On Fri, Dec 18, 2020 at 11:42:38AM +0100, Claudio Jeker wrote: > On Thu, Dec 03, 2020 at 02:33:03PM +0100, Claudio Jeker wrote: > > Use asprintf with %.*s to construct the path based on the mft file > > location and the filename of the referenced file. > > > > Since the * field in printf(3) is expecting an int type, typecast the > > ptrdiff_t to an int. Add an assert check to make sure there is no > > overflow. Also do the same overflow check in mft.c where the same idiom is > > used. > > > > Maybe some PATH_MAX checks should be placed in the mft parser. > > Ping
ok tb > > -- > :wq Claudio > > Index: main.c > =================================================================== > RCS file: /cvs/src/usr.sbin/rpki-client/main.c,v > retrieving revision 1.85 > diff -u -p -r1.85 main.c > --- main.c 2 Dec 2020 15:31:15 -0000 1.85 > +++ main.c 3 Dec 2020 12:25:24 -0000 > @@ -451,23 +451,16 @@ static void > queue_add_from_mft(int fd, struct entityq *q, const char *mft, > const struct mftfile *file, enum rtype type, size_t *eid) > { > - size_t sz; > char *cp, *nfile; > > /* Construct local path from filename. */ > - > - sz = strlen(file->file) + strlen(mft); > - if ((nfile = calloc(sz + 1, 1)) == NULL) > - err(1, "calloc"); > - > /* We know this is host/module/... */ > > - strlcpy(nfile, mft, sz + 1); > - cp = strrchr(nfile, '/'); > + cp = strrchr(mft, '/'); > assert(cp != NULL); > - cp++; > - *cp = '\0'; > - strlcat(nfile, file->file, sz + 1); > + assert(cp - mft < INT_MAX); > + if (asprintf(&nfile, "%.*s/%s", (int)(cp - mft), mft, file->file) == -1) > + err(1, "asprintf"); > > /* > * Since we're from the same directory as the MFT file, we know > Index: mft.c > =================================================================== > RCS file: /cvs/src/usr.sbin/rpki-client/mft.c,v > retrieving revision 1.19 > diff -u -p -r1.19 mft.c > --- mft.c 6 Nov 2020 04:22:18 -0000 1.19 > +++ mft.c 3 Dec 2020 12:37:15 -0000 > @@ -17,6 +17,7 @@ > > #include <assert.h> > #include <err.h> > +#include <limits.h> > #include <stdarg.h> > #include <stdint.h> > #include <fcntl.h> > @@ -457,6 +458,7 @@ mft_validfilehash(const char *fn, const > /* Check hash of file now, but first build path for it */ > cp = strrchr(fn, '/'); > assert(cp != NULL); > + assert(cp - fn < INT_MAX); > if (asprintf(&path, "%.*s/%s", (int)(cp - fn), fn, m->file) == -1) > err(1, "asprintf"); >