Author: arichardson Date: Wed Nov 4 14:31:52 2020 New Revision: 367331 URL: https://svnweb.freebsd.org/changeset/base/367331
Log: Fix bad libbxo format strings in jls The existing format string for the empty case was trying to read varargs values that weren't passed to xo_emit. This appears to work on x86 (since the next argument is probably a pointer an empty string), but for CHERI we can bound variadic arguments and detect a read past the end. While touching these lines also use the libxo 'a' modifier to avoid having to construct the libxo format string using asprintf. Found by: CHERI Reviewed By: allanjude Differential Revision: https://reviews.freebsd.org/D26885 Modified: head/usr.sbin/jls/jls.c Modified: head/usr.sbin/jls/jls.c ============================================================================== --- head/usr.sbin/jls/jls.c Wed Nov 4 14:13:29 2020 (r367330) +++ head/usr.sbin/jls/jls.c Wed Nov 4 14:31:52 2020 (r367331) @@ -505,17 +505,13 @@ quoted_print(int pflags, char *name, char *value) { int qc; char *p = value; - char *param_name_value; /* An empty string needs quoting. */ if (!*p) { - asprintf(¶m_name_value, "{k:%s}{d:%s/\"\"}", name, name); - xo_emit(param_name_value); - free(param_name_value); + xo_emit("{ea:/%s}{da:/\"\"}", name, value, name); return; } - asprintf(¶m_name_value, "{:%s/%%s}", name); /* * The value will be surrounded by quotes if it contains spaces * or quotes. @@ -528,9 +524,7 @@ quoted_print(int pflags, char *name, char *value) if (qc && pflags & PRINT_QUOTED) xo_emit("{P:/%c}", qc); - xo_emit(param_name_value, value); - - free(param_name_value); + xo_emit("{a:/%s}", name, value); if (qc && pflags & PRINT_QUOTED) xo_emit("{P:/%c}", qc); _______________________________________________ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
