From 43b866b0ed69861df3597a4041cb1a99dd3e733b Mon Sep 17 00:00:00 2001
From: "David E. O'Brien" <obrien@FreeBSD.org>
Date: Sat, 28 Jul 2001 04:44:09 +0000
Subject: [PATCH] The security officer requested this be backed out for
 discussion.

---
 usr.sbin/pkg_install/add/main.c | 36 ++++++++++++++++-----------------
 usr.sbin/pkg_install/lib/str.c  | 14 +++++++++++++
 2 files changed, 32 insertions(+), 18 deletions(-)

diff --git a/usr.sbin/pkg_install/add/main.c b/usr.sbin/pkg_install/add/main.c
index 1c5e4f5a2738..2844bf9a0b06 100644
--- a/usr.sbin/pkg_install/add/main.c
+++ b/usr.sbin/pkg_install/add/main.c
@@ -111,7 +111,7 @@ main(int argc, char **argv)
 	    break;
 
 	case 't':
-	    if (strlcpy(FirstPen, optarg, sizeof(FirstPen)) > sizeof(FirstPen))
+	    if (s_strlcpy(FirstPen, optarg, sizeof(FirstPen)))
 		errx(1, "-t Argument too long.");
 	    break;
 
@@ -145,27 +145,27 @@ main(int argc, char **argv)
     	    if (Remote) {
 		if ((packagesite = getpackagesite()) == NULL)
 		    errx(1, "package name too long");
-		if (strlcpy(temppackageroot, packagesite,
-		    sizeof(temppackageroot)) >= sizeof(temppackageroot))
+		if (s_strlcpy(temppackageroot, packagesite,
+		    sizeof(temppackageroot)))
 		    errx(1, "package name too long");
-		if (strlcat(temppackageroot, *argv,
-		    sizeof(temppackageroot)) >= sizeof(temppackageroot))
+		if (s_strlcat(temppackageroot, *argv,
+		    sizeof(temppackageroot)))
 		    errx(1, "package name too long");
 		remotepkg = temppackageroot;
 		if (!((ptr = strrchr(remotepkg, '.')) && ptr[1] == 't' && 
 			ptr[2] == 'g' && ptr[3] == 'z' && !ptr[4]))
-		    if (strlcat(remotepkg, ".tgz", sizeof(temppackageroot)) >= sizeof(temppackageroot))
+		    if (s_strlcat(remotepkg, ".tgz", sizeof(temppackageroot)))
 			errx(1, "package name too long");
     	    }
 	    if (!strcmp(*argv, "-"))	/* stdin? */
 		pkgs[ch] = "-";
 	    else if (isURL(*argv)) {  	/* preserve URLs */
-		if (strlcpy(pkgnames[ch], *argv, sizeof(pkgnames[ch])) >= sizeof(pkgnames[ch]))
+		if (s_strlcpy(pkgnames[ch], *argv, sizeof(pkgnames[ch])))
 		    errx(1, "package name too long");
 		pkgs[ch] = pkgnames[ch];
 	    }
 	    else if ((Remote) && isURL(remotepkg)) {
-	    	if (strlcpy(pkgnames[ch], remotepkg, sizeof(pkgnames[ch])) >= sizeof(pkgnames[ch]))
+	    	if (s_strlcpy(pkgnames[ch], remotepkg, sizeof(pkgnames[ch])))
 		    errx(1, "package name too long");
 		pkgs[ch] = pkgnames[ch];
 	    } else {			/* expand all pathnames to fullnames */
@@ -174,11 +174,11 @@ main(int argc, char **argv)
 		else {		/* look for the file in the expected places */
 		    if (!(cp = fileFindByPath(NULL, *argv))) {
 			/* let pkg_do() fail later, so that error is reported */
-			if (strlcpy(pkgnames[ch], *argv, sizeof(pkgnames[ch])) >= sizeof(pkgnames[ch]))
+			if (s_strlcpy(pkgnames[ch], *argv, sizeof(pkgnames[ch])))
 			    errx(1, "package name too long");
 			pkgs[ch] = pkgnames[ch];
 		    } else {
-			if (strlcpy(pkgnames[ch], cp, sizeof(pkgnames[ch])) >= sizeof(pkgnames[ch]))
+			if (s_strlcpy(pkgnames[ch], cp, sizeof(pkgnames[ch])))
 			    errx(1, "package name too long");
 			pkgs[ch] = pkgnames[ch];
 		    }
@@ -220,37 +220,37 @@ getpackagesite(void)
     struct utsname u;
 
     if (getenv("PACKAGESITE")) {
-	if (strlcpy(sitepath, getenv("PACKAGESITE"), 
-	    sizeof(sitepath)) >= sizeof(sitepath))
+	if (s_strlcpy(sitepath, getenv("PACKAGESITE"), 
+	    sizeof(sitepath)))
 	    return NULL;
 	return sitepath;
     }
 
     if (getenv("PACKAGEROOT")) {
-	if (strlcpy(sitepath, getenv("PACKAGEROOT"), sizeof(sitepath)) >= sizeof(sitepath))
+	if (s_strlcpy(sitepath, getenv("PACKAGEROOT"), sizeof(sitepath)))
 	    return NULL;
     } else {
-	if (strlcat(sitepath, "ftp://ftp.freebsd.org", sizeof(sitepath)) >= sizeof(sitepath))
+	if (s_strlcat(sitepath, "ftp://ftp.freebsd.org", sizeof(sitepath)))
 	    return NULL;
     }
 
-    if (strlcat(sitepath, "/pub/FreeBSD/ports/", sizeof(sitepath)) >= sizeof(sitepath))
+    if (s_strlcat(sitepath, "/pub/FreeBSD/ports/", sizeof(sitepath)))
 	return NULL;
 
     uname(&u);
-    if (strlcat(sitepath, u.machine, sizeof(sitepath)) >= sizeof(sitepath))
+    if (s_strlcat(sitepath, u.machine, sizeof(sitepath)))
 	return NULL;
 
     reldate = getosreldate();
     for(i = 0; releases[i].directory != NULL; i++) {
 	if (reldate >= releases[i].lowver && reldate <= releases[i].hiver) {
-	    if (strlcat(sitepath, releases[i].directory, sizeof(sitepath)) >= sizeof(sitepath))
+	    if (s_strlcat(sitepath, releases[i].directory, sizeof(sitepath)))
 		return NULL;
 	    break;
 	}
     }
 
-    if (strlcat(sitepath, "/Latest/", sizeof(sitepath)) >= sizeof(sitepath))
+    if (s_strlcat(sitepath, "/Latest/", sizeof(sitepath)))
 	return NULL;
 
     return sitepath;
diff --git a/usr.sbin/pkg_install/lib/str.c b/usr.sbin/pkg_install/lib/str.c
index c5f11a290fc9..55ff78282d2a 100644
--- a/usr.sbin/pkg_install/lib/str.c
+++ b/usr.sbin/pkg_install/lib/str.c
@@ -61,6 +61,20 @@ get_dash_string(char **str)
     return *str;
 }
 
+/* Do a strlcpy and test for overflow */
+int
+s_strlcpy(char *dst, const char *src, size_t size)
+{
+	return (strlcpy(dst, src, size) >= size);
+}
+
+/* Do a strlcat and test for overflow */
+int
+s_strlcat(char *dst, const char *src, size_t size)
+{
+	return (strlcat(dst, src, size) >= size);
+}
+
 /* Rather Obvious */
 char *
 copy_string(char *str)