Avoid buffer overrun when identifies or filenames are extremely long.

OpenBSD revisions: C.c 1.4-1.5, ctags.c 1.5, fortran.c 1.3, lisp.c 1.3, tree.c 1.2 Obtained from: OpenBSD
2002-05-30 10:54:53 +00:00 · 2002-05-30 10:54:53 +00:00 · 672525700b
commit 672525700b
parent 559ad51949
5 changed files with 37 additions and 14 deletions
--- a/usr.bin/ctags/C.c
+++ b/usr.bin/ctags/C.c
@ -239,7 +239,11 @@ c_entries()
 				sp = tok;
 			}
 			else if (sp != tok || begtoken(c)) {
-				*sp++ = c;
+				if (sp == tok + sizeof tok - 1)
+					/* Too long -- truncate it */
+					*sp = EOS;
+				else 
+					*sp++ = c;
 				token = YES;
 			}
 			continue;
@ -337,7 +341,11 @@ hash_entry()
 			return;
 		if (iswhite(c))
 			break;
-		*sp++ = c;
+		if (sp == tok + sizeof tok - 1)
+			/* Too long -- truncate it */
+			*sp = EOS;
+		else 
+			*sp++ = c;
 	}
 	*sp = EOS;
 	if (memcmp(tok, "define", 6))	/* only interested in #define's */
@ -349,7 +357,11 @@ hash_entry()
 			break;
 	}
 	for (sp = tok;;) {		/* get next token */
-		*sp++ = c;
+		if (sp == tok + sizeof tok - 1)
+			/* Too long -- truncate it */
+			*sp = EOS;
+		else 
+			*sp++ = c;
 		if (GETC(==, EOF))
 			return;
 		/*
@ -391,7 +403,11 @@ str_entry(c)
 	if (c == '{')		/* it was "struct {" */
 		return (YES);
 	for (sp = tok;;) {		/* get next token */
-		*sp++ = c;
+		if (sp == tok + sizeof tok - 1)
+			/* Too long -- truncate it */
+			*sp = EOS;
+		else 
+			*sp++ = c;
 		if (GETC(==, EOF))
 			return (NO);
 		if (!intoken(c))
--- a/usr.bin/ctags/ctags.c
+++ b/usr.bin/ctags/ctags.c
@ -95,7 +95,7 @@ main(argc, argv)
 	int	exit_val;			/* exit value */
 	int	step;				/* step through args */
 	int	ch;				/* getopts char */
-	char	cmd[100];			/* too ugly to explain */
+	char	*cmd;

 	aflag = uflag = NO;
 	while ((ch = getopt(argc, argv, "BFadf:tuwvx")) != -1)
@ -157,11 +157,14 @@ main(argc, argv)
 		else {
 			if (uflag) {
 				for (step = 0; step < argc; step++) {
-					(void)sprintf(cmd,
-						"mv %s OTAGS; fgrep -v '\t%s\t' OTAGS >%s; rm OTAGS",
-							outfile, argv[step],
-							outfile);
+					(void)asprintf(&cmd,
+					    "mv %s OTAGS; fgrep -v '\t%s\t' OTAGS >%s; rm OTAGS",
+					    outfile, argv[step], outfile);
+					if (cmd == NULL)
+						err(1, "out of space");
 					system(cmd);
+					free(cmd);
+					cmd = NULL;
 				}
 				++aflag;
 			}
@ -170,9 +173,13 @@ main(argc, argv)
 			put_entries(head);
 			(void)fclose(outf);
 			if (uflag) {
-				(void)sprintf(cmd, "sort -o %s %s",
-						outfile, outfile);
+				(void)asprintf(&cmd, "sort -o %s %s",
+				    outfile, outfile);
+				if (cmd == NULL)
+					err(1, "out of space");
 				system(cmd);
+				free(cmd);
+				cmd = NULL;
 			}
 		}
 	}
--- a/usr.bin/ctags/fortran.c
+++ b/usr.bin/ctags/fortran.c
@ -127,7 +127,7 @@ PF_funcs()
 		if ((cp = lbp + 1))
 			continue;
 		*cp = EOS;
-		(void)strcpy(tok, lbp);
+		(void)strlcpy(tok, lbp, sizeof(tok));	/* possible trunc */
 		getline();			/* process line for ex(1) */
 		pfnote(tok, lineno);
 		pfcnt = YES;
--- a/usr.bin/ctags/lisp.c
+++ b/usr.bin/ctags/lisp.c
@ -101,7 +101,7 @@ l_entries()
 				continue;
 		savedc = *cp;
 		*cp = EOS;
-		(void)strcpy(tok, lbp);
+		(void)strlcpy(tok, lbp, sizeof(tok));	/* possible trunc */
 		*cp = savedc;
 		getline();
 		pfnote(tok, lineno);
--- a/usr.bin/ctags/tree.c
+++ b/usr.bin/ctags/tree.c
@ -78,7 +78,7 @@ pfnote(name, ln)
 			fp = curfile;
 		else
 			++fp;
-		(void)sprintf(nbuf, "M%s", fp);
+		(void)snprintf(nbuf, sizeof(nbuf), "M%s", fp);
 		fp = strrchr(nbuf, '.');
 		if (fp && !fp[2])
 			*fp = EOS;