Module Name: src
Committed By: christos
Date: Fri Jun 15 15:16:05 UTC 2018
Modified Files:
src/usr.sbin/dumplfs: Makefile dumplfs.c
Log Message:
PR/53367: Thomas Barabosch: Integer overflow in usr.sbin/dumplfs
While here use the "e" functions to always check for allocation errors.
To generate a diff of this commit:
cvs rdiff -u -r1.17 -r1.18 src/usr.sbin/dumplfs/Makefile
cvs rdiff -u -r1.63 -r1.64 src/usr.sbin/dumplfs/dumplfs.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/usr.sbin/dumplfs/Makefile
diff -u src/usr.sbin/dumplfs/Makefile:1.17 src/usr.sbin/dumplfs/Makefile:1.18
--- src/usr.sbin/dumplfs/Makefile:1.17 Wed Jun 15 10:08:24 2016
+++ src/usr.sbin/dumplfs/Makefile Fri Jun 15 11:16:05 2018
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.17 2016/06/15 14:08:24 riastradh Exp $
+# $NetBSD: Makefile,v 1.18 2018/06/15 15:16:05 christos Exp $
# @(#)Makefile 8.1 (Berkeley) 6/18/93
WARNS?= 3 # XXX -Wsign-compare
@@ -9,5 +9,7 @@ PROG= dumplfs
SRCS= dumplfs.c lfs_cksum.c misc.c
.PATH: ${NETBSDSRCDIR}/sys/ufs/lfs
MAN= dumplfs.8
+LDADD+= -lutil
+DPADD+= ${LIBUTIL}
.include <bsd.prog.mk>
Index: src/usr.sbin/dumplfs/dumplfs.c
diff -u src/usr.sbin/dumplfs/dumplfs.c:1.63 src/usr.sbin/dumplfs/dumplfs.c:1.64
--- src/usr.sbin/dumplfs/dumplfs.c:1.63 Fri Aug 12 04:22:13 2016
+++ src/usr.sbin/dumplfs/dumplfs.c Fri Jun 15 11:16:05 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: dumplfs.c,v 1.63 2016/08/12 08:22:13 dholland Exp $ */
+/* $NetBSD: dumplfs.c,v 1.64 2018/06/15 15:16:05 christos Exp $ */
/*-
* Copyright (c) 1991, 1993
@@ -40,7 +40,7 @@ __COPYRIGHT("@(#) Copyright (c) 1991, 19
#if 0
static char sccsid[] = "@(#)dumplfs.c 8.5 (Berkeley) 5/24/95";
#else
-__RCSID("$NetBSD: dumplfs.c,v 1.63 2016/08/12 08:22:13 dholland Exp $");
+__RCSID("$NetBSD: dumplfs.c,v 1.64 2018/06/15 15:16:05 christos Exp $");
#endif
#endif /* not lint */
@@ -61,6 +61,7 @@ __RCSID("$NetBSD: dumplfs.c,v 1.63 2016/
#include <stdio.h>
#include <string.h>
#include <unistd.h>
+#include <util.h>
#include "extern.h"
static void addseg(char *);
@@ -226,10 +227,7 @@ main(int argc, char **argv)
if ((fd = open(special, O_RDONLY, 0)) < 0)
err(1, "%s", special);
- sbuf = malloc(LFS_SBPAD);
- if (sbuf == NULL)
- err(1, "malloc");
-
+ sbuf = emalloc(LFS_SBPAD);
if (sbdaddr == 0x0) {
/* Read the proto-superblock */
__CTASSERT(sizeof(struct dlfs) == sizeof(struct dlfs64));
@@ -332,8 +330,7 @@ dump_ifile(int fd, struct lfs *lfsp, int
if (!addr)
addr = lfs_sb_getidaddr(lfsp);
- if (!(dpage = malloc(psize)))
- err(1, "malloc");
+ dpage = emalloc(psize);
