From nobody Tue May 14 06:59:08 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VdnJr4WFdz5KYfL; Tue, 14 May 2024 06:59:08 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4VdnJr3K87z4pkd; Tue, 14 May 2024 06:59:08 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1715669948; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=414uAsts6YODio8nexsL31XnNHX3vM6iIeL3EfvaOkE=; b=U+7+5JSc4HexT1IR1Douj7JMjsXT8KNJd6UvRt5iExcO0SkqZcpKElHr9qb+EmRaEDGZGX sDy83RT6WJ5nJ1MsUplJhiowtGbGFfcfW2HB2sRxWsbHIM19ia8dNoYGu5+1zA93nlOnNI gsltX7vetdDO6yG5MxJQNfebAhxB+JgrMD5a95hgyGj2J6sUYV1oItFC+GEcxWZ9/Yhxz/ vJviHzeaspLYsTAkViw3lboTkxRj3AXBkwyntTcTvHlZ+qLb1NxAXgtpPjtUob2WtTQEGy iNbRdBLq6lv31ND0/zKxmhdMfWv0pCJlqkkxShv93jH+PPl9vmA5kT44KRSX6A== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1715669948; a=rsa-sha256; cv=none; b=IFgEKor82SYJfTkP0e+TwcIQFm6xGNrgW/85o5N+6i5LUQDEWvfmXcXiclqlPyNXanTK6Q 7ylJS4OozfO/oxssODs/SbTcfo3Noa73iAeAxSL9zfWL/LhC5JhWMOTzlDy+68GP1pSfex i8BDkjrKihHfdrr2MOlLrl8zTcMImf5UF6QCLRsFG+oivAxjk31d17VnU4uY1eLE/FAVb3 kVWjdZYJ6uCu1RWOU775c6fNlYZfYaKl1ylFMFvMrZ1MYOYYWrfq/3uTk66wP1PW3aHFEW dFC4aJGu7jf5lhjN0OzI9SPjREryoC0qQ1Zz1b4y2zMMjLL5PGwU6sPwr9GFWA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1715669948; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=414uAsts6YODio8nexsL31XnNHX3vM6iIeL3EfvaOkE=; b=S8/vq1kXQ+8zFr5NXoJBYEQ09j49wp1aMYcdqBiR/TIMQ2JW4MLLb8gdO7j8WrCDVxxabR qgqUUxqncc/vZt6+jMKbnroFcE4alhrfSSvCbTYXxOIFIGQIuZUbmAZQVKnKdC9CfElsZq OREmbLhIOwUnydBz7ORpzhEt//O5ARVjYW4SRa/dTVLuBjt+eJ4ii4dicYgoq6Nwm9l46c Fmt8RwJf9Vrk+0xYkPghtxCe5tpQ8g/IQKJEQvI4+wrsuRQ9qNOew2uPgwiOfVSqtqihGs vQ30MWnustFDYXDFZ/X3cszjyYDYcPF/kzNzEOH5EY3gRSSnob3a1LLD5Uctkw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4VdnJr2xNhzMGx; Tue, 14 May 2024 06:59:08 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 44E6x8lu004816; Tue, 14 May 2024 06:59:08 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 44E6x8P5004812; Tue, 14 May 2024 06:59:08 GMT (envelope-from git) Date: Tue, 14 May 2024 06:59:08 GMT Message-Id: <202405140659.44E6x8P5004812@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Dag-Erling =?utf-8?Q?Sm=C3=B8rgrav?= Subject: git: 626ee3cac845 - stable/14 - tftpd: Add missing `-S` option to synopsis. List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: des X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 626ee3cac8458b355d4330c2099240d3ca881589 Auto-Submitted: auto-generated The branch stable/14 has been updated by des: URL: https://cgit.FreeBSD.org/src/commit/?id=626ee3cac8458b355d4330c2099240d3ca881589 commit 626ee3cac8458b355d4330c2099240d3ca881589 Author: Dag-Erling Smørgrav AuthorDate: 2024-05-10 21:15:37 +0000 Commit: Dag-Erling Smørgrav CommitDate: 2024-05-14 06:58:40 +0000 tftpd: Add missing `-S` option to synopsis. MFC after: 3 days Sponsored by: Klara, Inc. Reviewed by: imp, markj Differential Revision: https://reviews.freebsd.org/D45129 (cherry picked from commit 816c4d3dcf99adcd40a03d93431237ddbd23bbdf) tftpd: Drop unneeded includes. MFC after: 3 days Sponsored by: Klara, Inc. Reviewed by: imp, markj Differential Revision: https://reviews.freebsd.org/D45130 (cherry picked from commit 1111da6b7c612c571453a23a8dd02fd5e7e40b18) tftpd: