svn commit: r364298 - in stable/12/usr.bin/fortune: fortune strfile

Mon, 17 Aug 2020 05:39:22 -0700 

Author: markj
Date: Mon Aug 17 12:38:35 2020
New Revision: 364298
URL: https://svnweb.freebsd.org/changeset/base/364298

Log:
  MFC r364083:
  fortune, strfile: Improve validation of command-line arguments.
  
  PR:   246050

Modified:
  stable/12/usr.bin/fortune/fortune/fortune.c
  stable/12/usr.bin/fortune/strfile/strfile.c
Directory Properties:
  stable/12/   (props changed)

Modified: stable/12/usr.bin/fortune/fortune/fortune.c
==============================================================================
--- stable/12/usr.bin/fortune/fortune/fortune.c Mon Aug 17 10:51:03 2020        
(r364297)
+++ stable/12/usr.bin/fortune/fortune/fortune.c Mon Aug 17 12:38:35 2020        
(r364298)
@@ -400,11 +400,12 @@ form_file_list(char **files, int file_cnt)
                        sp = files[i];
                else {
                        percent = 0;
-                       for (sp = files[i]; isdigit((unsigned char)*sp); sp++)
+                       for (sp = files[i]; isdigit((unsigned char)*sp); sp++) {
                                percent = percent * 10 + *sp - '0';
-                       if (percent > 100) {
-                               fprintf(stderr, "percentages must be <= 100\n");
-                               return (FALSE);
+                               if (percent > 100) {
+                                       fprintf(stderr, "percentages must be <= 
100\n");
+                                       return (FALSE);
+                               }
                        }
                        if (*sp == '.') {
                                fprintf(stderr, "percentages must be 
integers\n");

Modified: stable/12/usr.bin/fortune/strfile/strfile.c
==============================================================================
--- stable/12/usr.bin/fortune/strfile/strfile.c Mon Aug 17 10:51:03 2020        
(r364297)
+++ stable/12/usr.bin/fortune/strfile/strfile.c Mon Aug 17 12:38:35 2020        
(r364298)
@@ -295,16 +295,26 @@ getargs(int argc, char **argv)
 
        if (*argv) {
                Infile = *argv;
-               if (*++argv)
-                       strcpy(Outfile, *argv);
+               if (*++argv) {
+                       if (strlcpy(Outfile, *argv, sizeof(Outfile)) >=
+                           sizeof(Outfile)) {
+                               fprintf(stderr,
+                                   "output_file path is too long\n");
+                               exit(1);
+                       }
+               }
        }
        if (!Infile) {
                puts("No input file name");
                usage();
        }
        if (*Outfile == '\0') {
-               strlcpy(Outfile, Infile, sizeof(Outfile));
-               strlcat(Outfile, ".dat", sizeof(Outfile));
+               if ((size_t)snprintf(Outfile, sizeof(Outfile), "%s.dat",
+                   Infile) >= sizeof(Outfile)) {
+                       fprintf(stderr,
+                           "generated output_file path is too long\n");
+                       exit(1);
+               }
        }
 }
 
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Reply via email to