convert explicit length check before unchecked snprintf() with just a

overflow checked snprintf(). for res_debug.c and res_query.c, convert from sprintf() to snprintf(). tested scp and rcp fail properly with too-long paths. tested getaddrinfo fails as expected for too-long domains. tested dig and ping for similar (res_debug.c/res_query.c). created a temporary fs with quotas to test edquota with a long EDITOR. did not test ypserv directly, but it's the same pattern. avoids GCC 12 snprintf() warnings, and reduces total code size.
2023-08-01 08:47:24 +00:00 · 2023-08-01 08:47:24 +00:00 · f386908b27
parent e39f33a8c4
commit f386908b27
7 changed files with 38 additions and 40 deletions
--- a/bin/rcp/rcp.c
+++ b/bin/rcp/rcp.c
@ -1,4 +1,4 @@
-/*	$NetBSD: rcp.c,v 1.52 2022/07/18 13:01:59 rin Exp $	*/
+/*	$NetBSD: rcp.c,v 1.53 2023/08/01 08:47:24 mrg Exp $	*/

 /*
 * Copyright (c) 1983, 1990, 1992, 1993
@ -39,7 +39,7 @@ __COPYRIGHT("@(#) Copyright (c) 1983, 1990, 1992, 1993\
 #if 0
 static char sccsid[] = "@(#)rcp.c	8.2 (Berkeley) 4/2/94";
 #else
-__RCSID("$NetBSD: rcp.c,v 1.52 2022/07/18 13:01:59 rin Exp $");
+__RCSID("$NetBSD: rcp.c,v 1.53 2023/08/01 08:47:24 mrg Exp $");
 #endif
 #endif /* not lint */

@ -466,11 +466,11 @@ rsource(char *name, struct stat *statp)
 			continue;
 		if (!strcmp(dp->d_name, dot) || !strcmp(dp->d_name, ".."))
 			continue;
-		if (strlen(name) + 1 + strlen(dp->d_name) >= MAXPATHLEN - 1) {
+		if (snprintf(path, sizeof(path), "%s/%s", name, dp->d_name) >=
+		    sizeof(path)) {
 			run_err("%s/%s: name too long", name, dp->d_name);
 			continue;
 		}
-		(void)snprintf(path, sizeof(path), "%s/%s", name, dp->d_name);
 		vect[0] = path;
 		source(1, vect);
 	}
--- a/crypto/external/bsd/openssh/dist/scp.c
+++ b/crypto/external/bsd/openssh/dist/scp.c
@ -1,4 +1,4 @@
-/*	$NetBSD: scp.c,v 1.38 2023/07/28 04:40:54 rin Exp $	*/
+/*	$NetBSD: scp.c,v 1.39 2023/08/01 08:47:25 mrg Exp $	*/
 /* $OpenBSD: scp.c,v 1.253 2023/03/03 03:12:24 dtucker Exp $ */
 /*
 * scp - secure remote copy.  This is basically patched BSD rcp which
@ -73,7 +73,7 @@
 */

 #include "includes.h"
-__RCSID("$NetBSD: scp.c,v 1.38 2023/07/28 04:40:54 rin Exp $");
+__RCSID("$NetBSD: scp.c,v 1.39 2023/08/01 08:47:25 mrg Exp $");

 #include <sys/param.h>	/* roundup MAX */
 #include <sys/types.h>
@ -1476,11 +1476,11 @@ rsource(char *name, struct stat *statp)
 			continue;
 		if (!strcmp(dp->d_name, ".") || !strcmp(dp->d_name, ".."))
 			continue;
-		if (strlen(name) + 1 + strlen(dp->d_name) >= sizeof(path) - 1) {
+		if ((size_t)snprintf(path, sizeof path, "%s/%s",
+		    name, dp->d_name) >= sizeof path) {
 			run_err("%s/%s: name too long", name, dp->d_name);
 			continue;
 		}
-		(void) snprintf(path, sizeof path, "%s/%s", name, dp->d_name);
 		vect[0] = path;
 		source(1, vect);
 	}
--- a/lib/libc/net/getaddrinfo.c
+++ b/lib/libc/net/getaddrinfo.c
@ -1,4 +1,4 @@
-/*	$NetBSD: getaddrinfo.c,v 1.123 2022/04/19 20:32:15 rillig Exp $	*/
+/*	$NetBSD: getaddrinfo.c,v 1.124 2023/08/01 08:47:25 mrg Exp $	*/
 /*	$KAME: getaddrinfo.c,v 1.29 2000/08/31 17:26:57 itojun Exp $	*/

