From 777c9f5a38100652ba864ebf2cf20127d41aade7 Mon Sep 17 00:00:00 2001
From: Mark Johnston <markj@FreeBSD.org>
Date: Mon, 10 Aug 2020 17:01:59 +0000
Subject: [PATCH] fortune, strfile: Improve validation of command-line
 arguments.

- Avoid potential overflow when parsing a percentage.
- Avoid truncation when copying file paths.

PR:		246050
Submitted by:	Akos Somfai <akos.somfai@gmail.com> (original)
MFC after:	1 week
---
 usr.bin/fortune/fortune/fortune.c |  9 +++++----
 usr.bin/fortune/strfile/strfile.c | 18 ++++++++++++++----
 2 files changed, 19 insertions(+), 8 deletions(-)

diff --git a/usr.bin/fortune/fortune/fortune.c b/usr.bin/fortune/fortune/fortune.c
index af408d6dff1d..724fb4a2372e 100644
--- a/usr.bin/fortune/fortune/fortune.c
+++ b/usr.bin/fortune/fortune/fortune.c
@@ -400,11 +400,12 @@ form_file_list(char **files, int file_cnt)
 			sp = files[i];
 		else {
 			percent = 0;
-			for (sp = files[i]; isdigit((unsigned char)*sp); sp++)
+			for (sp = files[i]; isdigit((unsigned char)*sp); sp++) {
 				percent = percent * 10 + *sp - '0';
-			if (percent > 100) {
-				fprintf(stderr, "percentages must be <= 100\n");
-				return (FALSE);
+				if (percent > 100) {
+					fprintf(stderr, "percentages must be <= 100\n");
+					return (FALSE);
+				}
 			}
 			if (*sp == '.') {
 				fprintf(stderr, "percentages must be integers\n");
diff --git a/usr.bin/fortune/strfile/strfile.c b/usr.bin/fortune/strfile/strfile.c
index ce28e274fd55..f6cda6cd3900 100644
--- a/usr.bin/fortune/strfile/strfile.c
+++ b/usr.bin/fortune/strfile/strfile.c
@@ -295,16 +295,26 @@ getargs(int argc, char **argv)
 
 	if (*argv) {
 		Infile = *argv;
-		if (*++argv)
-			strcpy(Outfile, *argv);
+		if (*++argv) {
+			if (strlcpy(Outfile, *argv, sizeof(Outfile)) >=
+			    sizeof(Outfile)) {
+				fprintf(stderr,
+				    "output_file path is too long\n");
+				exit(1);
+			}
+		}
 	}
 	if (!Infile) {
 		puts("No input file name");
 		usage();
 	}
 	if (*Outfile == '\0') {
-		strlcpy(Outfile, Infile, sizeof(Outfile));
-		strlcat(Outfile, ".dat", sizeof(Outfile));
+		if ((size_t)snprintf(Outfile, sizeof(Outfile), "%s.dat",
+		    Infile) >= sizeof(Outfile)) {
+			fprintf(stderr,
+			    "generated output_file path is too long\n");
+			exit(1);
+		}
 	}
 }