Module Name: src
Committed By: mrg
Date: Mon Feb 4 08:21:12 UTC 2019
Modified Files:
src/lib/libintl: gettext.c
src/sbin/iscsid: iscsid_main.c
src/usr.sbin/npf/npfd: npfd_log.c
Log Message:
check for snprintf() truncation and fail sanely if so, rather than
attempting to use a file that won't exist or isn't secure.
To generate a diff of this commit:
cvs rdiff -u -r1.29 -r1.30 src/lib/libintl/gettext.c
cvs rdiff -u -r1.11 -r1.12 src/sbin/iscsid/iscsid_main.c
cvs rdiff -u -r1.12 -r1.13 src/usr.sbin/npf/npfd/npfd_log.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/lib/libintl/gettext.c
diff -u src/lib/libintl/gettext.c:1.29 src/lib/libintl/gettext.c:1.30
--- src/lib/libintl/gettext.c:1.29 Fri May 29 12:26:28 2015
+++ src/lib/libintl/gettext.c Mon Feb 4 08:21:11 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: gettext.c,v 1.29 2015/05/29 12:26:28 christos Exp $ */
+/* $NetBSD: gettext.c,v 1.30 2019/02/04 08:21:11 mrg Exp $ */
/*-
* Copyright (c) 2000, 2001 Citrus Project,
@@ -29,7 +29,7 @@
*/
#include <sys/cdefs.h>
-__RCSID("$NetBSD: gettext.c,v 1.29 2015/05/29 12:26:28 christos Exp $");
+__RCSID("$NetBSD: gettext.c,v 1.30 2019/02/04 08:21:11 mrg Exp $");
#include <sys/param.h>
#include <sys/stat.h>
@@ -329,8 +329,10 @@ lookup_mofile(char *buf, size_t len, con
continue;
#endif
- snprintf(buf, len, "%s/%s/%s/%s.mo", dir, p,
+ int rv = snprintf(buf, len, "%s/%s/%s/%s.mo", dir, p,
category, domainname);
+ if (rv > (int)len)
+ return NULL;
if (stat(buf, &st) < 0)
continue;
if ((st.st_mode & S_IFMT) != S_IFREG)
@@ -942,7 +944,7 @@ dcngettext(const char *domainname, const
unsigned long int n, int category)
{
const char *msgid;
- char path[PATH_MAX];
+ char path[PATH_MAX+1];
const char *lpath;
static char olpath[PATH_MAX];
const char *cname = NULL;
Index: src/sbin/iscsid/iscsid_main.c
diff -u src/sbin/iscsid/iscsid_main.c:1.11 src/sbin/iscsid/iscsid_main.c:1.12
--- src/sbin/iscsid/iscsid_main.c:1.11 Mon May 30 21:58:32 2016
+++ src/sbin/iscsid/iscsid_main.c Mon Feb 4 08:21:12 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: iscsid_main.c,v 1.11 2016/05/30 21:58:32 mlelstv Exp $ */
+/* $NetBSD: iscsid_main.c,v 1.12 2019/02/04 08:21:12 mrg Exp $ */
/*-
* Copyright (c) 2005,2006,2011 The NetBSD Foundation, Inc.
@@ -90,6 +90,7 @@ create_node_name(void)
uint32_t hid = 0;
size_t siz;
int mib[2];
+ int total;
unsigned char *s;
(void) memset(&snp, 0x0, sizeof(snp));
@@ -109,8 +110,12 @@ create_node_name(void)
for (s = snp.InitiatorAlias; *s; s++)
if (!isalnum((unsigned char) *s) && *s != '-' && *s != '.' && *s != ':')
*s = '-';
- snprintf((char *)snp.InitiatorName, sizeof(snp.InitiatorName),
+ total = snprintf((char *)snp.InitiatorName, sizeof(snp.InitiatorName),
"iqn.1994-04.org.netbsd:iscsi.%s:%u", snp.InitiatorAlias, hid);
+ if ((size_t)total > sizeof(snp.InitiatorName)) {
+ printf("Warning: iSCSI Node InitiatorName too long to set InitiatorAlias!\n");
+ return ISCSID_STATUS_NO_INITIATOR_NAME;
+ }
ioctl(driver, ISCSI_SET_NODE_NAME, &snp);
return snp.status;
Index: src/usr.sbin/npf/npfd/npfd_log.c
diff -u src/usr.sbin/npf/npfd/npfd_log.c:1.12 src/usr.sbin/npf/npfd/npfd_log.c:1.13
--- src/usr.sbin/npf/npfd/npfd_log.c:1.12 Mon Oct 16 11:17:45 2017
+++ src/usr.sbin/npf/npfd/npfd_log.c Mon Feb 4 08:21:12 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: npfd_log.c,v 1.12 2017/10/16 11:17:45 christos Exp $ */
+/* $NetBSD: npfd_log.c,v 1.13 2019/02/04 08:21:12 mrg Exp $ */
/*-
* Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
-__RCSID("$NetBSD: npfd_log.c,v 1.12 2017/10/16 11:17:45 christos Exp $");
+__RCSID("$NetBSD: npfd_log.c,v 1.13 2019/02/04 08:21:12 mrg Exp $");
#include <sys/types.h>
#include <sys/param.h>
@@ -190,7 +190,9 @@ fix:
rename:
fclose(fp);
char tmp[MAXPATHLEN];
- snprintf(tmp, sizeof(tmp), "%s.XXXXXX", ctx->path);
+ if (snprintf(tmp, sizeof(tmp), "%s.XXXXXX", ctx->path) > MAXPATHLEN)
+ syslog(LOG_ERR, "Temp file truncated: `%s' does not fit",
+ ctx->path);
int fd;
if ((fd = mkstemp(tmp)) == -1) {
syslog(LOG_ERR, "Can't make temp file `%s': %m", tmp);
