Re: Proposed patch for PR misc/18466

2000-05-14 Thread Assar Westerlund 

Matthew Dillon [EMAIL PROTECTED] writes:
 Index: anonFTP.c
 ===
 RCS file: /home/ncvs/src/release/sysinstall/anonFTP.c,v
 retrieving revision 1.29
 diff -u -r1.29 anonFTP.c
 --- anonFTP.c 2000/01/25 19:16:31 1.29
 +++ anonFTP.c 2000/05/14 17:44:11
 @@ -217,7 +217,7 @@
  SAFE_STRCPY(tconf.upload, FTP_UPLOAD);
  SAFE_STRCPY(tconf.comment, FTP_COMMENT);
  SAFE_STRCPY(tconf.homedir, FTP_HOMEDIR);

why not call strlcpy instead of the SAFE_STRCPY macro that calls the
sstrncpy and the strncpy?

 Index: config.c
 ===
 RCS file: /home/ncvs/src/release/sysinstall/config.c,v
 retrieving revision 1.156.2.1
 diff -u -r1.156.2.1 config.c
 --- config.c  2000/03/30 08:12:02 1.156.2.1
 +++ config.c  2000/05/14 17:46:38
 @@ -373,8 +375,8 @@
  FILE *fp;
  
  if (!file_readable(config)) {
 - char *line = malloc(21);
 - sprintf(line, "USA_RESIDENT=%s\n", USAResident ? "YES" : "NO");
 + char *line = malloc(URMSIZE);
 + snprintf(line, URMSIZE, "USA_RESIDENT=%s\n", USAResident ? "YES" : "NO");
   lines[0] = line;
   nlines = 1;
  }

Why not call asprintf/safe_asprintf here?

 Index: misc.c
 ===
 RCS file: /home/ncvs/src/release/sysinstall/misc.c,v
 retrieving revision 1.40
 diff -u -r1.40 misc.c
 --- misc.c1999/11/27 14:33:07 1.40
 +++ misc.c2000/05/14 17:55:41
 @@ -34,6 +34,7 @@
  #include "sysinstall.h"
  #include ctype.h
  #include unistd.h
 +#include stdarg.h
  #include sys/stat.h
  #include sys/errno.h
  #include sys/file.h
 @@ -209,6 +210,17 @@
  if (!ptr)
   msgFatal("Out of memory!");
  return ptr;
 +}
 +
 +void
 +safe_asprintf(char **pptr, const char *ctl, ...)
 +{
 +va_list va;
 +
 +va_start(va, ctl);
 +if (vasprintf(pptr, ctl, va)  0)
 + msgFatal("Out of memory!");
 +va_end(va);
  }
  /* Create a path biased from the VAR_INSTALL_ROOT variable (if not /) */

It would seem to me a good idea to make a v-version of this function,
even if there's no place right now that wants to call it.

/assar


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Proposed patch for PR misc/18466

2000-05-14 Thread Matthew Dillon 

This is a general bounded-buffer patch for sysinstall plus it fixes
PR misc/18466 (limited 'device name' size screws up FTP installs).
It does not fix all the potential buffer overflows -- there are still
a lot of strcpy's, but it gets half way there with the introduction
and use of safe_asprintf().

My recommendation is that (eventually) the entire program use asprintf
rather then statically-bounded buffers to hold things.

I don't have time to test this extensively so if the maintainer of
sysinstall wants it (I believe that's you, Jordan!), you'll need to
review it and perhaps test it a little then give me the commit goahead.

Note that simply increasing the DEV_NAME_MAX as a quick solution is
not safe, there are a couple of places where an unbounded sprintf() 
was being used with the device name as an argument.

-Matt

Index: anonFTP.c
===
RCS file: /home/ncvs/src/release/sysinstall/anonFTP.c,v
retrieving revision 1.29
diff -u -r1.29 anonFTP.c
--- anonFTP.c   2000/01/25 19:16:31 1.29
+++ anonFTP.c   2000/05/14 17:44:11
@@ -168,7 +168,7 @@
return DITEM_SUCCESS;   /* succeeds if already exists */
 }
 
