Because getlocalbase() returns -1 on error, it needs to use a signed type

internally. Do that, and make sure that conversations between signed and unsigned don't overflow
svn path=/head/; revision=367701
2020-11-15 07:48:52 +00:00 · 2020-11-15 07:48:52 +00:00 · 85a5fe290b · 2020-12-20 02:59:44 +00:00
commit 85a5fe290b
parent b77594bbbf
1 changed files with 12 additions and 5 deletions
--- a/lib/libutil/getlocalbase.c
+++ b/lib/libutil/getlocalbase.c
@ -41,7 +41,7 @@ __FBSDID("$FreeBSD$");
 ssize_t
 getlocalbase(char *path, size_t pathlen)
 {
-	size_t tmplen;
+	ssize_t tmplen;
 	const char *tmppath;

 	if ((pathlen == 0) || (path == NULL)) {
@ -49,13 +49,20 @@ getlocalbase(char *path, size_t pathlen)
 		return (-1);
 	}

+	/* It's unlikely that the buffer would be this big */
+	if (pathlen > SSIZE_MAX) {
+		errno = ENOMEM;
+		return (-1);
+	}
+
 	tmppath = NULL;
-	tmplen = pathlen;
+	tmplen = (size_t)pathlen;
 	if (issetugid() == 0)
 		tmppath = getenv("LOCALBASE");

 	if ((tmppath == NULL) &&
-	    (sysctlbyname("user.localbase", path, &tmplen, NULL, 0) == 0)) {
+	    (sysctlbyname("user.localbase", path, (size_t *)&tmplen, NULL,
+	    0) == 0)) {
 		return (tmplen);
 	}

@ -67,13 +74,13 @@ getlocalbase(char *path, size_t pathlen)
 #endif

 	tmplen = strlcpy(path, tmppath, pathlen);
-	if ((tmplen < 0) || (tmplen >= pathlen)) {
+	if ((tmplen < 0) || (tmplen >= (ssize_t)pathlen)) {
 		errno = ENOMEM;
 		return (-1);
 	}

 	/* It's unlikely that the buffer would be this big */
-	if (tmplen >= SSIZE_MAX) {
+	if (tmplen > SSIZE_MAX) {
 		errno = ENOMEM;
 		return (-1);
 	}