bin/74368: Bug in archive code (string is truncated)

[Max Okumoto]

>Number:         74368
>Category:       bin
>Synopsis:       Bug in archive code (string is truncated)
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Nov 25 11:50:25 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator:     Max Okumoto
>Release:        5.2.1
>Organization:
Univ Calif San Diego
>Environment:
FreeBSD oecpc11.ucsd.edu 5.2.1-RELEASE-p12 FreeBSD 5.2.1-RELEASE-p12 #0: Thu Nov 25 01:31:26 PST 2004     root at oecpc11.ucsd.edu:/usr/obj/usr/src/sys/GENERIC  i386

>Description:
Date: 2004/11/14 20:13:12
Author: dillon
Log:
Fix an inverted conditional which could lead to nameBuf being truncated in the later snprintf().

Noticed-by: Max Okumoto <okumoto at home>
    
Members:
        arch.c:1.11->1.12

>How-To-Repeat:

>Fix:
Apply patch.

diff -ru  fbsd-src/make/arch.c dfly-src/make/arch.c
--- arch.c      Mon Nov 15 20:39:53 2004
+++ arch.c      Mon Nov 15 20:39:56 2004
@@ -341,15 +339,17 @@
            char  *member;
            size_t sz = MAXPATHLEN;
            size_t nsz;
+           
            nameBuf = emalloc(sz);

            Dir_Expand(memName, dirSearchPath, members);
            while (!Lst_IsEmpty(members)) {
                member = (char *)Lst_DeQueue(members);
-               nsz = strlen(libName) + strlen(member) + 3;
-               if (sz > nsz)
-                       nameBuf = erealloc(nameBuf, sz = nsz * 2);
-
+               nsz = strlen(libName) + strlen(member) + 3; /* 3 = ()+\0 */
+               if (sz < nsz) {
+                       sz = nsz * 2;
+                       nameBuf = erealloc(nameBuf, sz);
+               }
                snprintf(nameBuf, sz, "%s(%s)", libName, member);
                free(member);
                gn = Targ_FindNode (nameBuf, TARG_CREATE);

>Release-Note:
>Audit-Trail:
>Unformatted: