CVS commit: [netbsd-5] src/lib/libc/gen

2009-08-16 Thread Manuel Bouyer 
Module Name:src
Committed By:   bouyer
Date:   Sun Aug 16 22:41:23 UTC 2009

Modified Files:
src/lib/libc/gen [netbsd-5]: fts.c

Log Message:
Pull up following revision(s) (requested by christos in ticket #915):
lib/libc/gen/fts.c: revision 1.38
Avoid possible integer overflow and subsequent collateral damage.
Received from OpenBSD via US-CERT as VU #590371.
Original OpenBSD commit log:
revision 1.42
date: 2009/02/11 13:24:05;  author: otto;  state: Exp; lines: +9 -1
Avoid level going negative on deep (i mean really deep) dirs. Reported
by Maksymilian Arciemowicz. ok kettenis@ millert@


To generate a diff of this commit:
cvs rdiff -u -r1.34.4.1 -r1.34.4.2 src/lib/libc/gen/fts.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/lib/libc/gen/fts.c
diff -u src/lib/libc/gen/fts.c:1.34.4.1 src/lib/libc/gen/fts.c:1.34.4.2
--- src/lib/libc/gen/fts.c:1.34.4.1	Thu Jan  8 22:00:34 2009
+++ src/lib/libc/gen/fts.c	Sun Aug 16 22:41:23 2009
@@ -1,4 +1,4 @@
-/*	$NetBSD: fts.c,v 1.34.4.1 2009/01/08 22:00:34 snj Exp $	*/
+/*	$NetBSD: fts.c,v 1.34.4.2 2009/08/16 22:41:23 bouyer Exp $	*/
 
 /*-
  * Copyright (c) 1990, 1993, 1994
@@ -38,7 +38,7 @@
 #if 0
 static char sccsid[] = "@(#)fts.c	8.6 (Berkeley) 8/14/94";
 #else
-__RCSID("$NetBSD: fts.c,v 1.34.4.1 2009/01/08 22:00:34 snj Exp $");
+__RCSID("$NetBSD: fts.c,v 1.34.4.2 2009/08/16 22:41:23 bouyer Exp $");
 #endif
 #endif /* LIBC_SCCS and not lint */
 
@@ -726,6 +726,14 @@
 	len++;
 	maxlen = sp->fts_pathlen - len;
 
+	if (cur->fts_level == SHRT_MAX) {
+		(void)closedir(dirp);
+		cur->fts_info = FTS_ERR;
+		SET(FTS_STOP);
+		errno = ENAMETOOLONG;
+		return (NULL);
+	}
+
 	level = cur->fts_level + 1;
 
 	/* Read the directory, attaching each entry to the `link' pointer. */

CVS commit: [netbsd-5] src/lib/libc/gen

2011-06-18 Thread Manuel Bouyer 
Module Name:src
Committed By:   bouyer
Date:   Sat Jun 18 17:20:32 UTC 2011

Modified Files:
src/lib/libc/gen [netbsd-5]: getgrent.c

Log Message:
Pull up following revision(s) (requested by sjg in ticket #1636):
lib/libc/gen/getgrent.c: revision 1.63
_gr_copy() can get called with fromgrp->gr_mem == NULL.


To generate a diff of this commit:
cvs rdiff -u -r1.62 -r1.62.6.1 src/lib/libc/gen/getgrent.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/lib/libc/gen/getgrent.c
diff -u src/lib/libc/gen/getgrent.c:1.62 src/lib/libc/gen/getgrent.c:1.62.6.1
--- src/lib/libc/gen/getgrent.c:1.62	Mon Apr 28 20:22:59 2008
+++ src/lib/libc/gen/getgrent.c	Sat Jun 18 17:20:31 2011
@@ -1,4 +1,4 @@
-/*	$NetBSD: getgrent.c,v 1.62 2008/04/28 20:22:59 martin Exp $	*/
+/*	$NetBSD: getgrent.c,v 1.62.6.1 2011/06/18 17:20:31 bouyer Exp $	*/
 
