From owner-svn-src-all@freebsd.org  Thu Aug 16 18:37:49 2018
Return-Path: <owner-svn-src-all@freebsd.org>
Delivered-To: svn-src-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 44F0D1072638;
 Thu, 16 Aug 2018 18:37:49 +0000 (UTC)
 (envelope-from kevans@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id F0333726A6;
 Thu, 16 Aug 2018 18:37:48 +0000 (UTC)
 (envelope-from kevans@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id D1F361D380;
 Thu, 16 Aug 2018 18:37:48 +0000 (UTC)
 (envelope-from kevans@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w7GIbmqP044924;
 Thu, 16 Aug 2018 18:37:48 GMT (envelope-from kevans@FreeBSD.org)
Received: (from kevans@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id w7GIbmLi044921;
 Thu, 16 Aug 2018 18:37:48 GMT (envelope-from kevans@FreeBSD.org)
Message-Id: <201808161837.w7GIbmLi044921@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: kevans set sender to
 kevans@FreeBSD.org using -f
From: Kyle Evans <kevans@FreeBSD.org>
Date: Thu, 16 Aug 2018 18:37:48 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r337921 - head/lib/libbe
X-SVN-Group: head
X-SVN-Commit-Author: kevans
X-SVN-Commit-Paths: head/lib/libbe
X-SVN-Commit-Revision: 337921
X-SVN-Commit-Repository: base
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
 user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all/>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Aug 2018 18:37:49 -0000

Author: kevans
Date: Thu Aug 16 18:37:47 2018
New Revision: 337921
URL: https://svnweb.freebsd.org/changeset/base/337921

Log:
  libbe(3): Prefer safer versions of strcat/strcpy
  
  Or, in the activate case, just use snprintf since that's effectively what
  we're doing anyways.

Modified:
  head/lib/libbe/be.c
  head/lib/libbe/be_access.c
  head/lib/libbe/libbe.3

Modified: head/lib/libbe/be.c
==============================================================================
--- head/lib/libbe/be.c	Thu Aug 16 18:35:39 2018	(r337920)
+++ head/lib/libbe/be.c	Thu Aug 16 18:37:47 2018	(r337921)
@@ -91,7 +91,6 @@ libbe_init(void)
 
 	lbh = NULL;
 	poolname = pos = NULL;
-	pnamelen = 0;
 	rootds = NULL;
 
 	/* Verify that /boot and / are mounted on the same filesystem */
@@ -138,6 +137,8 @@ libbe_init(void)
 	strlcpy(poolname, lbh->root, pnamelen + 1);
 	if ((lbh->active_phandle = zpool_open(lbh->lzh, poolname)) == NULL)
 		goto err;
+	free(poolname);
+	poolname = NULL;
 
 	if (zpool_get_prop(lbh->active_phandle, ZPOOL_PROP_BOOTFS, lbh->bootfs,
 	    sizeof(lbh->bootfs), NULL, true) != 0)
@@ -218,7 +219,6 @@ be_destroy(libbe_handle_t *lbh, const char *name, int 
 
 	p = path;
 	force = options & BE_DESTROY_FORCE;
-	err = BE_ERR_SUCCESS;
 
 	be_root_concat(lbh, name, path);
 
@@ -274,8 +274,12 @@ be_snapshot(libbe_handle_t *lbh, const char *source, c
 		return (BE_ERR_NOENT);
 
 	if (snap_name != NULL) {
-		strcat(buf, "@");
-		strcat(buf, snap_name);
+		if (strlcat(buf, "@", sizeof(buf)) >= sizeof(buf))
+			return (set_error(lbh, BE_ERR_INVALIDNAME));
+
+		if (strlcat(buf, snap_name, sizeof(buf)) >= sizeof(buf))
+			return (set_error(lbh, BE_ERR_INVALIDNAME));
+
 		if (result != NULL)
 			snprintf(result, BE_MAXPATHLEN, "%s@%s", source,
 			    snap_name);
@@ -284,8 +288,9 @@ be_snapshot(libbe_handle_t *lbh, const char *source, c
 		len = strlen(buf);
 		strftime(buf + len, sizeof(buf) - len,
 		    "@%F-%T", localtime(&rawtime));
-		if (result != NULL)
-			strcpy(result, strrchr(buf, '/') + 1);
+		if (result != NULL && strlcpy(result, strrchr(buf, '/') + 1,
+		    sizeof(buf)) >= sizeof(buf))
+			return (set_error(lbh, BE_ERR_INVALIDNAME));
 	}
 
 	if ((err = zfs_snapshot(lbh->lzh, buf, recursive, NULL)) != 0) {
@@ -942,9 +947,7 @@ be_activate(libbe_handle_t *lbh, const char *bootenv, 
 			return (set_error(lbh, BE_ERR_UNKNOWN));
 
 		/* Expected format according to zfsbootcfg(8) man */
-		strcpy(buf, "zfs:");
-		strcat(buf, be_path);
-		strcat(buf, ":");
+		snprintf(buf, sizeof(buf), "zfs:%s:", be_path);
 
 		/* We have no config tree */
 		if (nvlist_lookup_nvlist(config, ZPOOL_CONFIG_VDEV_TREE,

Modified: head/lib/libbe/be_access.c
==============================================================================
--- head/lib/libbe/be_access.c	Thu Aug 16 18:35:39 2018	(r337920)
+++ head/lib/libbe/be_access.c	Thu Aug 16 18:37:47 2018	(r337921)
@@ -124,7 +124,7 @@ be_mount(libbe_handle_t *lbh, char *bootenv, char *mou
 
 	/* Create mountpoint if it is not specified */
 	if (mountpoint == NULL) {
-		strcpy(mnt_temp, "/tmp/be_mount.XXXX");
+		strlcpy(mnt_temp, "/tmp/be_mount.XXXX", sizeof(mnt_temp));
 		if (mkdtemp(mnt_temp) == NULL)
 			return (set_error(lbh, BE_ERR_IO));
 	}
@@ -149,7 +149,8 @@ be_mount(libbe_handle_t *lbh, char *bootenv, char *mou
 	}
 
 	if (result_loc != NULL)
-		strcpy(result_loc, mountpoint == NULL ? mnt_temp : mountpoint);
+		strlcpy(result_loc, mountpoint == NULL ? mnt_temp : mountpoint,
+		    BE_MAXPATHLEN);
 
 	return (BE_ERR_SUCCESS);
 }

Modified: head/lib/libbe/libbe.3
==============================================================================
--- head/lib/libbe/libbe.3	Thu Aug 16 18:35:39 2018	(r337920)
+++ head/lib/libbe/libbe.3	Thu Aug 16 18:37:47 2018	(r337921)
@@ -28,7 +28,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd August 12, 2018
+.Dd August 16, 2018
 .Dt LIBBE 3
 .Os
 .Sh NAME
@@ -267,6 +267,9 @@ If
 .Fa result
 is not
 .Dv NULL ,
+it should be large enough to accommodate
+.Dv BE_MAXPATHLEN
+including the null terminator.
 the final mount point will be copied into it.
 Setting the
 .Dv BE_MNT_FORCE