From nobody Thu Aug 14 16:03:16 2025 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4c2qln00wHz64fqT; Thu, 14 Aug 2025 16:03:17 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4c2qlm4XS1z3JxX; Thu, 14 Aug 2025 16:03:16 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1755187396; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=lJMXRzUKo1sUqnfWOrh3qcprRsLy3s6HLvHb0O4S4mo=; b=MRow3r32wsImwoB/qwgde2+zkRLMlhGdEPaahw/E4d70IHI1SrKDythrZbE37W63p77MCr mP/Z6adDXJvwJiS/yFlOCa4SdFgExHxo5TzchoP682LbSh7mkHilaRBkSvY826Nve4sDFM DulyuwwZr/WDtLhnZ6/MtVZbMkQXSpyOjxSKXefXHULl04zCC4nkIrTK6tQESMRg6dvP2R 3zkbX+mgWtj6JrWqrLi0nOr80GDF+OClaP3TISf3WX9wR3jT8mLRmaCQTNP3ZTJ3ZZjo+q JaeumVIyiRt21vlnrN596tVMfY9DcQbkeR8die1uT6bLJS3JaIlEuNuxxpfcfw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1755187396; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=lJMXRzUKo1sUqnfWOrh3qcprRsLy3s6HLvHb0O4S4mo=; b=k/738pW0VQ3fCc9Zy0e9zGnL3hfzi1KjsTQlWgVlzJbaLeYiZmeB6zpIC90Vyms7Erb0ca xMfQPf2UoG2y73MP8lUjMV1TB3IxuqMwUGClUUw7A7DdYLB5WP5IWn/QPPVheKGeRfe4qK AZboqEElalSQgEspqarGphIQp8hEespL2A+x5cfZiST4Cj9+HyuVHo197YykUPs6oJlTdd JBUiWZLEF+fhPpuV1sNRY5lNexhnqh9By5CXPkAjKiMkZxm00FGs5qXJtM1X0L/TT5P6zD sdwVLznUlqrE+HEdIremeyKDGDp6yAsrEaWrOxJWM73Rggr0Y6KSpk7ADKSYAw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1755187396; a=rsa-sha256; cv=none; b=IG5bpsuPBQiqYKqaOuQ/9J51IDO+8viehzTEekej/XVZEoh1k5wMb8rFF+ueuggZlcq2n3 vucaWPJO3wL8DMrJz9pOry9ddci8YBtfZ5+Nq449rw9RUqyYnmgY7LbuOyQn6SeiBm7m3u 5M34dcQ8ADokM964R2fll8YrqQzdGkivJ2koXPuFUNEFaDMhshlBt3zfmM/VPugd9oTMUb aVfTuV4/L8go95Qi5BTNCPZC2WeEPnMBTUW+i7RwKCkF7kW6zh804DX0+k9/e8p51b53aM LEnYN1ZJOaVTi4Va3Fjya1fUM5OnYMuKVjNaxT/JQ40T7TXnIkYs+Gb2y2MmAA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4c2qlm46Gjz10XN; Thu, 14 Aug 2025 16:03:16 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 57EG3GHg080063; Thu, 14 Aug 2025 16:03:16 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 57EG3GAP080060; Thu, 14 Aug 2025 16:03:16 GMT (envelope-from git) Date: Thu, 14 Aug 2025 16:03:16 GMT Message-Id: <202508141603.57EG3GAP080060@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Dag-Erling =?utf-8?Q?Sm=C3=B8rgrav?= Subject: git: d26dac01421e - stable/14 - indent: Fix buffer overflow List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: des X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: d26dac01421e780f673ebcb806f2c2b51531eab1 Auto-Submitted: auto-generated The branch stable/14 has been updated by des: URL: https://cgit.FreeBSD.org/src/commit/?id=d26dac01421e780f673ebcb806f2c2b51531eab1 commit d26dac01421e780f673ebcb806f2c2b51531eab1 Author: Dag-Erling Smørgrav AuthorDate: 2025-08-07 23:34:07 +0000 Commit: Dag-Erling Smørgrav CommitDate: 2025-08-14 14:00:09 +0000 indent: Fix buffer overflow The function used to create a backup of the input before starting work used a static buffer and did not check that the file name it constructed did not overflow. Switch to using asprintf(), clean up the rest of the function, and update some comments that still referred to an earlier version of the code. MFC after: 1 week Sponsored by: Klara, Inc. Reviewed by: bnovkov Differential Revision: https://reviews.freebsd.org/D51796 (cherry picked from commit eb41613d22977798f41dd979e4e4ec0965711916) --- usr.bin/indent/indent.c | 40 ++++++++++++++------------------- usr.bin/indent/tests/functional_test.sh | 18 +++++++++++++++ 2 files changed, 35 insertions(+), 23 deletions(-) diff --git a/usr.bin/indent/indent.c b/usr.bin/indent/indent.c index 5d97a5069add..5e1c4f56f420 100644 --- a/usr.bin/indent/indent.c +++ b/usr.bin/indent/indent.c @@ -90,7 +90,6 @@ const char *out_name = "Standard Output"; /* will always point to name * of output file */ const char *simple_backup_suffix = ".BAK"; /* Suffix to use for backup * files */ -char bakfile[MAXPATHLEN] = ""; int main(int argc, char **argv) @@ -1238,41 +1237,35 @@ check_type: } /* - * copy input file to backup file if in_name is /blah/blah/blah/file, then - * backup file will be ".Bfile" then make the backup file the input and + * copy input file to backup file then make the backup file the input and * original input file the output */ static void bakcopy(void) { - int n, - bakchn; - char buff[8 * 1024]; - const char *p; - - /* construct file name .Bfile */ - for (p = in_name; *p; p++); /* skip to end of string */ - while (p > in_name && *p != '/') /* find last '/' */ - p--; - if (*p == '/') - p++; - sprintf(bakfile, "%s%s", p, simple_backup_suffix); + static char buff[8 * 1024]; + char *bakfile; + ssize_t len; + int bakfd; + + /* generate the backup file name */ + if (asprintf(&bakfile, "%s%s", in_name, simple_backup_suffix) < 0) + err(1, "%s%s", in_name, simple_backup_suffix); /* copy in_name to backup file */ - bakchn = creat(bakfile, 0600); - if (bakchn < 0) + bakfd = open(bakfile, O_RDWR | O_CREAT | O_TRUNC, 0600); + if (bakfd < 0) err(1, "%s", bakfile); - while ((n = read(fileno(input), buff, sizeof(buff))) > 0) - if (write(bakchn, buff, n) != n) + while ((len = read(fileno(input), buff, sizeof(buff))) > 0) + if (write(bakfd, buff, len) != len) err(1, "%s", bakfile); - if (n < 0) + if (len < 0) err(1, "%s", in_name); - close(bakchn); fclose(input); /* re-open backup file as the input file */ - input = fopen(bakfile, "r"); - if (input == NULL) + input = fdopen(bakfd, "r"); + if (input == NULL || fseek(input, 0, SEEK_SET) != 0) err(1, "%s", bakfile); /* now the original input file will be the output */ output = fopen(in_name, "w"); @@ -1280,6 +1273,7 @@ bakcopy(void) unlink(bakfile); err(1, "%s", in_name); } + free(bakfile); } static void diff --git a/usr.bin/indent/tests/functional_test.sh b/usr.bin/indent/tests/functional_test.sh index 3f4431038234..9cfe5878f69d 100755 --- a/usr.bin/indent/tests/functional_test.sh +++ b/usr.bin/indent/tests/functional_test.sh @@ -3,6 +3,7 @@ # # Copyright 2016 Dell EMC # All rights reserved. +# Copyright (c) 2025 Klara, Inc. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are @@ -56,9 +57,26 @@ add_legacy_testcase() atf_add_test_case ${tc%.[0-9]} } +atf_test_case backup_suffix +backup_suffix_body() +{ + local argmax=$(sysctl -n kern.argmax) + local suffix=$(jot -b .bak -s '' $((argmax/5))) + local code=$'int main() {}\n' + + printf "${code}" >input.c + + atf_check indent input.c + atf_check -o inline:"${code}" cat input.c.BAK + + atf_check -s exit:1 -e match:"name too long"\ + env SIMPLE_BACKUP_SUFFIX=${suffix} indent input.c +} + atf_init_test_cases() { for tc in $(find -s "${SRCDIR}" -name '*.[0-9]'); do add_legacy_testcase "${tc##*/}" done + atf_add_test_case backup_suffix }