Module Name: src
Committed By: mrg
Date: Tue Aug 1 08:47:25 UTC 2023
Modified Files:
src/bin/rcp: rcp.c
src/crypto/external/bsd/openssh/dist: scp.c
src/lib/libc/net: getaddrinfo.c
src/lib/libc/resolv: res_debug.c res_query.c
src/usr.sbin/edquota: edquota.c
src/usr.sbin/ypserv/common: ypdb.c
Log Message:
convert explicit length check before unchecked snprintf() with just a
overflow checked snprintf(). for res_debug.c and res_query.c, convert
from sprintf() to snprintf().
tested scp and rcp fail properly with too-long paths.
tested getaddrinfo fails as expected for too-long domains.
tested dig and ping for similar (res_debug.c/res_query.c).
created a temporary fs with quotas to test edquota with a long EDITOR.
did not test ypserv directly, but it's the same pattern.
avoids GCC 12 snprintf() warnings, and reduces total code size.
To generate a diff of this commit:
cvs rdiff -u -r1.52 -r1.53 src/bin/rcp/rcp.c
cvs rdiff -u -r1.38 -r1.39 src/crypto/external/bsd/openssh/dist/scp.c
cvs rdiff -u -r1.123 -r1.124 src/lib/libc/net/getaddrinfo.c
cvs rdiff -u -r1.16 -r1.17 src/lib/libc/resolv/res_debug.c \
src/lib/libc/resolv/res_query.c
cvs rdiff -u -r1.53 -r1.54 src/usr.sbin/edquota/edquota.c
cvs rdiff -u -r1.12 -r1.13 src/usr.sbin/ypserv/common/ypdb.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/bin/rcp/rcp.c
diff -u src/bin/rcp/rcp.c:1.52 src/bin/rcp/rcp.c:1.53
--- src/bin/rcp/rcp.c:1.52 Mon Jul 18 13:01:59 2022
+++ src/bin/rcp/rcp.c Tue Aug 1 08:47:24 2023
@@ -1,4 +1,4 @@
-/* $NetBSD: rcp.c,v 1.52 2022/07/18 13:01:59 rin Exp $ */
+/* $NetBSD: rcp.c,v 1.53 2023/08/01 08:47:24 mrg Exp $ */
/*
* Copyright (c) 1983, 1990, 1992, 1993
@@ -39,7 +39,7 @@ __COPYRIGHT("@(#) Copyright (c) 1983, 19
#if 0
static char sccsid[] = "@(#)rcp.c 8.2 (Berkeley) 4/2/94";
#else
-__RCSID("$NetBSD: rcp.c,v 1.52 2022/07/18 13:01:59 rin Exp $");
+__RCSID("$NetBSD: rcp.c,v 1.53 2023/08/01 08:47:24 mrg Exp $");
#endif
#endif /* not lint */
@@ -466,11 +466,11 @@ rsource(char *name, struct stat *statp)
continue;
if (!strcmp(dp->d_name, dot) || !strcmp(dp->d_name, ".."))
continue;
- if (strlen(name) + 1 + strlen(dp->d_name) >= MAXPATHLEN - 1) {
+ if (snprintf(path, sizeof(path), "%s/%s", name, dp->d_name) >=
+ sizeof(path)) {
run_err("%s/%s: name too long", name, dp->d_name);
continue;
}
- (void)snprintf(path, sizeof(path), "%s/%s", name, dp->d_name);
vect[0] = path;
source(1, vect);
}
Index: src/crypto/external/bsd/openssh/dist/scp.c
diff -u src/crypto/external/bsd/openssh/dist/scp.c:1.38 src/crypto/external/bsd/openssh/dist/scp.c:1.39
--- src/crypto/external/bsd/openssh/dist/scp.c:1.38 Fri Jul 28 04:40:54 2023
+++ src/crypto/external/bsd/openssh/dist/scp.c Tue Aug 1 08:47:25 2023
@@ -1,4 +1,4 @@
-/* $NetBSD: scp.c,v 1.38 2023/07/28 04:40:54 rin Exp $ */
+/* $NetBSD: scp.c,v 1.39 2023/08/01 08:47:25 mrg Exp $ */
/* $OpenBSD: scp.c,v 1.253 2023/03/03 03:12:24 dtucker Exp $ */
/*
* scp - secure remote copy. This is basically patched BSD rcp which
@@ -73,7 +73,7 @@
*/
#include "includes.h"
-__RCSID("$NetBSD: scp.c,v 1.38 2023/07/28 04:40:54 rin Exp $");
+__RCSID("$NetBSD: scp.c,v 1.39 2023/08/01 08:47:25 mrg Exp $");
#include <sys/param.h> /* roundup MAX */
#include <sys/types.h>
@@ -1476,11 +1476,11 @@ rsource(char *name, struct stat *statp)
continue;
if (!strcmp(dp->d_name, ".") || !strcmp(dp->d_name, ".."))
