newfs: avoid oob read on command line argument

[Tobias Stoeckmann]

Here's the spin-off from previous __progname patch.

It's possible to have an out-of-boundary read in newfs_ext2fs when
supplying an empty partition name. Before calling strchr() - 1, it should
be verified that it's not empty. While at it, the result of the strchr call
will never be NULL, because eventually a '\0' char will be found. Even if
that would not be the case, the "- 1" addition renders the NULL check
pointless.

mmcc@ had the nice idea to split this into an own check, which looks much
better because we avoid saving an illegal pointer, even though it wouldn't
be used.

With applied patch:

$ newfs_ext2fs -N ""                                                           
newfs_ext2fs: /dev/: not a character-special device
newfs_ext2fs: empty partition name supplied
$ _

I think the newfs-part cannot be triggered, but better be safe than
sorry, and stay in sync with newfs_ext2fs.


Tobias

Index: sbin/newfs/newfs.c
===================================================================
RCS file: /cvs/src/sbin/newfs/newfs.c,v
retrieving revision 1.103
diff -u -p -u -p -r1.103 newfs.c
--- sbin/newfs/newfs.c  25 Nov 2015 19:45:21 -0000      1.103
+++ sbin/newfs/newfs.c  5 Dec 2015 10:52:39 -0000
@@ -423,10 +423,11 @@ main(int argc, char *argv[])
                                warnx("%s: not a character-special device",
                                    special);
                }
+               if (*argv[0] == '\0')
+                       fatal("empty partition name supplied");
                cp = strchr(argv[0], '\0') - 1;
-               if (cp == NULL ||
-                   ((*cp < 'a' || *cp > ('a' + maxpartitions - 1))
-                   && !isdigit((unsigned char)*cp)))
+               if ((*cp < 'a' || *cp > ('a' + maxpartitions - 1))
+                   && !isdigit((unsigned char)*cp))
                        fatal("%s: can't figure out file system partition",
                            argv[0]);
                lp = getdisklabel(special, fsi);
Index: sbin/newfs_ext2fs/newfs_ext2fs.c
===================================================================
RCS file: /cvs/src/sbin/newfs_ext2fs/newfs_ext2fs.c,v
retrieving revision 1.21
diff -u -p -u -p -r1.21 newfs_ext2fs.c
--- sbin/newfs_ext2fs/newfs_ext2fs.c    28 Nov 2015 06:12:09 -0000      1.21
+++ sbin/newfs_ext2fs/newfs_ext2fs.c    5 Dec 2015 10:52:39 -0000
@@ -529,9 +529,11 @@ getpartition(int fsi, const char *specia
                errx(EXIT_FAILURE, "%s: block device", special);
        if (!S_ISCHR(st.st_mode))
                warnx("%s: not a character-special device", special);
+       if (*argv[0] == '\0')
+               errx(EXIT_FAILURE, "empty partition name supplied");
        cp = strchr(argv[0], '\0') - 1;
-       if (cp == NULL || ((*cp < 'a' || *cp > ('a' + getmaxpartitions() - 1))
-           && !isdigit((unsigned char)*cp)))
+       if ((*cp < 'a' || *cp > ('a' + getmaxpartitions() - 1))
+           && !isdigit((unsigned char)*cp))
                errx(EXIT_FAILURE, "%s: can't figure out file system 
partition", argv[0]);
        lp = getdisklabel(special, fsi);
        if (isdigit((unsigned char)*cp))