From e58bac2e7f476c96dab28c9d5eb438effeb65f21 Mon Sep 17 00:00:00 2001 From: "Tim J. Robbins" Date: Thu, 30 May 2002 10:54:53 +0000 Subject: [PATCH] Avoid buffer overrun when identifies or filenames are extremely long. OpenBSD revisions: C.c 1.4-1.5, ctags.c 1.5, fortran.c 1.3, lisp.c 1.3, tree.c 1.2 Obtained from: OpenBSD --- usr.bin/ctags/C.c | 24 ++++++++++++++++++++---- usr.bin/ctags/ctags.c | 21 ++++++++++++++------- usr.bin/ctags/fortran.c | 2 +- usr.bin/ctags/lisp.c | 2 +- usr.bin/ctags/tree.c | 2 +- 5 files changed, 37 insertions(+), 14 deletions(-) diff --git a/usr.bin/ctags/C.c b/usr.bin/ctags/C.c index 592ea37dfacc..c275b9fec112 100644 --- a/usr.bin/ctags/C.c +++ b/usr.bin/ctags/C.c @@ -239,7 +239,11 @@ c_entries() sp = tok; } else if (sp != tok || begtoken(c)) { - *sp++ = c; + if (sp == tok + sizeof tok - 1) + /* Too long -- truncate it */ + *sp = EOS; + else + *sp++ = c; token = YES; } continue; @@ -337,7 +341,11 @@ hash_entry() return; if (iswhite(c)) break; - *sp++ = c; + if (sp == tok + sizeof tok - 1) + /* Too long -- truncate it */ + *sp = EOS; + else + *sp++ = c; } *sp = EOS; if (memcmp(tok, "define", 6)) /* only interested in #define's */ @@ -349,7 +357,11 @@ hash_entry() break; } for (sp = tok;;) { /* get next token */ - *sp++ = c; + if (sp == tok + sizeof tok - 1) + /* Too long -- truncate it */ + *sp = EOS; + else + *sp++ = c; if (GETC(==, EOF)) return; /* @@ -391,7 +403,11 @@ str_entry(c) if (c == '{') /* it was "struct {" */ return (YES); for (sp = tok;;) { /* get next token */ - *sp++ = c; + if (sp == tok + sizeof tok - 1) + /* Too long -- truncate it */ + *sp = EOS; + else + *sp++ = c; if (GETC(==, EOF)) return (NO); if (!intoken(c)) diff --git a/usr.bin/ctags/ctags.c b/usr.bin/ctags/ctags.c index 2acf58f8852d..2461ebc0fead 100644 --- a/usr.bin/ctags/ctags.c +++ b/usr.bin/ctags/ctags.c @@ -95,7 +95,7 @@ main(argc, argv) int exit_val; /* exit value */ int step; /* step through args */ int ch; /* getopts char */ - char cmd[100]; /* too ugly to explain */ + char *cmd; aflag = uflag = NO; while ((ch = getopt(argc, argv, "BFadf:tuwvx")) != -1) @@ -157,11 +157,14 @@ main(argc, argv) else { if (uflag) { for (step = 0; step < argc; step++) { - (void)sprintf(cmd, - "mv %s OTAGS; fgrep -v '\t%s\t' OTAGS >%s; rm OTAGS", - outfile, argv[step], - outfile); + (void)asprintf(&cmd, + "mv %s OTAGS; fgrep -v '\t%s\t' OTAGS >%s; rm OTAGS", + outfile, argv[step], outfile); + if (cmd == NULL) + err(1, "out of space"); system(cmd); + free(cmd); + cmd = NULL; } ++aflag; } @@ -170,9 +173,13 @@ main(argc, argv) put_entries(head); (void)fclose(outf); if (uflag) { - (void)sprintf(cmd, "sort -o %s %s", - outfile, outfile); + (void)asprintf(&cmd, "sort -o %s %s", + outfile, outfile); + if (cmd == NULL) + err(1, "out of space"); system(cmd); + free(cmd); + cmd = NULL; } } } diff --git a/usr.bin/ctags/fortran.c b/usr.bin/ctags/fortran.c index 89b3d853d1b7..614284537090 100644 --- a/usr.bin/ctags/fortran.c +++ b/usr.bin/ctags/fortran.c @@ -127,7 +127,7 @@ PF_funcs() if ((cp = lbp + 1)) continue; *cp = EOS; - (void)strcpy(tok, lbp); + (void)strlcpy(tok, lbp, sizeof(tok)); /* possible trunc */ getline(); /* process line for ex(1) */ pfnote(tok, lineno); pfcnt = YES; diff --git a/usr.bin/ctags/lisp.c b/usr.bin/ctags/lisp.c index b00a2a8caee9..9c94a690e4aa 100644 --- a/usr.bin/ctags/lisp.c +++ b/usr.bin/ctags/lisp.c @@ -101,7 +101,7 @@ l_entries() continue; savedc = *cp; *cp = EOS; - (void)strcpy(tok, lbp); + (void)strlcpy(tok, lbp, sizeof(tok)); /* possible trunc */ *cp = savedc; getline(); pfnote(tok, lineno); diff --git a/usr.bin/ctags/tree.c b/usr.bin/ctags/tree.c index 7e8ddeeb2611..9dc20218925a 100644 --- a/usr.bin/ctags/tree.c +++ b/usr.bin/ctags/tree.c @@ -78,7 +78,7 @@ pfnote(name, ln) fp = curfile; else ++fp; - (void)sprintf(nbuf, "M%s", fp); + (void)snprintf(nbuf, sizeof(nbuf), "M%s", fp); fp = strrchr(nbuf, '.'); if (fp && !fp[2]) *fp = EOS;