From nobody Thu Aug 7 23:34:43 2025 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4byk5w0Dbsz63gB5; Thu, 07 Aug 2025 23:34:44 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4byk5v5XGtz3PyW; Thu, 07 Aug 2025 23:34:43 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1754609683; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=9RINtRULyfBeqI5C/IFuHgFFKGRrhR5xMkyvV6Y3Ngw=; b=I4dbdn4/elxYC5VWGYHj3LnYHWL20jiVelR9jW8Aph6XCbwtbJxO5Gs5QhgTSqpgEMECSF 0pQsYwDDcIl6sC7mKh0VSqmoqZSLH75sZJ5wQ5mWSn01QFF3THiFvb4FLjmTrpwgGzjKfq 6xziokX3NsQFij2y7C+3n89ckop64rpvb+O0lP3PpZclrHRYiUXiKWm2jqm6g24PXgNB1x 8+7L5OnS7/AoWYZ7A4V8gG+dVHAofTYkF476RTLinbSMEyeecv7AxFUHEp+Ej/oSnVqA5J zarxjO3QRHqnRlsZuuvFKy7E6P0Dxmguj8XIFMtW5s/h1MS0P3JsO5Fs7/+7rw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1754609683; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=9RINtRULyfBeqI5C/IFuHgFFKGRrhR5xMkyvV6Y3Ngw=; b=WYXmNrR9rn7EyVPBY0tc0JD/uP6wqMGH00S+Mj0O5t1OmAc9cyLLH5IBLZtNUNfP7V0YTO HoFwfmakKJ1+2312f8w2kUCyjDouxHK9D2teQy96HUcHpXeHtBjXjPtNVuRLiF6MeIGTng dzRDHoHHrac+/LPcHrQazOTCda0GAvt8dOvR8DY+MZfanT4pHLdUtTCL37Q1RvLdGk5OSr zgiIJxJitVQdfMmwGOu2ALErCtFTJ6Rf9O7Gq7xiL+AJz4ud8n0Ebe6AuoJVDGI66r71bK Sxr5ImBXIaF2TVJGzkQSFf2GJE1bQCiBynKzVkxNnTwbfx3ZQUtbWV/RE6gEbQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1754609683; a=rsa-sha256; cv=none; b=xwRFrrYK9Mb4HJuzBJWUyNqGKj7s+qKux4YBb+S/Xo/1qvmBO0pPnPU+6gj0Aj7/YUGbwM h6G2KQoEL8IHLtaA72f0YEEMnaT96Q8M+up2JF0W3jwniFaMdjSyZY8Vr14Zwmf5SI5NIB cJrevj2PXDON6YLVdte9pvDEQoH/Mlpw6qMwDUOdVb3xthdWWYxhMaZX5/UabwyHPVofKu AfXK+ZsKMg5YVT5MRVQQssavMwJ5jhY/vBlq2t5LGfyWMD439VNafoojhFWdZ9QOLkCK2R Hzn6F26B5I4axxFdEgUymQgk63XfZZ6fw7VG7W8F7flCyPI/r5T49Nl6RFxS5A== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4byk5v52bVz1Qfr; Thu, 07 Aug 2025 23:34:43 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 577NYhuo060693; Thu, 7 Aug 2025 23:34:43 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 577NYhYb060690; Thu, 7 Aug 2025 23:34:43 GMT (envelope-from git) Date: Thu, 7 Aug 2025 23:34:43 GMT Message-Id: <202508072334.577NYhYb060690@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Dag-Erling =?utf-8?Q?Sm=C3=B8rgrav?= Subject: git: eb41613d2297 - main - indent: Fix buffer overflow List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: des X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: eb41613d22977798f41dd979e4e4ec0965711916 Auto-Submitted: auto-generated The branch main has been updated by des: URL: https://cgit.FreeBSD.org/src/commit/?id=eb41613d22977798f41dd979e4e4ec0965711916 commit eb41613d22977798f41dd979e4e4ec0965711916 Author: Dag-Erling Smørgrav AuthorDate: 2025-08-07 23:34:07 +0000 Commit: Dag-Erling Smørgrav CommitDate: 2025-08-07 23:34:07 +0000 indent: Fix buffer overflow The function used to create a backup of the input before starting work used a static buffer and did not check that the file name it constructed did not overflow. Switch to using asprintf(), clean up the rest of the function, and update some comments that still referred to an earlier version of the code. MFC after: 1 week Sponsored by: Klara, Inc. Reviewed by: bnovkov Differential Revision: https://reviews.freebsd.org/D51796 --- usr.bin/indent/indent.c | 40 ++++++++++++++------------------- usr.bin/indent/tests/functional_test.sh | 18 +++++++++++++++ 2 files changed, 35 insertions(+), 23 deletions(-) diff --git a/usr.bin/indent/indent.c b/usr.bin/indent/indent.c index 4739e861fef9..3ea78e1f153e 100644 --- a/usr.bin/indent/indent.c +++ b/usr.bin/indent/indent.c @@ -83,7 +83,6 @@ const char *out_name = "Standard Output"; /* will always point to name * of output file */ const char *simple_backup_suffix = ".BAK"; /* Suffix to use for backup * files */ -char bakfile[MAXPATHLEN] = ""; int main(int argc, char **argv) @@ -1231,41 +1230,35 @@ check_type: } /* - * copy input file to backup file if in_name is /blah/blah/blah/file, then - * backup file will be ".Bfile" then make the backup file the input and + * copy input file to backup file then make the backup file the input and * original input file the output */ static void bakcopy(void) { - int n, - bakchn; - char buff[8 * 1024]; - const char *p; - - /* construct file name .Bfile */ - for (p = in_name; *p; p++); /* skip to end of string */ - while (p > in_name && *p != '/') /* find last '/' */ - p--; - if (*p == '/') - p++; - sprintf(bakfile, "%s%s", p, simple_backup_suffix); + static char buff[8 * 1024]; + char *bakfile; + ssize_t len; + int bakfd; + + /* generate the backup file name */ + if (asprintf(&bakfile, "%s%s", in_name, simple_backup_suffix) < 0) + err(1, "%s%s", in_name, simple_backup_suffix); /* copy in_name to backup file */ - bakchn = creat(bakfile, 0600); - if (bakchn < 0) + bakfd = open(bakfile, O_RDWR | O_CREAT | O_TRUNC, 0600); + if (bakfd < 0) err(1, "%s", bakfile); - while ((n = read(fileno(input), buff, sizeof(buff))) > 0) - if (write(bakchn, buff, n) != n) + while ((len = read(fileno(input), buff, sizeof(buff))) > 0) + if (write(bakfd, buff, len) != len) err(1, "%s", bakfile); - if (n < 0) + if (len < 0) err(1, "%s", in_name); - close(bakchn); fclose(input); /* re-open backup file as the input file */ - input = fopen(bakfile, "r"); - if (input == NULL) + input = fdopen(bakfd, "r"); + if (input == NULL || fseek(input, 0, SEEK_SET) != 0) err(1, "%s", bakfile); /* now the original input file will be the output */ output = fopen(in_name, "w"); @@ -1273,6 +1266,7 @@ bakcopy(void) unlink(bakfile); err(1, "%s", in_name); } + free(bakfile); } static void diff --git a/usr.bin/indent/tests/functional_test.sh b/usr.bin/indent/tests/functional_test.sh index 3f4431038234..9cfe5878f69d 100755 --- a/usr.bin/indent/tests/functional_test.sh +++ b/usr.bin/indent/tests/functional_test.sh @@ -3,6 +3,7 @@ # # Copyright 2016 Dell EMC # All rights reserved. +# Copyright (c) 2025 Klara, Inc. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are @@ -56,9 +57,26 @@ add_legacy_testcase() atf_add_test_case ${tc%.[0-9]} } +atf_test_case backup_suffix +backup_suffix_body() +{ + local argmax=$(sysctl -n kern.argmax) + local suffix=$(jot -b .bak -s '' $((argmax/5))) + local code=$'int main() {}\n' + + printf "${code}" >input.c + + atf_check indent input.c + atf_check -o inline:"${code}" cat input.c.BAK + + atf_check -s exit:1 -e match:"name too long"\ + env SIMPLE_BACKUP_SUFFIX=${suffix} indent input.c +} + atf_init_test_cases() { for tc in $(find -s "${SRCDIR}" -name '*.[0-9]'); do add_legacy_testcase "${tc##*/}" done + atf_add_test_case backup_suffix }