fortune, strfile: Improve validation of command-line arguments.

- Avoid potential overflow when parsing a percentage. - Avoid truncation when copying file paths. PR: 246050 Submitted by: Akos Somfai <akos.somfai@gmail.com> (original) MFC after: 1 week
2020-08-10 17:01:59 +00:00 · 2020-08-10 17:01:59 +00:00 · 777c9f5a38
commit 777c9f5a38
parent a08d04f4e4
2 changed files with 19 additions and 8 deletions
--- a/usr.bin/fortune/fortune/fortune.c
+++ b/usr.bin/fortune/fortune/fortune.c
@ -400,11 +400,12 @@ form_file_list(char **files, int file_cnt)
 			sp = files[i];
 		else {
 			percent = 0;
-			for (sp = files[i]; isdigit((unsigned char)*sp); sp++)
+			for (sp = files[i]; isdigit((unsigned char)*sp); sp++) {
 				percent = percent * 10 + *sp - '0';
-			if (percent > 100) {
-				fprintf(stderr, "percentages must be <= 100\n");
-				return (FALSE);
+				if (percent > 100) {
+					fprintf(stderr, "percentages must be <= 100\n");
+					return (FALSE);
+				}
 			}
 			if (*sp == '.') {
 				fprintf(stderr, "percentages must be integers\n");
--- a/usr.bin/fortune/strfile/strfile.c
+++ b/usr.bin/fortune/strfile/strfile.c
@ -295,16 +295,26 @@ getargs(int argc, char **argv)

 	if (*argv) {
 		Infile = *argv;
-		if (*++argv)
-			strcpy(Outfile, *argv);
+		if (*++argv) {
+			if (strlcpy(Outfile, *argv, sizeof(Outfile)) >=
+			    sizeof(Outfile)) {
+				fprintf(stderr,
+				    "output_file path is too long\n");
+				exit(1);
+			}
+		}
 	}
 	if (!Infile) {
 		puts("No input file name");
 		usage();
 	}
 	if (*Outfile == '\0') {
-		strlcpy(Outfile, Infile, sizeof(Outfile));
-		strlcat(Outfile, ".dat", sizeof(Outfile));
+		if ((size_t)snprintf(Outfile, sizeof(Outfile), "%s.dat",
+		    Infile) >= sizeof(Outfile)) {
+			fprintf(stderr,
+			    "generated output_file path is too long\n");
+			exit(1);
+		}
 	}
 }