 /*
@ -55,7 +55,7 @@

 #include <sys/cdefs.h>
 #if defined(LIBC_SCCS) && !defined(lint)
-__RCSID("$NetBSD: getaddrinfo.c,v 1.123 2022/04/19 20:32:15 rillig Exp $");
+__RCSID("$NetBSD: getaddrinfo.c,v 1.124 2023/08/01 08:47:25 mrg Exp $");
 #endif /* LIBC_SCCS and not lint */

 #ifndef RUMP_ACTION
@ -2820,7 +2820,7 @@ res_querydomainN(const char *name, const char *domain,
 {
 	char nbuf[MAXDNAME];
 	const char *longname = nbuf;
-	size_t n, d;
+	size_t n;

 	_DIAGASSERT(name != NULL);
 	/* XXX: target may be NULL??? */
@ -2841,18 +2841,15 @@ res_querydomainN(const char *name, const char *domain,
 			return -1;
 		}
 		if (n > 0 && name[--n] == '.') {
-			strncpy(nbuf, name, n);
-			nbuf[n] = '\0';
+			snprintf(nbuf, sizeof(nbuf), "%*s", (int)n, name);
 		} else
 			longname = name;
 	} else {
-		n = strlen(name);
-		d = strlen(domain);
-		if (n + 1 + d + 1 > sizeof(nbuf)) {
+		if ((size_t)snprintf(nbuf, sizeof(nbuf), "%s.%s",
+				name, domain) >= sizeof(nbuf)) {
 			h_errno = NO_RECOVERY;
 			return -1;
 		}
-		snprintf(nbuf, sizeof(nbuf), "%s.%s", name, domain);
 	}
 	return res_queryN(longname, target, res);
 }
--- a/lib/libc/resolv/res_debug.c
+++ b/lib/libc/resolv/res_debug.c
@ -1,4 +1,4 @@
-/*	$NetBSD: res_debug.c,v 1.16 2021/09/16 20:17:46 andvar Exp $	*/
+/*	$NetBSD: res_debug.c,v 1.17 2023/08/01 08:47:25 mrg Exp $	*/

 /*
 * Portions Copyright (C) 2004, 2005, 2008, 2009  Internet Systems Consortium, Inc. ("ISC")
@ -97,7 +97,7 @@
 static const char sccsid[] = "@(#)res_debug.c	8.1 (Berkeley) 6/4/93";
 static const char rcsid[] = "Id: res_debug.c,v 1.19 2009/02/26 11:20:20 tbox Exp";
 #else
-__RCSID("$NetBSD: res_debug.c,v 1.16 2021/09/16 20:17:46 andvar Exp $");
+__RCSID("$NetBSD: res_debug.c,v 1.17 2023/08/01 08:47:25 mrg Exp $");
 #endif
 #endif /* LIBC_SCCS and not lint */

@ -1183,9 +1183,13 @@ p_secstodate (u_long secs) {
 #endif
 	mytime->tm_year += 1900;
 	mytime->tm_mon += 1;
-	sprintf(output, "%04d%02d%02d%02d%02d%02d",
-		mytime->tm_year, mytime->tm_mon, mytime->tm_mday,
-		mytime->tm_hour, mytime->tm_min, mytime->tm_sec);
+	if ((size_t)snprintf(output, sizeof p_secstodate_output,
+	   	     "%04d%02d%02d%02d%02d%02d",
+		     mytime->tm_year, mytime->tm_mon, mytime->tm_mday,
+		     mytime->tm_hour, mytime->tm_min, mytime->tm_sec) >
+	            sizeof p_secstodate_output) {
+		output[sizeof(p_secstodate_output) - 1] = 0;
+	}
 	return (output);
 }

--- a/lib/libc/resolv/res_query.c
+++ b/lib/libc/resolv/res_query.c
@ -1,4 +1,4 @@
-/*	$NetBSD: res_query.c,v 1.16 2015/02/24 17:56:20 christos Exp $	*/
+/*	$NetBSD: res_query.c,v 1.17 2023/08/01 08:47:25 mrg Exp $	*/

 /*
 * Portions Copyright (C) 2004, 2005, 2008  Internet Systems Consortium, Inc. ("ISC")
@ -89,7 +89,7 @@
 static const char sccsid[] = "@(#)res_query.c	8.1 (Berkeley) 6/4/93";
 static const char rcsid[] = "Id: res_query.c,v 1.11 2008/11/14 02:36:51 marka Exp";
 #else
-__RCSID("$NetBSD: res_query.c,v 1.16 2015/02/24 17:56:20 christos Exp $");
+__RCSID("$NetBSD: res_query.c,v 1.17 2023/08/01 08:47:25 mrg Exp $");
 #endif
 #endif /* LIBC_SCCS and not lint */