 /*-
  * Copyright (c) 1999-2000, 2004-2005 The NetBSD Foundation, Inc.
@@ -88,7 +88,7 @@
 #if 0
 static char sccsid[] = "@(#)getgrent.c	8.2 (Berkeley) 3/21/94";
 #else
-__RCSID("$NetBSD: getgrent.c,v 1.62 2008/04/28 20:22:59 martin Exp $");
+__RCSID("$NetBSD: getgrent.c,v 1.62.6.1 2011/06/18 17:20:31 bouyer Exp $");
 #endif
 #endif /* LIBC_SCCS and not lint */
 
@@ -270,6 +270,9 @@
 	COPYSTR(grp->gr_passwd, fromgrp->gr_passwd);
 	grp->gr_gid = fromgrp->gr_gid;
 
+	if (fromgrp->gr_mem == NULL)
+		return 0;
+
 	for (memc = 0; fromgrp->gr_mem[memc]; memc++)
 		continue;
 	memc++;	/* for final NULL */

CVS commit: [netbsd-5] src/lib/libc/gen

2011-04-24 Thread Jeff Rizzo 
Module Name:src
Committed By:   riz
Date:   Sun Apr 24 15:41:10 UTC 2011

Modified Files:
src/lib/libc/gen [netbsd-5]: glob.c

Log Message:
Pull up following revision(s) (requested by spz in ticket #1597):
lib/libc/gen/glob.c: revision 1.28
lib/libc/gen/glob.c: revision 1.29
prevent resource DoS from brace expansion (from Maksymilian Arciemowicz)
remove stray printf.


To generate a diff of this commit:
cvs rdiff -u -r1.23.4.1 -r1.23.4.2 src/lib/libc/gen/glob.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/lib/libc/gen/glob.c
diff -u src/lib/libc/gen/glob.c:1.23.4.1 src/lib/libc/gen/glob.c:1.23.4.2
--- src/lib/libc/gen/glob.c:1.23.4.1	Mon Jul 19 18:14:08 2010
+++ src/lib/libc/gen/glob.c	Sun Apr 24 15:41:10 2011
@@ -1,4 +1,4 @@
-/*	$NetBSD: glob.c,v 1.23.4.1 2010/07/19 18:14:08 riz Exp $	*/
+/*	$NetBSD: glob.c,v 1.23.4.2 2011/04/24 15:41:10 riz Exp $	*/
 
 /*
  * Copyright (c) 1989, 1993
@@ -37,7 +37,7 @@
 #if 0
 static char sccsid[] = "@(#)glob.c	8.3 (Berkeley) 10/13/93";
 #else
-__RCSID("$NetBSD: glob.c,v 1.23.4.1 2010/07/19 18:14:08 riz Exp $");
+__RCSID("$NetBSD: glob.c,v 1.23.4.2 2011/04/24 15:41:10 riz Exp $");
 #endif
 #endif /* LIBC_SCCS and not lint */
 
@@ -87,13 +87,18 @@
 #define NO_GETPW_R
 #endif
 
-#define	GLOB_LIMIT_MALLOC	65536
-#define	GLOB_LIMIT_STAT		128
-#define	GLOB_LIMIT_READDIR	16384
-
-#define	GLOB_INDEX_MALLOC	0
-#define	GLOB_INDEX_STAT		1
-#define	GLOB_INDEX_READDIR	2
+#define	GLOB_LIMIT_STRING	65536	/* number of readdirs */
+#define	GLOB_LIMIT_STAT		128	/* number of stat system calls */
+#define	GLOB_LIMIT_READDIR	16384	/* total buffer size of path strings */
+#define	GLOB_LIMIT_PATH		1024	/* number of path elements */
+#define GLOB_LIMIT_BRACE	128	/* Number of brace calls */
+
+struct glob_limit {
+	size_t l_string;
+	size_t l_stat;	
+	size_t l_readdir;	
+	size_t l_brace;
+};
 
