From owner-dev-commits-src-all@freebsd.org Tue Dec 29 16:43:02 2020 Return-Path: Delivered-To: dev-commits-src-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3F3904C4A2B; Tue, 29 Dec 2020 16:43:02 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4D50bB1JnXz4p5v; Tue, 29 Dec 2020 16:43:02 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 1FC3371DB; Tue, 29 Dec 2020 16:43:02 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 0BTGh2RD045927; Tue, 29 Dec 2020 16:43:02 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 0BTGh2Wo045926; Tue, 29 Dec 2020 16:43:02 GMT (envelope-from git) Date: Tue, 29 Dec 2020 16:43:02 GMT Message-Id: <202012291643.0BTGh2Wo045926@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kyle Evans Subject: git: 929eb23231d5 - stable/12 - Lift scope of buf[] to make it extend to a potential access via *basename MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kevans X-Git-Repository: src X-Git-Refname: refs/heads/stable/12 X-Git-Reftype: branch X-Git-Commit: 929eb23231d5e5b19b57b7a514c7ff99d79967dc Auto-Submitted: auto-generated X-BeenThere: dev-commits-src-all@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "Commit messages for all branches of the src repository." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Dec 2020 16:43:02 -0000 The branch stable/12 has been updated by kevans: URL: https://cgit.FreeBSD.org/src/commit/?id=929eb23231d5e5b19b57b7a514c7ff99d79967dc commit 929eb23231d5e5b19b57b7a514c7ff99d79967dc Author: Stefan Eßer AuthorDate: 2020-12-10 09:31:05 +0000 Commit: Kyle Evans CommitDate: 2020-12-29 16:37:32 +0000 Lift scope of buf[] to make it extend to a potential access via *basename It can be assumed that the contents of the buffer was still allocated and valid at the point of the out-of-scope access, so there was no security issue in practice. (cherry picked from commit 7483b9e4dcfb4c444f8b5d54117fb6c8c48c20e9) --- usr.sbin/crunch/crunchgen/crunched_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr.sbin/crunch/crunchgen/crunched_main.c b/usr.sbin/crunch/crunchgen/crunched_main.c index 5ce4416a137f..45f61baae23e 100644 --- a/usr.sbin/crunch/crunchgen/crunched_main.c +++ b/usr.sbin/crunch/crunchgen/crunched_main.c @@ -114,6 +114,7 @@ main(int argc, char **argv, char **envp) { struct stub *ep = NULL; const char *basename = NULL; + char buf[MAXPATHLEN]; /* * Look at __progname first (this will be set if the crunched binary is @@ -141,7 +142,6 @@ main(int argc, char **argv, char **envp) * try AT_EXECPATH to get the actual binary that was executed. */ if (ep == NULL) { - char buf[MAXPATHLEN]; int error = elf_aux_info(AT_EXECPATH, &buf, sizeof(buf)); if (error == 0) {