Add missing include. This went unnoticed due to namespace pollution in our headers. MFC after: 3 days Sponsored by: Klara, Inc. Reviewed by: imp Differential Revision: https://reviews.freebsd.org/D45131 (cherry picked from commit ae285a8cbf1212bdc1b3f81219635bc1395fadee) tftpd: Satisfy clang-analyzer. * Replace `random()` with `arc4random()`. * Change some variable types. * Drop some unused assignments. MFC after: 3 days Sponsored by: Klara, Inc. Reviewed by: imp, markj Differential Revision: https://reviews.freebsd.org/D45132 (cherry picked from commit 4d09eb87c5d5bec2e2832f50537e2ce6f75f4117) tftpd: silence gcc overflow warnings GCC 13 complains that we might be writing too much to an on-stack buffer when createing a filename. In practice there is a check that filename isn't too long given the time format and other static characters so GCC is incorrect, but GCC isn't wrong that we're potentially trying to put a MAXPATHLEN length string + some other characters into a MAXPATHLEN buffer (if you ignore the check GCC can't realistically evaluate at compile time). Switch to snprintf to populate filename to ensure that future logic errors don't result in a stack overflow. Shorten the questionably named yyyymmdd buffer enough to slience the warning (checking the snprintf return value isn't sufficent) while preserving maximum flexibility for admins who use the -F option. MFC after: 3 days Sponsored by: Klara, Inc. Reviewed by: brooks Differential Revision: https://reviews.freebsd.org/D45086 (cherry picked from commit 25945af47e7a1d06c44c8c160045a866e90569ab) --- libexec/tftpd/tests/functional.c | 1 + libexec/tftpd/tftp-file.h | 1 - libexec/tftpd/tftp-io.c | 11 +++----- libexec/tftpd/tftp-io.h | 1 - libexec/tftpd/tftp-options.h | 1 - libexec/tftpd/tftp-transfer.h | 1 - libexec/tftpd/tftp-utils.c | 2 +- libexec/tftpd/tftp-utils.h | 3 +-- libexec/tftpd/tftpd.8 | 6 ++--- libexec/tftpd/tftpd.c | 56 +++++++++++++++++++++++++--------------- 10 files changed, 45 insertions(+), 38 deletions(-) diff --git a/libexec/tftpd/tests/functional.c b/libexec/tftpd/tests/functional.c index f31d2a893da1..32e5f85cf421 100644 --- a/libexec/tftpd/tests/functional.c +++ b/libexec/tftpd/tests/functional.c @@ -29,6 +29,7 @@ #include #include #include +#include #include #include diff --git a/libexec/tftpd/tftp-file.h b/libexec/tftpd/tftp-file.h index 0fb7f6c1decc..c424e5cbc75b 100644 --- a/libexec/tftpd/tftp-file.h +++ b/libexec/tftpd/tftp-file.h @@ -25,7 +25,6 @@ * SUCH DAMAGE. */ -#include int write_init(int fd, FILE *f, const char *mode); size_t write_file(char *buffer, int count); int write_close(void); diff --git a/libexec/tftpd/tftp-io.c b/libexec/tftpd/tftp-io.c index b5f39423fd60..aaacc9dd7f45 100644 --- a/libexec/tftpd/tftp-io.c +++ b/libexec/tftpd/tftp-io.c @@ -72,13 +72,13 @@ static struct errmsg { #define DROPPACKET(s) \ if (packetdroppercentage != 0 && \ - random()%100 < packetdroppercentage) { \ + arc4random()%100 < packetdroppercentage) { \ tftp_log(LOG_DEBUG, "Artificial packet drop in %s", s); \ return; \ } #define DROPPACKETn(s,n) \ if (packetdroppercentage != 0 && \ - random()%100 < packetdroppercentage) { \ + arc4random()%100 < packetdroppercentage) { \ tftp_log(LOG_DEBUG, "Artificial packet drop in %s", s); \ return (n); \ } @@ -157,10 +157,8 @@ send_error(int peer, int error) pe->e_msg = strerror(error - 100); tp->th_code = EUNDEF; /* set 'undef' errorcode */ } - strcpy(tp->th_msg, pe->e_msg); - length = strlen(pe->e_msg); - tp->th_msg[length] = '\0'; - length += 5; + snprintf(tp->th_msg, MAXPKTSIZE - 4, "%s%n", pe->e_msg, &length); + length += 5; /* header and terminator */ if (debug & DEBUG_PACKETS) tftp_log(LOG_DEBUG, "Sending ERROR %d: %s", error, tp->th_msg); @@ -331,7 +329,6 @@ send_ack(int fp, uint16_t block) DROPPACKETn("send_ack", 0); tp = (struct tftphdr *)buf; - size = sizeof(buf) - 2; tp->th_opcode = htons((u_short)ACK); tp->th_block = htons((u_short)block); size = 4; diff --git a/libexec/tftpd/tftp-io.h b/libexec/tftpd/tftp-io.h index 85934e824a1a..1d6bc2bd8b5e 100644 --- a/libexec/tftpd/tftp-io.h +++ b/libexec/tftpd/tftp-io.h @@ -25,7 +25,6 @@ * SUCH DAMAGE. */ -#include #define RP_NONE 0 #define RP_RECVFROM -1 #define RP_TOOSMALL -2 diff --git a/libexec/tftpd/tftp-options.h b/libexec/tftpd/tftp-options.h index c68db53de4e2..f1b0a5cfaf32 100644 --- a/libexec/tftpd/tftp-options.h +++ b/libexec/tftpd/tftp-options.h @@ -25,7 +25,6 @@ * SUCH DAMAGE. */ -#include /* * Options */ diff --git a/libexec/tftpd/tftp-transfer.h b/libexec/tftpd/tftp-transfer.h index 48431ebbc863..449f29c246e0 100644 --- a/libexec/tftpd/tftp-transfer.h +++ b/libexec/tftpd/tftp-transfer.h @@ -25,7 +25,6 @@ * SUCH DAMAGE. */ -#include int tftp_send(int peer, uint16_t *block, struct tftp_stats *tp); int tftp_receive(int peer, uint16_t *block, struct tftp_stats *tp, struct tftphdr *firstblock, size_t fb_size); diff --git a/libexec/tftpd/tftp-utils.c b/libexec/tftpd/tftp-utils.c index b309a94f7653..8ce7c09c9992 100644 --- a/libexec/tftpd/tftp-utils.c +++ b/libexec/tftpd/tftp-utils.c @@ -204,7 +204,7 @@ struct debugs debugs[] = { { DEBUG_ACCESS, "access", "TCPd access debugging" }, { DEBUG_NONE, NULL, "No debugging" }, }; -int packetdroppercentage = 0; +unsigned int packetdroppercentage = 0; int debug_find(char *s) diff --git a/libexec/tftpd/tftp-utils.h b/libexec/tftpd/tftp-utils.h index 763b3b493c7e..276dedcf74cd 100644 --- a/libexec/tftpd/tftp-utils.h +++ b/libexec/tftpd/tftp-utils.h @@ -25,7 +25,6 @@ * SUCH DAMAGE. */ -#include /* */ #define TIMEOUT 5 @@ -100,7 +99,7 @@ struct debugs { }; extern int debug; extern struct debugs debugs[]; -extern int packetdroppercentage; +extern unsigned int packetdroppercentage; int debug_find(char *s); int debug_finds(char *s); const char *debug_show(int d); diff --git a/libexec/tftpd/tftpd.8 b/libexec/tftpd/tftpd.8 index 3de042197618..24a743a92e14 100644 --- a/libexec/tftpd/tftpd.8 +++ b/libexec/tftpd/tftpd.8 @@ -27,7 +27,7 @@ .\" .\" @(#)tftpd.8 8.1 (Berkeley) 6/4/93 .