Author: asomers
Date: Mon Oct 1 16:09:20 2018
New Revision: 339060
URL: https://svnweb.freebsd.org/changeset/base/339060
Log:
MFC r336609:
Fix several Coverity warnings in tftp
Some of the changes are in the libexec/tftpd directory, but to functions that
are only used by tftp(1) (they share some code).
* strcpy => strlcpy (1006793, 1006794, 1006796, 1006741)
* Unchecked return value and TOCTTOU (1009314)
* NULL pointer dereference (1018035, 1018036)
Reported by: Coverity
CID: 1006793, 1006794, 1006796, 1006741, 1009314, 1018035
CID: 1018036
Modified:
stable/10/libexec/tftpd/tftp-io.c
stable/10/libexec/tftpd/tftp-utils.c
stable/10/usr.bin/tftp/main.c
stable/10/usr.bin/tftp/tftp.c
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/libexec/tftpd/tftp-io.c
==============================================================================
--- stable/10/libexec/tftpd/tftp-io.c Mon Oct 1 16:08:27 2018
(r339059)
+++ stable/10/libexec/tftpd/tftp-io.c Mon Oct 1 16:09:20 2018
(r339060)
@@ -38,6 +38,7 @@ __FBSDID("$FreeBSD$");
#include <errno.h>
#include <setjmp.h>
#include <signal.h>
+#include <stddef.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -191,16 +192,16 @@ send_wrq(int peer, char *filename, char *mode)
tp = (struct tftphdr *)buf;
tp->th_opcode = htons((u_short)WRQ);
- size = 2;
+ size = offsetof(struct tftphdr, th_stuff);
bp = tp->th_stuff;
- strcpy(bp, filename);
+ strlcpy(bp, filename, sizeof(buf) - size);
bp += strlen(filename);
*bp = 0;
bp++;
size += strlen(filename) + 1;
- strcpy(bp, mode);
+ strlcpy(bp, mode, sizeof(buf) - size);
bp += strlen(mode);
*bp = 0;
bp++;
@@ -239,16 +240,16 @@ send_rrq(int peer, char *filename, char *mode)
tp = (struct tftphdr *)buf;
tp->th_opcode = htons((u_short)RRQ);
- size = 2;
+ size = offsetof(struct tftphdr, th_stuff);
bp = tp->th_stuff;
- strcpy(bp, filename);
+ strlcpy(bp, filename, sizeof(buf) - size);
bp += strlen(filename);
*bp = 0;
bp++;
size += strlen(filename) + 1;
- strcpy(bp, mode);
+ strlcpy(bp, mode, sizeof(buf) - size);
bp += strlen(mode);
*bp = 0;
bp++;
Modified: stable/10/libexec/tftpd/tftp-utils.c
==============================================================================
--- stable/10/libexec/tftpd/tftp-utils.c Mon Oct 1 16:08:27 2018
(r339059)
+++ stable/10/libexec/tftpd/tftp-utils.c Mon Oct 1 16:09:20 2018
(r339060)
@@ -235,14 +235,15 @@ const char *
debug_show(int d)
{
static char s[100];
+ size_t space = sizeof(s);
int i = 0;
s[0] = '\0';
while (debugs[i].name != NULL) {
if (d&debugs[i].value) {
- if (s[0] != '\0')
- strcat(s, " ");
- strcat(s, debugs[i].name);
+ if (s[0] != '\0')
+ strlcat(s, " ", space);
+ strlcat(s, debugs[i].name, space);
}
i++;
}
Modified: stable/10/usr.bin/tftp/main.c
==============================================================================
--- stable/10/usr.bin/tftp/main.c Mon Oct 1 16:08:27 2018
(r339059)
+++ stable/10/usr.bin/tftp/main.c Mon Oct 1 16:09:20 2018
(r339060)
@@ -405,7 +405,7 @@ static void
settftpmode(const char *newmode)
{
- strcpy(mode, newmode);
+ strlcpy(mode, newmode, sizeof(mode));
if (verbose)
printf("mode set to %s\n", mode);
}
@@ -465,7 +465,10 @@ put(int argc, char *argv[])
return;
}
- stat(cp, &sb);
+ if (fstat(fd, &sb) < 0) {
+ warn("%s", cp);
+ return;
+ }
asprintf(&options[OPT_TSIZE].o_request, "%ju", sb.st_size);
if (verbose)
@@ -486,7 +489,10 @@ put(int argc, char *argv[])
continue;
}
- stat(cp, &sb);
+ if (fstat(fd, &sb) < 0) {
+ warn("%s", argv[n]);
+ continue;
+ }
asprintf(&options[OPT_TSIZE].o_request, "%ju", sb.st_size);
if (verbose)
Modified: stable/10/usr.bin/tftp/tftp.c
==============================================================================
--- stable/10/usr.bin/tftp/tftp.c Mon Oct 1 16:08:27 2018
(r339059)
+++ stable/10/usr.bin/tftp/tftp.c Mon Oct 1 16:09:20 2018
(r339060)
@@ -48,6 +48,7 @@ __FBSDID("$FreeBSD$");
#include <arpa/tftp.h>
+#include <assert.h>
#include <err.h>
#include <netdb.h>
#include <stdio.h>
@@ -83,6 +84,7 @@ xmitfile(int peer, char *port, int fd, char *name, cha
if (port == NULL) {
struct servent *se;
se = getservbyname("tftp", "udp");
+ assert(se != NULL);
((struct sockaddr_in *)&peer_sock)->sin_port = se->s_port;
} else
((struct sockaddr_in *)&peer_sock)->sin_port =
@@ -182,6 +184,7 @@ recvfile(int peer, char *port, int fd, char *name, cha
if (port == NULL) {
struct servent *se;
se = getservbyname("tftp", "udp");
+ assert(se != NULL);
((struct sockaddr_in *)&peer_sock)->sin_port = se->s_port;
} else
((struct sockaddr_in *)&peer_sock)->sin_port =
_______________________________________________
svn-src-stable-10@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-stable-10
To unsubscribe, send any mail to "svn-src-stable-10-unsubscr...@freebsd.org"