continue;
- if (strlen(name) + 1 + strlen(dp->d_name) >= sizeof(path) - 1) {
+ if ((size_t)snprintf(path, sizeof path, "%s/%s",
+ name, dp->d_name) >= sizeof path) {
run_err("%s/%s: name too long", name, dp->d_name);
continue;
}
- (void) snprintf(path, sizeof path, "%s/%s", name, dp->d_name);
vect[0] = path;
source(1, vect);
}
Index: src/lib/libc/net/getaddrinfo.c
diff -u src/lib/libc/net/getaddrinfo.c:1.123 src/lib/libc/net/getaddrinfo.c:1.124
--- src/lib/libc/net/getaddrinfo.c:1.123 Tue Apr 19 20:32:15 2022
+++ src/lib/libc/net/getaddrinfo.c Tue Aug 1 08:47:25 2023
@@ -1,4 +1,4 @@
-/* $NetBSD: getaddrinfo.c,v 1.123 2022/04/19 20:32:15 rillig Exp $ */
+/* $NetBSD: getaddrinfo.c,v 1.124 2023/08/01 08:47:25 mrg Exp $ */
/* $KAME: getaddrinfo.c,v 1.29 2000/08/31 17:26:57 itojun Exp $ */
/*
@@ -55,7 +55,7 @@
#include <sys/cdefs.h>
#if defined(LIBC_SCCS) && !defined(lint)
-__RCSID("$NetBSD: getaddrinfo.c,v 1.123 2022/04/19 20:32:15 rillig Exp $");
+__RCSID("$NetBSD: getaddrinfo.c,v 1.124 2023/08/01 08:47:25 mrg Exp $");
#endif /* LIBC_SCCS and not lint */
#ifndef RUMP_ACTION
@@ -2820,7 +2820,7 @@ res_querydomainN(const char *name, const
{
char nbuf[MAXDNAME];
const char *longname = nbuf;
- size_t n, d;
+ size_t n;
_DIAGASSERT(name != NULL);
/* XXX: target may be NULL??? */
@@ -2841,18 +2841,15 @@ res_querydomainN(const char *name, const
return -1;
}
if (n > 0 && name[--n] == '.') {
- strncpy(nbuf, name, n);
- nbuf[n] = '\0';
+ snprintf(nbuf, sizeof(nbuf), "%*s", (int)n, name);
} else
longname = name;
} else {
- n = strlen(name);
- d = strlen(domain);
- if (n + 1 + d + 1 > sizeof(nbuf)) {
+ if ((size_t)snprintf(nbuf, sizeof(nbuf), "%s.%s",
+ name, domain) >= sizeof(nbuf)) {
h_errno = NO_RECOVERY;
return -1;
}
- snprintf(nbuf, sizeof(nbuf), "%s.%s", name, domain);
}
return res_queryN(longname, target, res);
}
Index: src/lib/libc/resolv/res_debug.c
diff -u src/lib/libc/resolv/res_debug.c:1.16 src/lib/libc/resolv/res_debug.c:1.17
--- src/lib/libc/resolv/res_debug.c:1.16 Thu Sep 16 20:17:46 2021
+++ src/lib/libc/resolv/res_debug.c Tue Aug 1 08:47:25 2023
@@ -1,4 +1,4 @@
-/* $NetBSD: res_debug.c,v 1.16 2021/09/16 20:17:46 andvar Exp $ */
+/* $NetBSD: res_debug.c,v 1.17 2023/08/01 08:47:25 mrg Exp $ */
/*
* Portions Copyright (C) 2004, 2005, 2008, 2009 Internet Systems Consortium, Inc. ("ISC")
@@ -97,7 +97,7 @@
static const char sccsid[] = "@(#)res_debug.c 8.1 (Berkeley) 6/4/93";
static const char rcsid[] = "Id: res_debug.c,v 1.19 2009/02/26 11:20:20 tbox Exp";
#else
-__RCSID("$NetBSD: res_debug.c,v 1.16 2021/09/16 20:17:46 andvar Exp $");
+__RCSID("$NetBSD: res_debug.c,v 1.17 2023/08/01 08:47:25 mrg Exp $");
#endif
