Module Name: src Committed By: christos Date: Fri Jun 15 15:16:05 UTC 2018
Modified Files: src/usr.sbin/dumplfs: Makefile dumplfs.c Log Message: PR/53367: Thomas Barabosch: Integer overflow in usr.sbin/dumplfs While here use the "e" functions to always check for allocation errors. To generate a diff of this commit: cvs rdiff -u -r1.17 -r1.18 src/usr.sbin/dumplfs/Makefile cvs rdiff -u -r1.63 -r1.64 src/usr.sbin/dumplfs/dumplfs.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/usr.sbin/dumplfs/Makefile diff -u src/usr.sbin/dumplfs/Makefile:1.17 src/usr.sbin/dumplfs/Makefile:1.18 --- src/usr.sbin/dumplfs/Makefile:1.17 Wed Jun 15 10:08:24 2016 +++ src/usr.sbin/dumplfs/Makefile Fri Jun 15 11:16:05 2018 @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.17 2016/06/15 14:08:24 riastradh Exp $ +# $NetBSD: Makefile,v 1.18 2018/06/15 15:16:05 christos Exp $ # @(#)Makefile 8.1 (Berkeley) 6/18/93 WARNS?= 3 # XXX -Wsign-compare @@ -9,5 +9,7 @@ PROG= dumplfs SRCS= dumplfs.c lfs_cksum.c misc.c .PATH: ${NETBSDSRCDIR}/sys/ufs/lfs MAN= dumplfs.8 +LDADD+= -lutil +DPADD+= ${LIBUTIL} .include <bsd.prog.mk> Index: src/usr.sbin/dumplfs/dumplfs.c diff -u src/usr.sbin/dumplfs/dumplfs.c:1.63 src/usr.sbin/dumplfs/dumplfs.c:1.64 --- src/usr.sbin/dumplfs/dumplfs.c:1.63 Fri Aug 12 04:22:13 2016 +++ src/usr.sbin/dumplfs/dumplfs.c Fri Jun 15 11:16:05 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: dumplfs.c,v 1.63 2016/08/12 08:22:13 dholland Exp $ */ +/* $NetBSD: dumplfs.c,v 1.64 2018/06/15 15:16:05 christos Exp $ */ /*- * Copyright (c) 1991, 1993 @@ -40,7 +40,7 @@ __COPYRIGHT("@(#) Copyright (c) 1991, 19 #if 0 static char sccsid[] = "@(#)dumplfs.c 8.5 (Berkeley) 5/24/95"; #else -__RCSID("$NetBSD: dumplfs.c,v 1.63 2016/08/12 08:22:13 dholland Exp $"); +__RCSID("$NetBSD: dumplfs.c,v 1.64 2018/06/15 15:16:05 christos Exp $"); #endif #endif /* not lint */ @@ -61,6 +61,7 @@ __RCSID("$NetBSD: dumplfs.c,v 1.63 2016/ #include <stdio.h> #include <string.h> #include <unistd.h> +#include <util.h> #include "extern.h" static void addseg(char *); @@ -226,10 +227,7 @@ main(int argc, char **argv) if ((fd = open(special, O_RDONLY, 0)) < 0) err(1, "%s", special); - sbuf = malloc(LFS_SBPAD); - if (sbuf == NULL) - err(1, "malloc"); - + sbuf = emalloc(LFS_SBPAD); if (sbdaddr == 0x0) { /* Read the proto-superblock */ __CTASSERT(sizeof(struct dlfs) == sizeof(struct dlfs64)); @@ -332,8 +330,7 @@ dump_ifile(int fd, struct lfs *lfsp, int if (!addr) addr = lfs_sb_getidaddr(lfsp); - if (!(dpage = malloc(psize))) - err(1, "malloc"); + dpage = emalloc(psize); get(fd, fsbtobyte(lfsp, addr), dpage, psize); dip = NULL; @@ -363,8 +360,7 @@ dump_ifile(int fd, struct lfs *lfsp, int block_limit = MIN(nblocks, ULFS_NDADDR); /* Get the direct block */ - if ((ipage = malloc(psize)) == NULL) - err(1, "malloc"); + ipage = emalloc(psize); for (inum = 0, i = 0; i < block_limit; i++) { pdb = lfs_dino_getdb(lfsp, dip, i); get(fd, fsbtobyte(lfsp, pdb), ipage, psize); @@ -395,8 +391,7 @@ dump_ifile(int fd, struct lfs *lfsp, int goto e0; /* Dump out blocks off of single indirect block */ - if (!(indir = malloc(psize))) - err(1, "malloc"); + indir = emalloc(psize); get(fd, fsbtobyte(lfsp, lfs_dino_getib(lfsp, dip, 0)), indir, psize); block_limit = MIN(i + lfs_sb_getnindir(lfsp), nblocks); for (offset = 0; i < block_limit; i++, offset++) { @@ -429,8 +424,7 @@ dump_ifile(int fd, struct lfs *lfsp, int goto e1; /* Get the double indirect block */ - if (!(dindir = malloc(psize))) - err(1, "malloc"); + dindir = emalloc(psize); get(fd, fsbtobyte(lfsp, lfs_dino_getib(lfsp, dip, 1)), dindir, psize); for (j = 0; j < lfs_sb_getnindir(lfsp); j++) { thisblock = lfs_iblock_get(lfsp, dindir, j); @@ -617,7 +611,7 @@ dump_sum(int fd, struct lfs *lfsp, SEGSU /* Dump out inode disk addresses */ iip = SEGSUM_IINFOSTART(lfsp, sp); - diblock = malloc(lfs_sb_getbsize(lfsp)); + diblock = emalloc(lfs_sb_getbsize(lfsp)); printf(" Inode addresses:"); numbytes = 0; numblocks = 0; @@ -680,11 +674,11 @@ dump_sum(int fd, struct lfs *lfsp, SEGSU } else { el_size = sizeof(u_int32_t); } - datap = (char *)malloc(el_size * numblocks); - memset(datap, 0, el_size * numblocks); + datap = ecalloc(numblocks, el_size); + acc = 0; addr += lfs_btofsb(lfsp, lfs_sb_getsumsize(lfsp)); - buf = malloc(lfs_sb_getbsize(lfsp)); + buf = emalloc(lfs_sb_getbsize(lfsp)); for (i = 0; i < lfs_ss_getnfinfo(lfsp, sp); i++) { while (addr == lfs_ii_getblock(lfsp, iip2)) { get(fd, fsbtobyte(lfsp, addr), buf, lfs_sb_getibsize(lfsp)); @@ -737,7 +731,7 @@ dump_segment(int fd, int segnum, daddr_t (void)printf("\nSEGMENT %lld (Disk Address 0x%llx)\n", (long long)lfs_dtosn(lfsp, addr), (long long)addr); sum_offset = fsbtobyte(lfsp, addr); - sumblock = malloc(lfs_sb_getsumsize(lfsp)); + sumblock = emalloc(lfs_sb_getsumsize(lfsp)); if (lfs_sb_getversion(lfsp) > 1 && segnum == 0) { if (lfs_fsbtob(lfsp, lfs_sb_gets0addr(lfsp)) < LFS_LABELPAD) { @@ -897,8 +891,7 @@ addseg(char *arg) { SEGLIST *p; - if ((p = malloc(sizeof(SEGLIST))) == NULL) - err(1, "malloc"); + p = emalloc(sizeof(*p)); p->next = seglist; p->num = atoi(arg); seglist = p;