Fix buffer overflows in filenames. If you had a path > 80 characters

for your /usr/obj/path/to/my/files path to the kernel, then weird things happened. make buildkernel would fail because config was dumping core or generating bad file names (depending on the lenght of the path). While I was here, also use strlcpy, strlcat and snprintf (or asprintf) as necessary. Minor format policing for the snprintf calls as well.
svn path=/head/; revision=69004
2000-11-21 19:58:55 +00:00 · 2000-11-21 19:58:55 +00:00 · faa913d76d · 2020-12-20 02:59:44 +00:00
commit faa913d76d
parent 5855006767
4 changed files with 31 additions and 28 deletions
--- a/usr.sbin/config/main.c
+++ b/usr.sbin/config/main.c
@ -96,7 +96,7 @@ main(int argc, char **argv)
 		switch (ch) {
 		case 'd':
 			if (*destdir == '\0')
-				strcpy(destdir, optarg);
+				strlcpy(destdir, optarg, sizeof(destdir));
 			else
 				errx(2, "directory already set");
 			break;
@ -133,8 +133,8 @@ main(int argc, char **argv)
 			destdir[--len] = '\0';
 		get_srcdir();
 	} else {
-		strcpy(destdir, CDIR);
-		strcat(destdir, PREFIX);
+		strlcpy(destdir, CDIR, sizeof(destdir));
+		strlcat(destdir, PREFIX, sizeof(destdir));
 	}

 	p = path((char *)NULL);
@ -181,7 +181,7 @@ main(int argc, char **argv)
 	 * and similarly for "machine".
 	 */
 	{
-	char xxx[80];
+	char xxx[MAXPATHLEN];
 	if (*srcdir == '\0')
 		(void)snprintf(xxx, sizeof(xxx), "../../%s/include",
 		    machinename);
@ -343,14 +343,12 @@ get_quoted_word(FILE *fp)
 char *
 path(char *file)
 {
-	char *cp;
+	char *cp = NULL;

-	cp = malloc((size_t)(strlen(destdir) + (file ? strlen(file) : 0) + 2));
-	(void) strcpy(cp, destdir);
-	if (file) {
-		(void) strcat(cp, "/");
-		(void) strcat(cp, file);
-	}
+	if (file)
+		asprintf(&cp, "%s/%s", destdir, file);
+	else
+		cp = strdup(destdir);
 	return (cp);
 }

--- a/usr.sbin/config/mkheaders.c
+++ b/usr.sbin/config/mkheaders.c
@ -47,6 +47,7 @@ static const char rcsid[] =
 #include <err.h>
 #include <stdio.h>
 #include <string.h>
+#include <sys/param.h>
 #include "config.h"
 #include "y.tab.h"

@ -189,10 +190,9 @@ do_header(char *dev, int count)
 static char *
 toheader(char *dev)
 {
-	static char hbuf[80];
+	static char hbuf[MAXPATHLEN];

-	(void) strcpy(hbuf, path(dev));
-	(void) strcat(hbuf, ".h");
+	snprintf(hbuf, sizeof(hbuf), "%s.h", path(dev));
 	return (hbuf);
 }

--- a/usr.sbin/config/mkmakefile.c
+++ b/usr.sbin/config/mkmakefile.c
@ -49,6 +49,7 @@ static const char rcsid[] =
 #include <err.h>
 #include <stdio.h>
 #include <string.h>
+#include <sys/param.h>
 #include "y.tab.h"
 #include "config.h"
 #include "configvers.h"
@ -286,7 +287,7 @@ read_files(void)
 	struct device *save_dp;
 	struct opt *op;
 	char *wd, *this, *needs, *special, *depends, *clean, *warn;
-	char fname[80];
+	char fname[MAXPATHLEN];
 	int ddwarned = 0;
 	int nreqs, first = 1, configdep, isdup, std, filetype,
 	    imp_rule, no_obj, needcount, before_depend, mandatory;
@ -297,7 +298,7 @@ read_files(void)
 		printf("no ident line specified\n");
 		exit(1);
 	}
-	(void) snprintf(fname, sizeof fname, "../../conf/files");
+	(void) snprintf(fname, sizeof(fname), "../../conf/files");
 openit:
 	fp = fopen(fname, "r");
 	if (fp == 0)
@ -316,16 +317,19 @@ read_files(void)
 		(void) fclose(fp);
 		if (first == 1) {
 			first++;
-			(void) snprintf(fname, sizeof fname, "../../conf/files.%s", machinename);
+			(void) snprintf(fname, sizeof(fname),
+			    "../../conf/files.%s", machinename);
 			fp = fopen(fname, "r");
 			if (fp != 0)
 				goto next;
-			(void) snprintf(fname, sizeof fname, "files.%s", machinename);
+			(void) snprintf(fname, sizeof(fname),
+			    "files.%s", machinename);
 			goto openit;
 		}
 		if (first == 2) {
 			first++;
-			(void) snprintf(fname, sizeof fname, "files.%s", raisestr(ident));
+			(void) snprintf(fname, sizeof(fname),
+			    "files.%s", raisestr(ident));
 			fp = fopen(fname, "r");
 			if (fp != 0)
 				goto next;
--- a/usr.sbin/config/mkoptions.c
+++ b/usr.sbin/config/mkoptions.c
@ -48,6 +48,7 @@ static const char rcsid[] =
 #include <err.h>
 #include <stdio.h>
 #include <string.h>
+#include <sys/param.h>
 #include "config.h"
 #include "y.tab.h"

@ -274,21 +275,21 @@ do_option(char *name)
 static char *
 tooption(char *name)
 {
-	static char hbuf[80];
-	char nbuf[80];
+	static char hbuf[MAXPATHLEN];
+	char nbuf[MAXPATHLEN];
 	struct opt_list *po;

 	/* "cannot happen"?  the otab list should be complete.. */
-	(void) strcpy(nbuf, "options.h");
+	(void) strlcpy(nbuf, "options.h", sizeof(nbuf));

 	for (po = otab ; po != 0; po = po->o_next) {
 		if (eq(po->o_name, name)) {
-			strcpy(nbuf, po->o_file);
+			strlcpy(nbuf, po->o_file, sizeof(nbuf));
 			break;
 		}
 	}

-	(void) strcpy(hbuf, path(nbuf));
+	(void) strlcpy(hbuf, path(nbuf), sizeof(hbuf));
 	return (hbuf);
 }

@ -299,18 +300,18 @@ static void
 read_options(void)
 {
 	FILE *fp;
-	char fname[80];
+	char fname[MAXPATHLEN];
 	char *wd, *this, *val;
 	struct opt_list *po;
 	int first = 1;
-	char genopt[80];
+	char genopt[MAXPATHLEN];

 	otab = 0;
 	if (ident == NULL) {
 		printf("no ident line specified\n");
 		exit(1);
 	}
-	(void) snprintf(fname, sizeof fname, "../../conf/options");
+	(void) snprintf(fname, sizeof(fname), "../../conf/options");
 openit:
 	fp = fopen(fname, "r");
 	if (fp == 0) {
@ -352,7 +353,7 @@ read_options(void)
 		return;
 	if (val == 0) {
 		char *s = ns(this);
-		(void) snprintf(genopt, sizeof genopt, "opt_%s.h", lower(s));
+		(void) snprintf(genopt, sizeof(genopt), "opt_%s.h", lower(s));
 		val = genopt;
 		free(s);
 	}