 /*
  * XXX: For NetBSD 1.4.x compatibility. (kill me l8r)
@@ -158,18 +163,18 @@
 static DIR	*g_opendir(Char *, glob_t *);
 static Char	*g_strchr(const Char *, int);
 static int	 g_stat(Char *, __gl_stat_t *, glob_t *);
-static int	 glob0(const Char *, glob_t *, size_t *);
-static int	 glob1(Char *, glob_t *, size_t *);
-static int	 glob2(Char *, Char *, Char *, Char *, glob_t *,
-size_t *);
-static int	 glob3(Char *, Char *, Char *, Char *, Char *, glob_t *,
-size_t *);
-static int	 globextend(const Char *, glob_t *, size_t *);
+static int	 glob0(const Char *, glob_t *, struct glob_limit *);
+static int	 glob1(Char *, glob_t *, struct glob_limit *);
+static int	 glob2(Char *, Char *, Char *, const Char *, glob_t *,
+struct glob_limit *);
+static int	 glob3(Char *, Char *, Char *, const Char *, const Char *, 
+glob_t *, struct glob_limit *);
+static int	 globextend(const Char *, glob_t *, struct glob_limit *);
 static const Char *globtilde(const Char *, Char *, size_t, glob_t *);
-static int	 globexp1(const Char *, glob_t *, size_t *);
+static int	 globexp1(const Char *, glob_t *, struct glob_limit *);
 static int	 globexp2(const Char *, const Char *, glob_t *, int *,
-size_t *);
-static int	 match(Char *, Char *, Char *);
+struct glob_limit *);
+static int	 match(const Char *, const Char *, const Char *);
 #ifdef DEBUG
 static void	 qprintf(const char *, Char *);
 #endif
@@ -181,8 +186,7 @@
 	const u_char *patnext;
 	int c;
 	Char *bufnext, *bufend, patbuf[MAXPATHLEN+1];
-	/* 0 = malloc(), 1 = stat(), 2 = readdir() */
-	size_t limit[] = { 0, 0, 0 };
+	struct glob_limit limit = { 0, 0, 0, 0 };
 
 	_DIAGASSERT(pattern != NULL);
 
@@ -218,9 +222,9 @@
 	*bufnext = EOS;
 
 	if (flags & GLOB_BRACE)
-	return globexp1(patbuf, pglob, limit);
+	return globexp1(patbuf, pglob, &limit);
 	else
-	return glob0(patbuf, pglob, limit);
+	return glob0(patbuf, pglob, &limit);
 }
 
 /*
@@ -229,7 +233,7 @@
  * characters
  */
 static int
-globexp1(const Char *pattern, glob_t *pglob, size_t *limit)
+globexp1(const Char *pattern, glob_t *pglob, struct glob_limit *limit)
 {
 	const Char* ptr = pattern;
 	int rv;
@@ -237,6 +241,12 @@
 	_DIAGASSERT(pattern != NULL);
 	_DIAGASSERT(pglob != NULL);
 
+	if ((pglob->gl_flags & GLOB_LIMIT) &&
+	limit->l_brace++ >= GLOB_LIMIT_BRACE) {
+		errno = 0;
+		return GLOB_NOSPACE;
+	}
+
 	/* Protect a single {}, for find(1), like csh */
 	if (pattern[0] == LBRACE && pattern[1] == RBRACE && pattern[2] == EOS)
 		return glob0(pattern, pglob, limit);
@@ -256,7 +266,7 @@
  */
 static int
 globexp2(const Char *ptr, const Char *pattern, glob_t *pglob, int *rv,
-size_t *limit)
+struct glob_limit *limit)
 {
 	int i;
 	Char   *lm, *ls;
@@ -461,7 +471,7 @@
  * to find no matches.
  */
 static int
-glob0(const Char *pattern, glob_t *pglob, size_t *limit)
+glob0(const Char *pattern, glob_t *pglob, struct glob_limit *limit)
 {
 	const Char *qpatnext;
 	int c, error;
@@ -567,7 +577,7 @@
 }
 
 static int
-glob1(Char *pattern, g