get(fd, fsbtobyte(lfsp, addr), dpage, psize);
dip = NULL;
@@ -363,8 +360,7 @@ dump_ifile(int fd, struct lfs *lfsp, int
block_limit = MIN(nblocks, ULFS_NDADDR);
/* Get the direct block */
- if ((ipage = malloc(psize)) == NULL)
- err(1, "malloc");
+ ipage = emalloc(psize);
for (inum = 0, i = 0; i < block_limit; i++) {
pdb = lfs_dino_getdb(lfsp, dip, i);
get(fd, fsbtobyte(lfsp, pdb), ipage, psize);
@@ -395,8 +391,7 @@ dump_ifile(int fd, struct lfs *lfsp, int
goto e0;
/* Dump out blocks off of single indirect block */
- if (!(indir = malloc(psize)))
- err(1, "malloc");
+ indir = emalloc(psize);
get(fd, fsbtobyte(lfsp, lfs_dino_getib(lfsp, dip, 0)), indir, psize);
block_limit = MIN(i + lfs_sb_getnindir(lfsp), nblocks);
for (offset = 0; i < block_limit; i++, offset++) {
@@ -429,8 +424,7 @@ dump_ifile(int fd, struct lfs *lfsp, int
goto e1;
/* Get the double indirect block */
- if (!(dindir = malloc(psize)))
- err(1, "malloc");
+ dindir = emalloc(psize);
get(fd, fsbtobyte(lfsp, lfs_dino_getib(lfsp, dip, 1)), dindir, psize);
for (j = 0; j < lfs_sb_getnindir(lfsp); j++) {
thisblock = lfs_iblock_get(lfsp, dindir, j);
@@ -617,7 +611,7 @@ dump_sum(int fd, struct lfs *lfsp, SEGSU
/* Dump out inode disk addresses */
iip = SEGSUM_IINFOSTART(lfsp, sp);
- diblock = malloc(lfs_sb_getbsize(lfsp));
+ diblock = emalloc(lfs_sb_getbsize(lfsp));
printf(" Inode addresses:");
numbytes = 0;
numblocks = 0;
@@ -680,11 +674,11 @@ dump_sum(int fd, struct lfs *lfsp, SEGSU
} else {
el_size = sizeof(u_int32_t);
}
- datap = (char *)malloc(el_size * numblocks);
- memset(datap, 0, el_size * numblocks);
+ datap = ecalloc(numblocks, el_size);
+
acc = 0;
addr += lfs_btofsb(lfsp, lfs_sb_getsumsize(lfsp));
- buf = malloc(lfs_sb_getbsize(lfsp));
+ buf = emalloc(lfs_sb_getbsize(lfsp));
for (i = 0; i < lfs_ss_getnfinfo(lfsp, sp); i++) {
while (addr == lfs_ii_getblock(lfsp, iip2)) {
get(fd, fsbtobyte(lfsp, addr), buf, lfs_sb_getibsize(lfsp));
@@ -737,7 +731,7 @@ dump_segment(int fd, int segnum, daddr_t
(void)printf("\nSEGMENT %lld (Disk Address 0x%llx)\n",
(long long)lfs_dtosn(lfsp, addr), (long long)addr);
sum_offset = fsbtobyte(lfsp, addr);
- sumblock = malloc(lfs_sb_getsumsize(lfsp));
+ sumblock = emalloc(lfs_sb_getsumsize(lfsp));
if (lfs_sb_getversion(lfsp) > 1 && segnum == 0) {
if (lfs_fsbtob(lfsp, lfs_sb_gets0addr(lfsp)) < LFS_LABELPAD) {
@@ -897,8 +891,7 @@ addseg(char *arg)
{
SEGLIST *p;
- if ((p = malloc(sizeof(SEGLIST))) == NULL)
- err(1, "malloc");
+ p = emalloc(sizeof(*p));
p->next = seglist;
p->num = atoi(arg);
seglist = p;
