From 8fb93ac95d6e85fcb6d5f6b223b5ff6c1c6dc53a Mon Sep 17 00:00:00 2001
From: Conrad Meyer <cem@FreeBSD.org>
Date: Sat, 13 Apr 2019 16:51:48 +0000
Subject: [PATCH] hexdump(1): Exit gracefully on format strings missing
 conversion

PR:		237263
Submitted by:	Bojan Petrovic <bojan_petrovic AT fastmail.fm>
---
 usr.bin/hexdump/hexdump.h             |  1 +
 usr.bin/hexdump/parse.c               | 21 ++++++++++++++++++---
 usr.bin/hexdump/tests/hexdump_test.sh | 14 ++++++++++++++
 3 files changed, 33 insertions(+), 3 deletions(-)

diff --git a/usr.bin/hexdump/hexdump.h b/usr.bin/hexdump/hexdump.h
index 8a1d405b87dd..f21e2f240b1e 100644
--- a/usr.bin/hexdump/hexdump.h
+++ b/usr.bin/hexdump/hexdump.h
@@ -88,6 +88,7 @@ void	 addfile(const char *);
 void	 badcnt(const char *);
 void	 badconv(const char *);
 void	 badfmt(const char *);
+void	 badnoconv(void);
 void	 badsfmt(void);
 void	 bpad(PR *);
 void	 conv_c(PR *, u_char *, size_t);
diff --git a/usr.bin/hexdump/parse.c b/usr.bin/hexdump/parse.c
index 1872194241e2..f59f0d9b6356 100644
--- a/usr.bin/hexdump/parse.c
+++ b/usr.bin/hexdump/parse.c
@@ -169,7 +169,10 @@ size(FS *fs)
 			 * skip any special chars -- save precision in
 			 * case it's a %s format.
 			 */
-			while (strchr(spec + 1, *++fmt));
+			while (*++fmt != 0 && strchr(spec + 1, *fmt) != NULL)
+				;
+			if (*fmt == 0)
+				badnoconv();
 			if (*fmt == '.' && isdigit(*++fmt)) {
 				prec = atoi(fmt);
 				while (isdigit(*++fmt));
@@ -241,10 +244,16 @@ rewrite(FS *fs)
 			if (fu->bcnt) {
 				sokay = USEBCNT;
 				/* Skip to conversion character. */
-				for (++p1; strchr(spec, *p1); ++p1);
+				while (*++p1 != 0 && strchr(spec, *p1) != NULL)
+					;
+				if (*p1 == 0)
+					badnoconv();
 			} else {
 				/* Skip any special chars, field width. */
-				while (strchr(spec + 1, *++p1));
+				while (*++p1 != 0 && strchr(spec + 1, *p1) != NULL)
+					;
+				if (*p1 == 0)
+					badnoconv();
 				if (*p1 == '.' && isdigit(*++p1)) {
 					sokay = USEPREC;
 					prec = atoi(p1);
@@ -512,3 +521,9 @@ badconv(const char *ch)
 {
 	errx(1, "%%%s: bad conversion character", ch);
 }
+
+void
+badnoconv(void)
+{
+	errx(1, "missing conversion character");
+}
diff --git a/usr.bin/hexdump/tests/hexdump_test.sh b/usr.bin/hexdump/tests/hexdump_test.sh
index 26e61000523e..0a9ac6c6bda4 100755
--- a/usr.bin/hexdump/tests/hexdump_test.sh
+++ b/usr.bin/hexdump/tests/hexdump_test.sh
@@ -176,6 +176,19 @@ x_flag_body()
 	    hexdump -x "$(atf_get_srcdir)/d_hexdump_c.in"
 }
 
+atf_test_case no_conv_err
+no_conv_err()
+{
+	atf_set "descr" "Verify missing conversion char error handling"
+}
+no_conv_err_body()
+{
+	atf_check -s exit:1 -e ignore \
+	    hexdump -e '"%"'
+	atf_check -s exit:1 -e ignore \
+	    hexdump -e '4/2 "%"'
+}
+
 atf_init_test_cases()
 {
 	atf_add_test_case b_flag
@@ -188,4 +201,5 @@ atf_init_test_cases()
 	atf_add_test_case s_flag
 	atf_add_test_case v_flag
 	atf_add_test_case x_flag
+	atf_add_test_case no_conv_err
 }