#endif /* LIBC_SCCS and not lint */
@@ -1183,9 +1183,13 @@ p_secstodate (u_long secs) {
#endif
mytime->tm_year += 1900;
mytime->tm_mon += 1;
- sprintf(output, "%04d%02d%02d%02d%02d%02d",
- mytime->tm_year, mytime->tm_mon, mytime->tm_mday,
- mytime->tm_hour, mytime->tm_min, mytime->tm_sec);
+ if ((size_t)snprintf(output, sizeof p_secstodate_output,
+ "%04d%02d%02d%02d%02d%02d",
+ mytime->tm_year, mytime->tm_mon, mytime->tm_mday,
+ mytime->tm_hour, mytime->tm_min, mytime->tm_sec) >
+ sizeof p_secstodate_output) {
+ output[sizeof(p_secstodate_output) - 1] = 0;
+ }
return (output);
}
Index: src/lib/libc/resolv/res_query.c
diff -u src/lib/libc/resolv/res_query.c:1.16 src/lib/libc/resolv/res_query.c:1.17
--- src/lib/libc/resolv/res_query.c:1.16 Tue Feb 24 17:56:20 2015
+++ src/lib/libc/resolv/res_query.c Tue Aug 1 08:47:25 2023
@@ -1,4 +1,4 @@
-/* $NetBSD: res_query.c,v 1.16 2015/02/24 17:56:20 christos Exp $ */
+/* $NetBSD: res_query.c,v 1.17 2023/08/01 08:47:25 mrg Exp $ */
/*
* Portions Copyright (C) 2004, 2005, 2008 Internet Systems Consortium, Inc. ("ISC")
@@ -89,7 +89,7 @@
static const char sccsid[] = "@(#)res_query.c 8.1 (Berkeley) 6/4/93";
static const char rcsid[] = "Id: res_query.c,v 1.11 2008/11/14 02:36:51 marka Exp";
#else
-__RCSID("$NetBSD: res_query.c,v 1.16 2015/02/24 17:56:20 christos Exp $");
+__RCSID("$NetBSD: res_query.c,v 1.17 2023/08/01 08:47:25 mrg Exp $");
#endif
#endif /* LIBC_SCCS and not lint */
@@ -398,7 +398,7 @@ res_nquerydomain(res_state statp,
{
char nbuf[MAXDNAME];
const char *longname = nbuf;
- size_t n, d;
+ size_t n;
#ifdef DEBUG
if (statp->options & RES_DEBUG)
@@ -416,18 +416,15 @@ res_nquerydomain(res_state statp,
return (-1);
}
if (n && name[--n] == '.') {
- strncpy(nbuf, name, n);
- nbuf[n] = '\0';
+ snprintf(nbuf, sizeof(nbuf), "%*s", (int)n, name);
} else
longname = name;
} else {
- n = strlen(name);
- d = strlen(domain);
- if (n + d + 1 >= MAXDNAME) {
+ if ((size_t)snprintf(nbuf, sizeof(nbuf), "%s.%s",
+ name, domain) >= sizeof(nbuf)) {
RES_SET_H_ERRNO(statp, NO_RECOVERY);
return (-1);
}
- sprintf(nbuf, "%s.%s", name, domain);
}
return (res_nquery(statp, longname, class, type, answer, anslen));
}
Index: src/usr.sbin/edquota/edquota.c
diff -u src/usr.sbin/edquota/edquota.c:1.53 src/usr.sbin/edquota/edquota.c:1.54
--- src/usr.sbin/edquota/edquota.c:1.53 Tue Nov 9 09:21:31 2021
+++ src/usr.sbin/edquota/edquota.c Tue Aug 1 08:47:25 2023
@@ -1,4 +1,4 @@
-/* $NetBSD: edquota.c,v 1.53 2021/11/09 09:21:31 nia Exp $ */
+/* $NetBSD: edquota.c,v 1.54 2023/08/01 08:47:25 mrg Exp $ */
/*
* Copyright (c) 1980, 1990, 1993
* The Regents of the University of California. All rights reserved.
