The branch main has been updated by jhb: URL: https://cgit.FreeBSD.org/src/commit/?id=6e8bf24073a1867c4b21bd84438a8b01ce91d82d
commit 6e8bf24073a1867c4b21bd84438a8b01ce91d82d Author: John Baldwin <[email protected]> AuthorDate: 2023-10-16 23:25:38 +0000 Commit: John Baldwin <[email protected]> CommitDate: 2023-10-16 23:25:38 +0000 bsdinstall partedit: Use snprintf instead of sprintf for error messages When generating a message for a dialog box into a static buffer, use snprintf instead of sprintf to avoid buffer overflows. Reviewed by: emaste Differential Revision: https://reviews.freebsd.org/D42240 --- usr.sbin/bsdinstall/partedit/gpart_ops.c | 37 ++++++++++++++++++++---------- usr.sbin/bsdinstall/partedit/part_wizard.c | 6 +++-- usr.sbin/bsdinstall/partedit/partedit.c | 3 ++- 3 files changed, 31 insertions(+), 15 deletions(-) diff --git a/usr.sbin/bsdinstall/partedit/gpart_ops.c b/usr.sbin/bsdinstall/partedit/gpart_ops.c index 7395030b26aa..0bcd17950daf 100644 --- a/usr.sbin/bsdinstall/partedit/gpart_ops.c +++ b/usr.sbin/bsdinstall/partedit/gpart_ops.c @@ -62,12 +62,13 @@ gpart_show_error(const char *title, const char *explanation, const char *errstr) while (errmsg[0] == ' ') errmsg++; if (errmsg[0] != '\0') - sprintf(message, "%s%s. %s", explanation, - strerror(error), errmsg); + snprintf(message, sizeof(message), "%s%s. %s", + explanation, strerror(error), errmsg); else - sprintf(message, "%s%s", explanation, strerror(error)); + snprintf(message, sizeof(message), "%s%s", explanation, + strerror(error)); } else { - sprintf(message, "%s%s", explanation, errmsg); + snprintf(message, sizeof(message), "%s%s", explanation, errmsg); } bsddialog_initconf(&conf); @@ -263,7 +264,9 @@ parttypemenu: if (!is_scheme_bootable(items[choice].name)) { char message[512]; - sprintf(message, "This partition scheme (%s) is not " + + snprintf(message, sizeof(message), + "This partition scheme (%s) is not " "bootable on this platform. Are you sure you want " "to proceed?", items[choice].name); conf.button.default_cancel = true; @@ -298,7 +301,9 @@ schememenu: if (!is_scheme_bootable(scheme)) { char message[512]; - sprintf(message, "This partition scheme (%s) is not " + + snprintf(message, sizeof(message), + "This partition scheme (%s) is not " "bootable on this platform. Are you sure you want " "to proceed?", scheme); conf.button.default_cancel = true; @@ -484,10 +489,11 @@ gpart_partcode(struct gprovider *pp, const char *fstype) } /* Shell out to gpart for partcode for now */ - sprintf(command, "gpart bootcode -p %s -i %s %s", + snprintf(command, sizeof(command), "gpart bootcode -p %s -i %s %s", partcode_path(scheme, fstype), indexstr, pp->lg_geom->lg_name); if (system(command) != 0) { - sprintf(message, "Error installing partcode on partition %s", + snprintf(message, sizeof(message), + "Error installing partcode on partition %s", pp->lg_name); bsddialog_initconf(&conf); conf.title = "Error"; @@ -659,7 +665,9 @@ editpart: if (strcmp(items[2].value, "/") == 0 && !is_fs_bootable(scheme, items[0].value)) { char message[512]; - sprintf(message, "This file system (%s) is not bootable " + + snprintf(message, sizeof(message), + "This file system (%s) is not bootable " "on this system. Are you sure you want to proceed?", items[0].value); conf.button.default_cancel = true; @@ -1182,7 +1190,8 @@ addpartform: if (expand_number(items[1].value, &bytes) != 0) { char error[512]; - sprintf(error, "Invalid size: %s\n", strerror(errno)); + snprintf(error, sizeof(error), "Invalid size: %s\n", + strerror(errno)); conf.title = "Error"; bsddialog_msgbox(&conf, error, 0, 0); goto addpartform; @@ -1234,7 +1243,9 @@ addpartform: /* If this is the root partition, check that this scheme is bootable */ if (strcmp(items[2].value, "/") == 0 && !is_scheme_bootable(scheme)) { char message[512]; - sprintf(message, "This partition scheme (%s) is not bootable " + + snprintf(message, sizeof(message), + "This partition scheme (%s) is not bootable " "on this platform. Are you sure you want to proceed?", scheme); conf.button.default_cancel = true; @@ -1249,7 +1260,9 @@ addpartform: if (strcmp(items[2].value, "/") == 0 && !is_fs_bootable(scheme, items[0].value)) { char message[512]; - sprintf(message, "This file system (%s) is not bootable " + + snprintf(message, sizeof(message), + "This file system (%s) is not bootable " "on this system. Are you sure you want to proceed?", items[0].value); conf.button.default_cancel = true; diff --git a/usr.sbin/bsdinstall/partedit/part_wizard.c b/usr.sbin/bsdinstall/partedit/part_wizard.c index 5618d5ffe025..a3c5cb43ec51 100644 --- a/usr.sbin/bsdinstall/partedit/part_wizard.c +++ b/usr.sbin/bsdinstall/partedit/part_wizard.c @@ -277,7 +277,8 @@ query: char warning[512]; int subchoice; - sprintf(warning, "The existing partition scheme on this " + snprintf(warning, sizeof(warning), + "The existing partition scheme on this " "disk (%s) is not bootable on this platform. To install " OSNAME ", it must be repartitioned. This will destroy all " "data on the disk. Are you sure you want to proceed?", @@ -367,7 +368,8 @@ wizard_makeparts(struct gmesh *mesh, const char *disk, const char *fstype, HN_DECIMAL); humanize_number(neededstr, 7, MIN_FREE_SPACE, "B", HN_AUTOSCALE, HN_DECIMAL); - sprintf(message, "There is not enough free space on %s to " + snprintf(message, sizeof(message), + "There is not enough free space on %s to " "install " OSNAME " (%s free, %s required). Would you like " "to choose another disk or to open the partition editor?", disk, availablestr, neededstr); diff --git a/usr.sbin/bsdinstall/partedit/partedit.c b/usr.sbin/bsdinstall/partedit/partedit.c index 6a216f31161b..74606a2ef8f3 100644 --- a/usr.sbin/bsdinstall/partedit/partedit.c +++ b/usr.sbin/bsdinstall/partedit/partedit.c @@ -436,7 +436,8 @@ apply_changes(struct gmesh *mesh) fstab_path = "/etc/fstab"; fstab = fopen(fstab_path, "w+"); if (fstab == NULL) { - sprintf(message, "Cannot open fstab file %s for writing (%s)\n", + snprintf(message, sizeof(message), + "Cannot open fstab file %s for writing (%s)\n", getenv("PATH_FSTAB"), strerror(errno)); conf.title = "Error"; bsddialog_msgbox(&conf, message, 0, 0);