-sprintf(pwline, "%s:*:%s:%d::0:0:%s:%s:/nonexistent\n", FTP_NAME, tconf.uid, gid, 
tconf.comment, tconf.homedir);
+snprintf(pwline, sizeof(pwline), "%s:*:%s:%d::0:0:%s:%s:/nonexistent\n", 
+FTP_NAME, tconf.uid, gid, tconf.comment, tconf.homedir);
 
 fptr = fopen(_PATH_MASTERPASSWD,"a");
 if (! fptr) {
@@ -207,7 +207,7 @@
 ANONFTP_DIALOG_HEIGHT - 11, ANONFTP_DIALOG_WIDTH - 17,
 dialog_attr, border_attr);
 wattrset(ds_win, dialog_attr);
-sprintf(title, " Path Configuration ");
+snprintf(title, sizeof(title), " Path Configuration ");
 mvwaddstr(ds_win, ANONFTP_DIALOG_Y + 7, ANONFTP_DIALOG_X + 22, title);
 
 /** Initialize the config Data Structure **/
@@ -217,7 +217,7 @@
 SAFE_STRCPY(tconf.upload, FTP_UPLOAD);
 SAFE_STRCPY(tconf.comment, FTP_COMMENT);
 SAFE_STRCPY(tconf.homedir, FTP_HOMEDIR);
-sprintf(tconf.uid, "%d", FTP_UID);
+snprintf(tconf.uid, sizeof(tconf.uid), "%d", FTP_UID);
 
 /* Some more initialisation before we go into the main input loop */
 obj = initLayoutDialog(ds_win, layout, ANONFTP_DIALOG_X, ANONFTP_DIALOG_Y, max);
@@ -250,7 +250,7 @@
 
 /*** Use defaults for any invalid values ***/
 if (atoi(tconf.uid) = 0)
-   sprintf(tconf.uid, "%d", FTP_UID);
+   snprintf(tconf.uid, sizeof(tconf.uid), "%d", FTP_UID);
 
 if (!tconf.group[0])
SAFE_STRCPY(tconf.group, FTP_GROUP);
@@ -296,7 +296,7 @@
if (!msgYesNo("Create a welcome message file for anonymous FTP users?")) {
char cmd[256];
vsystem("echo Your welcome message here.  %s/etc/%s", tconf.homedir, 
MOTD_FILE);
-   sprintf(cmd, "%s %s/etc/%s", variable_get(VAR_EDITOR), tconf.homedir, 
MOTD_FILE);
+   snprintf(cmd, sizeof(cmd), "%s %s/etc/%s", variable_get(VAR_EDITOR), 
+tconf.homedir, MOTD_FILE);
if (!systemExecute(cmd))
i = DITEM_SUCCESS;
else
Index: config.c
===
RCS file: /home/ncvs/src/release/sysinstall/config.c,v
retrieving revision 1.156.2.1
diff -u -r1.156.2.1 config.c
--- config.c2000/03/30 08:12:02 1.156.2.1
+++ config.c2000/05/14 17:46:38
@@ -238,11 +238,11 @@
 for (i = 0; i  cnt; i++) {
char cdname[10];

-   sprintf(cdname, "/cdrom%s", i ? itoa(i) : "");
+   snprintf(cdname, sizeof(cdname), "/cdrom%s", i ? itoa(i) : "");
if (Mkdir(cdname))
msgConfirm("Unable to make mount point for: %s", cdname);
else
-   fprintf(fstab, "/dev/%s\t\t%s\tcd9660\tro,noauto\t0\t0\n", devs[i]-name, 
cdname);
+   fprintf(fstab, "/dev/%s\t\t%s\tcd9660\tro,noauto\t0\t0\n", devs[i]-pname, 
+cdname);
 }
 
 /* And finally, a /proc. */
@@ -364,6 +364,8 @@
 }
 }
 
+#define URMSIZE21
+
 /* Set up the make.conf file */
 void
 configMake_conf(char *config)
@@ -373,8 +375,8 @@
 FILE *fp;
 
 if (!file_readable(config)) {
-   char *line = malloc(21);
-   sprintf(line, "USA_RESIDENT=%s\n", USAResident ? "YES" : "NO");
+   char *line = malloc(URMSIZE);
+   snprintf(line, URMSIZE, "USA_RESIDENT=%s\n", USAResident ? "YES" : "NO");
lines[0] = line;
nlines = 1;
 }
@@ -386,7 +388,7 @@
if (!strncmp(lines[i], "USA_RESIDENT", 12)) {
free(lines[i]);
lines[i] = malloc(21);  /* big enough */
-   sprintf(lines[i], "USA_RESIDENT=%s\n", USAResident ? "YES" : "NO");
+   snprintf(lines[i], URMSIZE, "USA_RESIDENT=%s\n", USAResident ? "YES" : 
+"NO");
}
}
 }
@@ -865,7 +867,7 @@