@@ -41,7 +41,7 @@ __COPYRIGHT("@(#) Copyright (c) 1980, 19
#if 0
static char sccsid[] = "from: @(#)edquota.c 8.3 (Berkeley) 4/27/95";
#else
-__RCSID("$NetBSD: edquota.c,v 1.53 2021/11/09 09:21:31 nia Exp $");
+__RCSID("$NetBSD: edquota.c,v 1.54 2023/08/01 08:47:25 mrg Exp $");
#endif
#endif /* not lint */
@@ -752,10 +752,10 @@ top:
setuid(getuid());
if ((ed = getenv("EDITOR")) == (char *)0)
ed = _PATH_VI;
- if (strlen(ed) + strlen(ltmpfile) + 2 >= MAX_TMPSTR) {
+ if ((size_t)snprintf(p, sizeof(p), "%s %s", ed, ltmpfile) >=
+ sizeof(p)) {
errx(1, "%s", "editor or filename too long");
}
- snprintf(p, sizeof(p), "%s %s", ed, ltmpfile);
execlp(_PATH_BSHELL, _PATH_BSHELL, "-c", p, NULL);
err(1, "%s", ed);
default:
Index: src/usr.sbin/ypserv/common/ypdb.c
diff -u src/usr.sbin/ypserv/common/ypdb.c:1.12 src/usr.sbin/ypserv/common/ypdb.c:1.13
--- src/usr.sbin/ypserv/common/ypdb.c:1.12 Tue Jan 10 21:06:17 2017
+++ src/usr.sbin/ypserv/common/ypdb.c Tue Aug 1 08:47:25 2023
@@ -1,4 +1,4 @@
-/* $NetBSD: ypdb.c,v 1.12 2017/01/10 21:06:17 christos Exp $ */
+/* $NetBSD: ypdb.c,v 1.13 2023/08/01 08:47:25 mrg Exp $ */
/*
* Copyright (c) 1990, 1993
@@ -38,7 +38,7 @@
#include <sys/cdefs.h>
#ifndef lint
-__RCSID("$NetBSD: ypdb.c,v 1.12 2017/01/10 21:06:17 christos Exp $");
+__RCSID("$NetBSD: ypdb.c,v 1.13 2023/08/01 08:47:25 mrg Exp $");
#endif
#include <sys/param.h>
@@ -82,11 +82,11 @@ ypdb_open(const char *file)
suffix = "";
else
suffix = YPDB_SUFFIX;
- if (strlen(file) + strlen(suffix) > (sizeof(path) - 1)) {
+ if ((size_t)snprintf(path, sizeof(path), "%s%s", file, suffix) >
+ sizeof(path)) {
warnx("File name `%s' is too long", file);
- return (NULL);
+ return NULL;
}
- snprintf(path, sizeof(path), "%s%s", file, suffix);
return _ypdb_dbopen(path, O_RDONLY, 0444);
}