@ -398,7 +398,7 @@ res_nquerydomain(res_state statp,
 {
 	char nbuf[MAXDNAME];
 	const char *longname = nbuf;
-	size_t n, d;
+	size_t n;

 #ifdef DEBUG
 	if (statp->options & RES_DEBUG)
@ -416,18 +416,15 @@ res_nquerydomain(res_state statp,
 			return (-1);
 		}
 		if (n && name[--n] == '.') {
-			strncpy(nbuf, name, n);
-			nbuf[n] = '\0';
+			snprintf(nbuf, sizeof(nbuf), "%*s", (int)n, name);
 		} else
 			longname = name;
 	} else {
-		n = strlen(name);
-		d = strlen(domain);
-		if (n + d + 1 >= MAXDNAME) {
+		if ((size_t)snprintf(nbuf, sizeof(nbuf), "%s.%s",
+				name, domain) >= sizeof(nbuf)) {
 			RES_SET_H_ERRNO(statp, NO_RECOVERY);
 			return (-1);
 		}
-		sprintf(nbuf, "%s.%s", name, domain);
 	}
 	return (res_nquery(statp, longname, class, type, answer, anslen));
 }
--- a/usr.sbin/edquota/edquota.c
+++ b/usr.sbin/edquota/edquota.c
@ -1,4 +1,4 @@
-/*      $NetBSD: edquota.c,v 1.53 2021/11/09 09:21:31 nia Exp $ */
+/*      $NetBSD: edquota.c,v 1.54 2023/08/01 08:47:25 mrg Exp $ */
 /*
 * Copyright (c) 1980, 1990, 1993
 *	The Regents of the University of California.  All rights reserved.
@ -41,7 +41,7 @@ __COPYRIGHT("@(#) Copyright (c) 1980, 1990, 1993\
 #if 0
 static char sccsid[] = "from: @(#)edquota.c	8.3 (Berkeley) 4/27/95";
 #else
-__RCSID("$NetBSD: edquota.c,v 1.53 2021/11/09 09:21:31 nia Exp $");
+__RCSID("$NetBSD: edquota.c,v 1.54 2023/08/01 08:47:25 mrg Exp $");
 #endif
 #endif /* not lint */

@ -752,10 +752,10 @@ top:
 		setuid(getuid());
 		if ((ed = getenv("EDITOR")) == (char *)0)
 			ed = _PATH_VI;
-		if (strlen(ed) + strlen(ltmpfile) + 2 >= MAX_TMPSTR) {
+		if ((size_t)snprintf(p, sizeof(p), "%s %s", ed, ltmpfile) >=
+		    sizeof(p)) {
 			errx(1, "%s", "editor or filename too long");
 		}
-		snprintf(p, sizeof(p), "%s %s", ed, ltmpfile);
 		execlp(_PATH_BSHELL, _PATH_BSHELL, "-c", p, NULL);
 		err(1, "%s", ed);
 	default:
--- a/usr.sbin/ypserv/common/ypdb.c
+++ b/usr.sbin/ypserv/common/ypdb.c
@ -1,4 +1,4 @@
-/*	$NetBSD: ypdb.c,v 1.12 2017/01/10 21:06:17 christos Exp $	*/
+/*	$NetBSD: ypdb.c,v 1.13 2023/08/01 08:47:25 mrg Exp $	*/

 /*
 * Copyright (c) 1990, 1993
@ -38,7 +38,7 @@

 #include <sys/cdefs.h>
 #ifndef lint
-__RCSID("$NetBSD: ypdb.c,v 1.12 2017/01/10 21:06:17 christos Exp $");
+__RCSID("$NetBSD: ypdb.c,v 1.13 2023/08/01 08:47:25 mrg Exp $");
 #endif

 #include <sys/param.h>
@ -82,11 +82,11 @@ ypdb_open(const char *file)
 		suffix = "";
 	else
 		suffix = YPDB_SUFFIX;
-	if (strlen(file) + strlen(suffix) > (sizeof(path) - 1)) {
+	if ((size_t)snprintf(path, sizeof(path), "%s%s", file, suffix) >
+	    sizeof(path)) {
 		warnx("File name `%s' is too long", file);
-		return (NULL);
+		return NULL;
 	}
-	snprintf(path, sizeof(path), "%s%s", file, suffix);
 	return _ypdb_dbopen(path, O_RDONLY, 0444);
 }