Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 16 Aug 2018 18:37:48 +0000 (UTC)
From:      Kyle Evans <kevans@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r337921 - head/lib/libbe
Message-ID:  <201808161837.w7GIbmLi044921@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: kevans
Date: Thu Aug 16 18:37:47 2018
New Revision: 337921
URL: https://svnweb.freebsd.org/changeset/base/337921

Log:
  libbe(3): Prefer safer versions of strcat/strcpy
  
  Or, in the activate case, just use snprintf since that's effectively what
  we're doing anyways.

Modified:
  head/lib/libbe/be.c
  head/lib/libbe/be_access.c
  head/lib/libbe/libbe.3

Modified: head/lib/libbe/be.c
==============================================================================
--- head/lib/libbe/be.c	Thu Aug 16 18:35:39 2018	(r337920)
+++ head/lib/libbe/be.c	Thu Aug 16 18:37:47 2018	(r337921)
@@ -91,7 +91,6 @@ libbe_init(void)
 
 	lbh = NULL;
 	poolname = pos = NULL;
-	pnamelen = 0;
 	rootds = NULL;
 
 	/* Verify that /boot and / are mounted on the same filesystem */
@@ -138,6 +137,8 @@ libbe_init(void)
 	strlcpy(poolname, lbh->root, pnamelen + 1);
 	if ((lbh->active_phandle = zpool_open(lbh->lzh, poolname)) == NULL)
 		goto err;
+	free(poolname);
+	poolname = NULL;
 
 	if (zpool_get_prop(lbh->active_phandle, ZPOOL_PROP_BOOTFS, lbh->bootfs,
 	    sizeof(lbh->bootfs), NULL, true) != 0)
@@ -218,7 +219,6 @@ be_destroy(libbe_handle_t *lbh, const char *name, int 
 
 	p = path;
 	force = options & BE_DESTROY_FORCE;
-	err = BE_ERR_SUCCESS;
 
 	be_root_concat(lbh, name, path);
 
@@ -274,8 +274,12 @@ be_snapshot(libbe_handle_t *lbh, const char *source, c
 		return (BE_ERR_NOENT);
 
 	if (snap_name != NULL) {
-		strcat(buf, "@");
-		strcat(buf, snap_name);
+		if (strlcat(buf, "@", sizeof(buf)) >= sizeof(buf))
+			return (set_error(lbh, BE_ERR_INVALIDNAME));
+
+		if (strlcat(buf, snap_name, sizeof(buf)) >= sizeof(buf))
+			return (set_error(lbh, BE_ERR_INVALIDNAME));
+
 		if (result != NULL)
 			snprintf(result, BE_MAXPATHLEN, "%s@%s", source,
 			    snap_name);
@@ -284,8 +288,9 @@ be_snapshot(libbe_handle_t *lbh, const char *source, c
 		len = strlen(buf);
 		strftime(buf + len, sizeof(buf) - len,
 		    "@%F-%T", localtime(&rawtime));
-		if (result != NULL)
-			strcpy(result, strrchr(buf, '/') + 1);
+		if (result != NULL && strlcpy(result, strrchr(buf, '/') + 1,
+		    sizeof(buf)) >= sizeof(buf))
+			return (set_error(lbh, BE_ERR_INVALIDNAME));
 	}
 
 	if ((err = zfs_snapshot(lbh->lzh, buf, recursive, NULL)) != 0) {
@@ -942,9 +947,7 @@ be_activate(libbe_handle_t *lbh, const char *bootenv, 
 			return (set_error(lbh, BE_ERR_UNKNOWN));
 
 		/* Expected format according to zfsbootcfg(8) man */
-		strcpy(buf, "zfs:");
-		strcat(buf, be_path);
-		strcat(buf, ":");
+		snprintf(buf, sizeof(buf), "zfs:%s:", be_path);
 
 		/* We have no config tree */
 		if (nvlist_lookup_nvlist(config, ZPOOL_CONFIG_VDEV_TREE,

Modified: head/lib/libbe/be_access.c
==============================================================================
--- head/lib/libbe/be_access.c	Thu Aug 16 18:35:39 2018	(r337920)
+++ head/lib/libbe/be_access.c	Thu Aug 16 18:37:47 2018	(r337921)
@@ -124,7 +124,7 @@ be_mount(libbe_handle_t *lbh, char *bootenv, char *mou
 
 	/* Create mountpoint if it is not specified */
 	if (mountpoint == NULL) {
-		strcpy(mnt_temp, "/tmp/be_mount.XXXX");
+		strlcpy(mnt_temp, "/tmp/be_mount.XXXX", sizeof(mnt_temp));
 		if (mkdtemp(mnt_temp) == NULL)
 			return (set_error(lbh, BE_ERR_IO));
 	}
@@ -149,7 +149,8 @@ be_mount(libbe_handle_t *lbh, char *bootenv, char *mou
 	}
 
 	if (result_loc != NULL)
-		strcpy(result_loc, mountpoint == NULL ? mnt_temp : mountpoint);
+		strlcpy(result_loc, mountpoint == NULL ? mnt_temp : mountpoint,
+		    BE_MAXPATHLEN);
 
 	return (BE_ERR_SUCCESS);
 }

Modified: head/lib/libbe/libbe.3
==============================================================================
--- head/lib/libbe/libbe.3	Thu Aug 16 18:35:39 2018	(r337920)
+++ head/lib/libbe/libbe.3	Thu Aug 16 18:37:47 2018	(r337921)
@@ -28,7 +28,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd August 12, 2018
+.Dd August 16, 2018
 .Dt LIBBE 3
 .Os
 .Sh NAME
@@ -267,6 +267,9 @@ If
 .Fa result
 is not
 .Dv NULL ,
+it should be large enough to accommodate
+.Dv BE_MAXPATHLEN
+including the null terminator.
 the final mount point will be copied into it.
 Setting the
 .Dv BE_MNT_FORCE



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201808161837.w7GIbmLi044921>