Module Name: src
Committed By: rillig
Date: Thu Feb 15 22:37:10 UTC 2024
Modified Files:
src/common/lib/libutil: snprintb.c
src/tests/lib/libutil: t_snprintb.c
Log Message:
snprintb: fix out-of-bounds write
To generate a diff of this commit:
cvs rdiff -u -r1.22 -r1.23 src/common/lib/libutil/snprintb.c
cvs rdiff -u -r1.13 -r1.14 src/tests/lib/libutil/t_snprintb.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/common/lib/libutil/snprintb.c
diff -u src/common/lib/libutil/snprintb.c:1.22 src/common/lib/libutil/snprintb.c:1.23
--- src/common/lib/libutil/snprintb.c:1.22 Fri Dec 6 19:36:22 2019
+++ src/common/lib/libutil/snprintb.c Thu Feb 15 22:37:10 2024
@@ -1,4 +1,4 @@
-/* $NetBSD: snprintb.c,v 1.22 2019/12/06 19:36:22 christos Exp $ */
+/* $NetBSD: snprintb.c,v 1.23 2024/02/15 22:37:10 rillig Exp $ */
/*-
* Copyright (c) 2002 The NetBSD Foundation, Inc.
@@ -41,7 +41,7 @@
# include <sys/cdefs.h>
# if defined(LIBC_SCCS) && !defined(lint)
-__RCSID("$NetBSD: snprintb.c,v 1.22 2019/12/06 19:36:22 christos Exp $");
+__RCSID("$NetBSD: snprintb.c,v 1.23 2024/02/15 22:37:10 rillig Exp $");
# endif
# include <sys/types.h>
@@ -51,7 +51,7 @@ __RCSID("$NetBSD: snprintb.c,v 1.22 2019
# include <errno.h>
# else /* ! _KERNEL */
# include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: snprintb.c,v 1.22 2019/12/06 19:36:22 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: snprintb.c,v 1.23 2024/02/15 22:37:10 rillig Exp $");
# include <sys/param.h>
# include <sys/inttypes.h>
# include <sys/systm.h>
@@ -272,14 +272,14 @@ snprintb_m(char *buf, size_t buflen, con
}
}
}
- l_len++;
- if (sep != '<' && (size_t)(++t_len) < buflen)
- *bp++ = '>';
+ if (sep != '<')
+ STORE('>');
terminate:
- *bp++ = '\0';
+ STORE('\0');
if (l_max != 0) {
- t_len++;
- *bp = '\0';
+ STORE('\0');
+ t_len--;
+ buf[buflen] = '\0';
}
return t_len;
internal:
Index: src/tests/lib/libutil/t_snprintb.c
diff -u src/tests/lib/libutil/t_snprintb.c:1.13 src/tests/lib/libutil/t_snprintb.c:1.14
--- src/tests/lib/libutil/t_snprintb.c:1.13 Wed Feb 14 20:51:17 2024
+++ src/tests/lib/libutil/t_snprintb.c Thu Feb 15 22:37:10 2024
@@ -1,4 +1,4 @@
-/* $NetBSD: t_snprintb.c,v 1.13 2024/02/14 20:51:17 rillig Exp $ */
+/* $NetBSD: t_snprintb.c,v 1.14 2024/02/15 22:37:10 rillig Exp $ */
/*
* Copyright (c) 2002, 2004, 2008, 2010, 2024 The NetBSD Foundation, Inc.
@@ -32,7 +32,7 @@
#include <sys/cdefs.h>
__COPYRIGHT("@(#) Copyright (c) 2008, 2010\
The NetBSD Foundation, inc. All rights reserved.");
-__RCSID("$NetBSD: t_snprintb.c,v 1.13 2024/02/14 20:51:17 rillig Exp $");
+__RCSID("$NetBSD: t_snprintb.c,v 1.14 2024/02/15 22:37:10 rillig Exp $");
#include <stdio.h>
#include <string.h>
@@ -636,15 +636,12 @@ ATF_TC_BODY(snprintb_m, tc)
/* 35 */ "0xfffft>\0"
/* 44 */ "0xffff1>\0"
/* 53 */ "0xffff<>\0"
- /* 62 */ "0xff\0"
- /* 67 */ "ZZZ"
+ /* 62 */ "0xff\0\0ZZ"
/* 70 */ "ZZZZZZZZZZ"
/* 80 */ "ZZZZZZZZZZ"
/* 90 */ "ZZZZZZZZZZ"
/* 100 */ "ZZZZZZZZZZ"
- /* 110 */ "ZZZZZZ"
- /* 116 */ "\0\0" /* FIXME: out-of-bounds write */
- /* 118 */ "ZZ"
+ /* 110 */ "ZZZZZZZZZZ"
/* 120 */ "ZZZZZZZZZZ"
/* 130 */ "ZZZZZZZZZZ"
/* 140 */ "ZZZZZZZZZZ"
@@ -667,15 +664,12 @@ ATF_TC_BODY(snprintb_m, tc)
/* 35 */ "0xfffft>\0"
/* 44 */ "0xffff1>\0"
/* 53 */ "0xffff<>\0"
- /* 62 */ "0xff\0"
- /* 67 */ "ZZZ"
+ /* 62 */ "0xff\0\0ZZ"
/* 70 */ "ZZZZZZZZZZ"
/* 80 */ "ZZZZZZZZZZ"
/* 90 */ "ZZZZZZZZZZ"
/* 100 */ "ZZZZZZZZZZ"
- /* 110 */ "ZZZZZZ"
- /* 116 */ "\0\0" /* FIXME: out-of-bounds write */
- /* 118 */ "ZZ"
+ /* 110 */ "ZZZZZZZZZZ"
/* 120 */ "ZZZZZZZZZZ"
/* 130 */ "ZZZZZZZZZZ"
/* 140 */ "ZZZZZZZZZZ"
