svn commit: r364083 - in head/usr.bin/fortune: fortune strfile

Mark Johnston markj at FreeBSD.org
Mon Aug 10 17:02:00 UTC 2020 

Author: markj
Date: Mon Aug 10 17:01:59 2020
New Revision: 364083
URL: https://svnweb.freebsd.org/changeset/base/364083

Log:
  fortune, strfile: Improve validation of command-line arguments.
  
  - Avoid potential overflow when parsing a percentage.
  - Avoid truncation when copying file paths.
  
  PR:		246050
  Submitted by:	Akos Somfai <akos.somfai at gmail.com> (original)
  MFC after:	1 week

Modified:
  head/usr.bin/fortune/fortune/fortune.c
  head/usr.bin/fortune/strfile/strfile.c

Modified: head/usr.bin/fortune/fortune/fortune.c
==============================================================================
--- head/usr.bin/fortune/fortune/fortune.c	Mon Aug 10 16:58:05 2020	(r364082)
+++ head/usr.bin/fortune/fortune/fortune.c	Mon Aug 10 17:01:59 2020	(r364083)
@@ -400,11 +400,12 @@ form_file_list(char **files, int file_cnt)
 			sp = files[i];
 		else {
 			percent = 0;
-			for (sp = files[i]; isdigit((unsigned char)*sp); sp++)
+			for (sp = files[i]; isdigit((unsigned char)*sp); sp++) {
 				percent = percent * 10 + *sp - '0';
-			if (percent > 100) {
-				fprintf(stderr, "percentages must be <= 100\n");
-				return (FALSE);
+				if (percent > 100) {
+					fprintf(stderr, "percentages must be <= 100\n");
+					return (FALSE);
+				}
 			}
 			if (*sp == '.') {
 				fprintf(stderr, "percentages must be integers\n");

Modified: head/usr.bin/fortune/strfile/strfile.c
==============================================================================
--- head/usr.bin/fortune/strfile/strfile.c	Mon Aug 10 16:58:05 2020	(r364082)
+++ head/usr.bin/fortune/strfile/strfile.c	Mon Aug 10 17:01:59 2020	(r364083)
@@ -295,16 +295,26 @@ getargs(int argc, char **argv)
 
 	if (*argv) {
 		Infile = *argv;
-		if (*++argv)
-			strcpy(Outfile, *argv);
+		if (*++argv) {
+			if (strlcpy(Outfile, *argv, sizeof(Outfile)) >=
+			    sizeof(Outfile)) {
+				fprintf(stderr,
+				    "output_file path is too long\n");
+				exit(1);
+			}
+		}
 	}
 	if (!Infile) {
 		puts("No input file name");
 		usage();
 	}
 	if (*Outfile == '\0') {
-		strlcpy(Outfile, Infile, sizeof(Outfile));
-		strlcat(Outfile, ".dat", sizeof(Outfile));
+		if ((size_t)snprintf(Outfile, sizeof(Outfile), "%s.dat",
+		    Infile) >= sizeof(Outfile)) {
+			fprintf(stderr,
+			    "generated output_file path is too long\n");
+			exit(1);
+		}
 	}
 }

More information about the svn-src-head mailing list