPLGetExtensionSafe()
@rouault
cpl_vsi_mem.cpp: more uses of std::string instead of CPLString; sligh…
b2985b2 
…t semantic change in Rename() where case-sensitive find() used instead of ifind(), change which is more logical
@rouault
GDALOpenInfo: add a osExtension member
3c7d8eb
@rouault
Add GDALOpenInfo::IsExtensionEqualToCI()
ba7d924
@rouault
frmts/, ogr/: replace 'EQUAL(CPLGetExtension(poOpenInfo->pszFilename)…
7ae8663 
…,' with 'poOpenInfo->IsExtensionEqualToCI('
@rouault
frmts/ ogr/: replace EQUAL(CPLGetExtension(...), ...) by EQUAL(CPLGet…
1a6fa67 
…ExtensionSafe(...).c_str(), ...)

Using
```
find frmts ogr  -name "*.cpp"  -exec sed -i "s/EQUAL(CPLGetExtension(\([a-zA-Z]*\)),/EQUAL(CPLGetExtensionSafe(\1).c_str(),/" {} \;
```
@rouault
frmts/: manual replacement of last uses of CPLGetExtension() by CPLGe…
0221c26 
…tExtensionSafe()
@rouault rouault force-pushed the CPLFormFilenameSafe branch from 7474f93 to 0221c26 Compare January 11, 2025 21:18
@rouault
Add CPLResetExtensionSafe(), CPLProjectRelativeFilenameSafe(), CPLCle…
0f95b37 
…anTrailingSlashSafe(), CPLGenerateTempFilenameSafe(), CPLExpandTildeSafe(), CPLLaunderForFilenameSafe()
@rouault rouault force-pushed the CPLFormFilenameSafe branch from 45b2948 to 48542cf Compare January 12, 2025 16:30
@rouault rouault added the funded through GSP Work funded through the GDAL Sponsorship Program label Jan 12, 2025
@rouault rouault force-pushed the CPLFormFilenameSafe branch from 48542cf to 0b81ed3 Compare January 12, 2025 16:51
@rouault
MBTiles: use of RFC105 safer path functions, to avoid issue with late…
b953ac9 
…r automation scripts
@rouault
Automated use of RFC105 safe functions
26bfaf6 
Done with following script:
```bash
funcs=(CPLGetPath CPLGetDirname CPLGetBasename CPLGetExtension CPLFormFilename CPLFormCIFilename CPLResetExtension CPLProjectRelativeFilename CPLCleanTrailingSlash CPLGenerateTempFilename CPLExpandTilde CPLLaunderForFilename)

for func in "${funcs[@]}"; do
  find frmts ogr -name "*.cpp" -exec sed -i -E "s/const char \*([a-zA-Z_][a-zA-Z0-9_]*)\(${func}\(([^()]*(\([^()]*\))?[^()]*)\)\);/const char *\1 = ${func}(\2);/g" {} \;
done

for func in "${funcs[@]}"; do
  find frmts ogr -name "*.cpp" -exec sed -i -E "s/CPLString\(${func}\(([^()]*(\([^()]*\))?[^()]*)\)\)/CPLString(${func}Safe(\1))/g" {} \;
  find frmts ogr -name "*.cpp" -exec sed -i -E "s/std::string\(${func}\(([^()]*(\([^()]*\))?[^()]*)\)\)/std::string(${func}Safe(\1))/g" {} \;
done

for func in "${funcs[@]}"; do
  find frmts ogr -name "*.cpp" -exec sed -i -E "s/(CPLString\s+[a-zA-Z_][a-zA-Z0-9_]*\s*\()${func}\((.*)\)/\1${func}Safe(\2)/g" {} \;
  find frmts ogr -name "*.cpp" -exec sed -i -E "s/(std::string\s+[a-zA-Z_][a-zA-Z0-9_]*\s*\()${func}\((.*)\)/\1${func}Safe(\2)/g" {} \;
done

for func in "${funcs[@]}"; do
  find frmts ogr -name "*.cpp" -exec sed -i -E "s/(std::string\s+[a-zA-Z_][a-zA-Z0-9_]*\s*\()${func}\(([^)]+)\)/\1${func}Safe(\2)/g" {} \;
  find frmts ogr -name "*.cpp" -exec sed -i -E "s/(CPLString\s+[a-zA-Z_][a-zA-Z0-9_]*\s*\()${func}\(([^)]+)\)/\1${func}Safe(\2)/g" {} \;
done

for func in "${funcs[@]}"; do
  find frmts ogr -name "*.cpp" -exec sed -i -E "s/\(${func}\(([^()]*(\([^()]*\))?[^()]*)\)/(${func}Safe(\1).c_str()/g" {} \;
  find frmts ogr -name "*.cpp" -exec sed -i -E "s/, ${func}\(([^()]*(\([^()]*\))?[^()]*)\)/, ${func}Safe(\1).c_str()/g" {} \;
done
```
@rouault
Automated use of RFC105 safe functions
3e1327c 
Done with following script:
```bash
funcs=(CPLGetPath CPLGetDirname CPLGetBasename CPLGetExtension CPLFormFilename CPLFormCIFilename CPLResetExtension CPLProjectRelativeFilename CPLCleanTrailingSlash CPLGenerateTempFilename CPLExpandTilde CPLLaunderForFilename)

for func in "${funcs[@]}"; do
  find frmts ogr -name "*.cpp" -exec sed -i -E "s/(CPLString\s+[a-zA-Z_][a-zA-Z0-9_]*\s*\ = )${func}\((.*)\)/\1${func}Safe(\2)/g" {} \;
  find frmts ogr -name "*.cpp" -exec sed -i -E "s/(std::string\s+[a-zA-Z_][a-zA-Z0-9_]*\s*\ = )${func}\((.*)\)/\1${func}Safe(\2)/g" {} \;
done
```
@rouault rouault force-pushed the CPLFormFilenameSafe branch from 0b81ed3 to 3e1327c Compare January 12, 2025 17:23
@coveralls
Copy link
Collaborator

coveralls commented Jan 12, 2025
edited
Loading

Coverage Status

coverage: 70.095% (+0.007%) from 70.088%
when pulling 85eb32a on rouault:CPLFormFilenameSafe
into 926f93b on OSGeo:master.

@rouault rouault marked this pull request as draft January 13, 2025 00:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
funded through GSP Work funded through the GDAL Sponsorship Program
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rouault @coveralls