From nobody Thu Aug 14 16:03:17 2025 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4c2qlp0Trxz64ffQ; Thu, 14 Aug 2025 16:03:18 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4c2qln5b2kz3KFK; Thu, 14 Aug 2025 16:03:17 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1755187397; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=44CBOtCuHgmFI2xAZhjU1larLSiHOQTzd22G9mzjETs=; b=xP2XTMZ0/ib+jrfiEj4vFPFg4tzjG4dMSSrd72rYxtq8PhBW03vJnsGS0t6Jp9wpnW+QM0 Ulg8IcJmKBmbkbsi1fpXvpuwgAQoBwQAydQrq9L2GMhl5oygZCLftanZWebC2CNY3iu/3S QVQj4cCLMJRGfEbTxck3i14L34U+6Vo0CEYkUX0+bp9B3l6ucBl6GlpHFT+cU7Lgj4eUub EQebbUj3Ev0JmwJoGKNgGhges1nRqaAwT2FpjLTG5uKN5ySoM1gO1gsZVpTv+19gCD74M7 /dqnNu5VwVYvO0JAiaZEjZ6b1uhiRSHiN9oPAHt2bdEXgkhRHCu/bT43OZJLSg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1755187397; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=44CBOtCuHgmFI2xAZhjU1larLSiHOQTzd22G9mzjETs=; b=awU3HI3vCjSnz22rbeytj6sf+p8V4y6j1dJ+2BDah5KuzeeuUsiE27H84XQz2SLLwI2Fix 25Zdkr0hCrLEjjSC1fNtrLGbQdllUs1iw8b8fGT8rUL9lO+rj5642DybKehiWgb7JqpscV R5HLf0mo0YIKCQ+PLPLFYdkSIDiyY9J/EAfoaq3WWiRjk23f/9sPKG+oWFTjaZxplaijDI GVk+lO6CghIyS1VC5TSEr9Vp9njLh8Hk7sLiQrrqyHnwmjF0v1sIGB0uyQBv84ADJuTzri GY9Nw93xSLOYxg7AmUqeOzYLZu6D9ni0/Ff6NeDf+7HCv3iSEokZL74+9fdAqQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1755187397; a=rsa-sha256; cv=none; b=oOp1gR11J4eQD+ciGsynPXPjCj/gPNECNK14c0nvU5mF5JwX44d02Mf2aqel3oUo7GXT4N Z/ZMYd6Wvy+fFeuNJYGS2EIGwVQ5ojePI2+Am0++cIMDmTd748wX0Hvh2wc5KjpnCnw1XI mlOqfaEfR3F0pyuK5r1qEU0t5i3Qzbpt2mIYhOKP1ujwxaoZWVQjx3RX0YOQZ67MqKsi3v s/3YOLt1FdFsiEIjHEgNvHCxogfH+wbkxO21oUBYzl6yukK0onXZje7Qs03Nz3Y9WMjyMB bC1/OWAAVK5zcZ2TmGFaSgEc32bt7lMvxyb7hR6aj4CC6OXOA3A7a/SK1HScnA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4c2qln543xz10Tl; Thu, 14 Aug 2025 16:03:17 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 57EG3Hv4080166; Thu, 14 Aug 2025 16:03:17 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 57EG3H4k080163; Thu, 14 Aug 2025 16:03:17 GMT (envelope-from git) Date: Thu, 14 Aug 2025 16:03:17 GMT Message-Id: <202508141603.57EG3H4k080163@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Dag-Erling =?utf-8?Q?Sm=C3=B8rgrav?= Subject: git: 1229e3a06de9 - stable/13 - indent: Fix buffer overflow List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: des X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 1229e3a06de93a16b46185f41e4f64db6de63896 Auto-Submitted: auto-generated The branch stable/13 has been updated by des: URL: https://cgit.FreeBSD.org/src/commit/?id=1229e3a06de93a16b46185f41e4f64db6de63896 commit 1229e3a06de93a16b46185f41e4f64db6de63896 Author: Dag-Erling Smørgrav AuthorDate: 2025-08-07 23:34:07 +0000 Commit: Dag-Erling Smørgrav CommitDate: 2025-08-14 14:00:06 +0000 indent: Fix buffer overflow The function used to create a backup of the input before starting work used a static buffer and did not check that the file name it constructed did not overflow. Switch to using asprintf(), clean up the rest of the function, and update some comments that still referred to an earlier version of the code. MFC after: 1 week Sponsored by: Klara, Inc. Reviewed by: bnovkov Differential Revision: https://reviews.freebsd.org/D51796 (cherry picked from commit eb41613d22977798f41dd979e4e4ec0965711916) --- usr.bin/indent/indent.c | 40 ++++++++++++++------------------- usr.bin/indent/tests/functional_test.sh | 18 +++++++++++++++ 2 files changed, 35 insertions(+), 23 deletions(-) diff --git a/usr.bin/indent/indent.c b/usr.bin/indent/indent.c index 5d97a5069add..5e1c4f56f420 100644 --- a/usr.bin/indent/indent.c +++ b/usr.bin/indent/indent.c @@ -90,7 +90,6 @@ const char *out_name = "Standard Output"; /* will always point to name * of output file */ const char *simple_backup_suffix = ".BAK"; /* Suffix to use for backup * files */ -char bakfile[MAXPATHLEN] = ""; int main(int argc, char **argv) @@ -1238,41 +1237,35 @@ check_type: } /* - * copy input file to backup file if in_name is /blah/blah/blah/file, then - * backup file will be ".Bfile" then make the backup file the input and + * copy input file to backup file then make the backup file the input and * original input file the output */ static void bakcopy(void) { - int n, - bakchn; - char buff[8 * 1024]; - const char *p; - - /* construct file name .Bfile */ - for (p = in_name; *p; p++); /* skip to end of string */ - while (p > in_name && *p != '/') /* find last '/' */ - p--; - if (*p == '/') - p++; - sprintf(bakfile, "%s%s", p, simple_backup_suffix); + static char buff[8 * 1024]; + char *bakfile; + ssize_t len; + int bakfd; + + /* generate the backup file name */ + if (asprintf(&bakfile, "%s%s", in_name, simple_backup_suffix) < 0) + err(1, "%s%s", in_name, simple_backup_suffix); /* copy in_name to backup file */ - bakchn = creat(bakfile, 0600); - if (bakchn < 0) + bakfd = open(bakfile, O_RDWR | O_CREAT | O_TRUNC, 0600); + if (bakfd < 0) err(1, "%s", bakfile); - while ((n = read(fileno(input), buff, sizeof(buff))) > 0) - if (write(bakchn, buff, n) != n) + while ((len = read(fileno(input), buff, sizeof(buff))) > 0) + if (write(bakfd, buff, len) != len) err(1, "%s", bakfile); - if (n < 0) + if (len < 0) err(1, "%s", in_name); - close(bakchn); fclose(input); /* re-open backup file as the input file */ - input = fopen(bakfile, "r"); - if (input == NULL) + input = fdopen(bakfd, "r"); + if (input == NULL || fseek(input, 0, SEEK_SET) != 0) err(1, "%s", bakfile); /* now the original input file will be the output */ output = fopen(in_name, "w"); @@ -1280,6 +1273,7 @@ bakcopy(void) unlink(bakfile); err(1, "%s", in_name); } + free(bakfile); } static void diff --git a/usr.bin/indent/tests/functional_test.sh b/usr.bin/indent/tests/functional_test.sh index 3f4431038234..9cfe5878f69d 100755 --- a/usr.bin/indent/tests/functional_test.sh +++ b/usr.bin/indent/tests/functional_test.sh @@ -3,6 +3,7 @@ # # Copyright 2016 Dell EMC # All rights reserved. +# Copyright (c) 2025 Klara, Inc. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are @@ -56,9 +57,26 @@ add_legacy_testcase() atf_add_test_case ${tc%.[0-9]} } +atf_test_case backup_suffix +backup_suffix_body() +{ + local argmax=$(sysctl -n kern.argmax) + local suffix=$(jot -b .bak -s '' $((argmax/5))) + local code=$'int main() {}\n' + + printf "${code}" >input.c + + atf_check indent input.c + atf_check -o inline:"${code}" cat input.c.BAK + + atf_check -s exit:1 -e match:"name too long"\ + env SIMPLE_BACKUP_SUFFIX=${suffix} indent input.c +} + atf_init_test_cases() { for tc in $(find -s "${SRCDIR}" -name '*.[0-9]'); do add_legacy_testcase "${tc##*/}" done + atf_add_test_case backup_suffix }