Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 6 Feb 2022 10:41:31 -0500
From:      Shawn Webb <shawn.webb@hardenedbsd.org>
To:        Dimitry Andric <dim@FreeBSD.org>
Cc:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
Subject:   Re: git: e17fede8ff46 - main - Fix too small sscanf output buffers in kbdmap
Message-ID:  <20220206154131.ym3wthb4jby4jz25@mutt-hbsd>
In-Reply-To: <202202061526.216FQ0uH082668@gitrepo.freebsd.org>
References:  <202202061526.216FQ0uH082668@gitrepo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

--kaoezzxq67p6ovag
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, Feb 06, 2022 at 03:26:00PM +0000, Dimitry Andric wrote:
> The branch main has been updated by dim:
>=20
> URL: https://cgit.FreeBSD.org/src/commit/?id=3De17fede8ff4629b5ff640ed660=
940b04c70da0b6
>=20
> commit e17fede8ff4629b5ff640ed660940b04c70da0b6
> Author:     Dimitry Andric <dim@FreeBSD.org>
> AuthorDate: 2022-02-06 15:25:11 +0000
> Commit:     Dimitry Andric <dim@FreeBSD.org>
> CommitDate: 2022-02-06 15:25:25 +0000
>=20
>     Fix too small sscanf output buffers in kbdmap
>    =20
>     This fixes the following warnings from clang 14:
>    =20
>     usr.sbin/kbdmap/kbdmap.c:241:16: error: 'sscanf' may overflow; destin=
ation buffer in argument 5 has size 20, but the corresponding specifier may=
 require size 21 [-Werror,-Wfortify-source]
>                                 &a, &b, buf);
>                                         ^
>     usr.sbin/kbdmap/kbdmap.c:615:8: error: 'sscanf' may overflow; destina=
tion buffer in argument 3 has size 64, but the corresponding specifier may =
require size 65 [-Werror,-Wfortify-source]
>                                 keym, lng, desc);
>                                 ^
>     usr.sbin/kbdmap/kbdmap.c:615:14: error: 'sscanf' may overflow; destin=
ation buffer in argument 4 has size 64, but the corresponding specifier may=
 require size 65 [-Werror,-Wfortify-source]
>                                 keym, lng, desc);
>                                       ^
>     usr.sbin/kbdmap/kbdmap.c:615:19: error: 'sscanf' may overflow; destin=
ation buffer in argument 5 has size 256, but the corresponding specifier ma=
y require size 257 [-Werror,-Wfortify-source]
>                                 keym, lng, desc);
>                                            ^
>    =20
>     In each case, the buffer being sscanf'd into is one byte too small.
>    =20
>     MFC after:       3 days
> ---
>  usr.sbin/kbdmap/kbdmap.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>=20
> diff --git a/usr.sbin/kbdmap/kbdmap.c b/usr.sbin/kbdmap/kbdmap.c
> index a11956b682ee..0702c1e66e94 100644
> --- a/usr.sbin/kbdmap/kbdmap.c
> +++ b/usr.sbin/kbdmap/kbdmap.c
> @@ -225,7 +225,7 @@ get_extension(const char *name)
>  static char *
>  get_font(void)
>  {
> -	char line[256], buf[20];
> +	char line[256], buf[21];
>  	char *fnt =3D NULL;
> =20
>  	FILE *fp =3D fopen(sysconfig, "r");
> @@ -566,7 +566,7 @@ menu_read(void)
>  	char *p;
>  	int mark, num_keymaps, items, i;
>  	char buffer[256], filename[PATH_MAX];
> -	char keym[64], lng[64], desc[256];
> +	char keym[65], lng[65], desc[257];
>  	char dialect[64], lang_abk[64];
>  	struct keymap *km;
>  	struct keymap **km_sorted;
>=20

Hey Dimitry,

Would commits like this and d310bf3867b4168e57365196c3a31797c0538097
normally cause SAs? Off-by-one bugs are typically considered security
bugs.

Thanks,

--=20
Shawn Webb
Cofounder / Security Engineer
HardenedBSD

https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A=
4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc

--kaoezzxq67p6ovag
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEA6TL67gupaZ9nzhT/y5nonf44foFAmH/7CkACgkQ/y5nonf4
4fo88xAAjugbPBiBYxFLKU5aehVPKtFALlN9AtNS0H0wcRTLO1+2sTwtfWhFpY/N
p5aFK/OGSmdZYe4740RhKDj2CpN3O5YYDMDy3VSRR8PvDZyV44bTiS4yvKjnKCTq
sXOhrmaXZcSAnZzEZt806TbIiS9MgE9dIpXhAexmg7oQXuR1mtctiYvdMebhsu4Y
4CT0xzLKkZibbxpCd5ab/MleslpU2H9f3lImXpVgAJ8nee/58oOlh4fVHZafFTUn
ybVcKk23jDpY+xX8xuNjyJm6kmJpSNgvYbCYh/N8psv514LFPyP/qY6TpeAtO7Io
gkiH6BIVkn0wyqpvURVShCcc2gfOpFQEe5uoeSFM9FDJnEbkUmxxLYcQT1Os/ywc
p6BEYDMb0h64Cmr/17JjIOjXTUmjAG6fHAH7eYD+v1eUWqGgLUxlMx7h1/7wKlY4
HP+9/8jg8zMkAFsFWPp0vZnltnGZIm1O4NDy9jTbJY9CcBox/4ELRfqeUbjh6OfX
5a1ntRDbDuqetqVM3usfYGFbO2dDXQY/qusxhSUu7sIk61JrKgN+0wYcaBV9ppKe
UPoFrp0HiXBKbhHNFbd4Vm2GfkjPw0+TjzGibOufjFb8L/Rt8E1x+wKYgxVes4oP
NF3oCdWcxjqclYPuzReralGQZc/He9mTcJYJ4tnXG3DS9IYrWIM=
=enuN
-----END PGP SIGNATURE-----

--kaoezzxq67p6ovag--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20220206154131.ym3wthb4jby4jz25>