\" -.Dd July 20, 2023 +.Dd May 8, 2024 .Dt TFTPD 8 .Os .Sh NAME @@ -35,11 +35,11 @@ .Nd Internet Trivial File Transfer Protocol server .Sh SYNOPSIS .Nm tftpd -.Op Fl cdClnow +.Op Fl CcdlnoSw .Op Fl F Ar strftime-format .Op Fl s Ar directory -.Op Fl u Ar user .Op Fl U Ar umask +.Op Fl u Ar user .Op Ar directory ... .Sh DESCRIPTION The diff --git a/libexec/tftpd/tftpd.c b/libexec/tftpd/tftpd.c index 78348a8c6aaf..00c1257ce548 100644 --- a/libexec/tftpd/tftpd.c +++ b/libexec/tftpd/tftpd.c @@ -172,7 +172,7 @@ main(int argc, char *argv[]) options_extra_enabled = 0; break; case 'p': - packetdroppercentage = atoi(optarg); + packetdroppercentage = (unsigned int)atoi(optarg); tftp_log(LOG_INFO, "Randomly dropping %d out of 100 packets", packetdroppercentage); @@ -463,9 +463,9 @@ static char * parse_header(int peer, char *recvbuffer, size_t size, char **filename, char **mode) { - char *cp; - int i; struct formats *pf; + char *cp; + size_t i; *mode = NULL; cp = recvbuffer; @@ -482,12 +482,11 @@ parse_header(int peer, char *recvbuffer, size_t size, i = get_field(peer, cp, size); *mode = cp; - cp += i; /* Find the file transfer mode */ - for (cp = *mode; *cp; cp++) - if (isupper(*cp)) - *cp = tolower(*cp); + for (; *cp; cp++) + if (isupper((unsigned char)*cp)) + *cp = tolower((unsigned char)*cp); for (pf = formats; pf->f_mode; pf++) if (strcmp(pf->f_mode, *mode) == 0) break; @@ -624,12 +623,20 @@ tftp_rrq(int peer, char *recvbuffer, size_t size) static int find_next_name(char *filename, int *fd) { - int i; + /* + * GCC "knows" that we might write all of yyyymmdd plus the static + * elemenents in the format into into newname and thus complains + * unless we reduce the size. This array is still too big, but since + * the format is user supplied, it's not clear what a better limit + * value would be and this is sufficent to silence the warnings. + */ + static const int suffix_len = strlen("..00"); + char yyyymmdd[MAXPATHLEN - suffix_len]; + char newname[MAXPATHLEN]; + int i, ret; time_t tval; - size_t len; + size_t len, namelen; struct tm lt; - char yyyymmdd[MAXPATHLEN]; - char newname[MAXPATHLEN]; /* Create the YYYYMMDD part of the filename */ time(&tval); @@ -637,26 +644,33 @@ find_next_name(char *filename, int *fd) len = strftime(yyyymmdd, sizeof(yyyymmdd), newfile_format, <); if (len == 0) { syslog(LOG_WARNING, - "Filename suffix too long (%d characters maximum)", - MAXPATHLEN); + "Filename suffix too long (%zu characters maximum)", + sizeof(yyyymmdd) - 1); return (EACCESS); } /* Make sure the new filename is not too long */ - if (strlen(filename) > MAXPATHLEN - len - 5) { + namelen = strlen(filename); + if (namelen >= sizeof(newname) - len - suffix_len) { syslog(LOG_WARNING, - "Filename too long (%zd characters, %zd maximum)", - strlen(filename), MAXPATHLEN - len - 5); + "Filename too long (%zu characters, %zu maximum)", + namelen, + sizeof(newname) - len - suffix_len - 1); return (EACCESS); } /* Find the first file which doesn't exist */ for (i = 0; i < 100; i++) { - sprintf(newname, "%s.%s.%02d", filename, yyyymmdd, i); - *fd = open(newname, - O_WRONLY | O_CREAT | O_EXCL, - S_IRUSR | S_IWUSR | S_IRGRP | - S_IWGRP | S_IROTH | S_IWOTH); + ret = snprintf(newname, sizeof(newname), "%s.%s.%02d", + filename, yyyymmdd, i); + /* + * Size checked above so this can't happen, we'd use a + * (void) cast, but gcc intentionally ignores that if + * snprintf has __attribute__((warn_unused_result)). + */ + if (ret < 0 || (size_t)ret >= sizeof(newname)) + __unreachable(); + *fd = open(newname, O_WRONLY | O_CREAT | O_EXCL, 0666); if (*fd > 0) return 0; }