Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 4 Nov 2020 14:31:53 +0000 (UTC)
From:      Alex Richardson <arichardson@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r367331 - head/usr.sbin/jls
Message-ID:  <202011041431.0A4EVrlA029127@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: arichardson
Date: Wed Nov  4 14:31:52 2020
New Revision: 367331
URL: https://svnweb.freebsd.org/changeset/base/367331

Log:
  Fix bad libbxo format strings in jls
  
  The existing format string for the empty case was trying to read varargs
  values that weren't passed to xo_emit. This appears to work on x86 (since
  the next argument is probably a pointer an empty string), but for CHERI
  we can bound variadic arguments and detect a read past the end.
  
  While touching these lines also use the libxo 'a' modifier to avoid having to
  construct the libxo format string using asprintf.
  
  Found by:	CHERI
  Reviewed By:	allanjude
  Differential Revision: https://reviews.freebsd.org/D26885

Modified:
  head/usr.sbin/jls/jls.c

Modified: head/usr.sbin/jls/jls.c
==============================================================================
--- head/usr.sbin/jls/jls.c	Wed Nov  4 14:13:29 2020	(r367330)
+++ head/usr.sbin/jls/jls.c	Wed Nov  4 14:31:52 2020	(r367331)
@@ -505,17 +505,13 @@ quoted_print(int pflags, char *name, char *value)
 {
 	int qc;
 	char *p = value;
-	char *param_name_value;
 
 	/* An empty string needs quoting. */
 	if (!*p) {
-		asprintf(&param_name_value, "{k:%s}{d:%s/\"\"}", name, name);
-		xo_emit(param_name_value);
-		free(param_name_value);
+		xo_emit("{ea:/%s}{da:/\"\"}", name, value, name);
 		return;
 	}
 
-	asprintf(&param_name_value, "{:%s/%%s}", name);
 	/*
 	 * The value will be surrounded by quotes if it contains spaces
 	 * or quotes.
@@ -528,9 +524,7 @@ quoted_print(int pflags, char *name, char *value)
 	if (qc && pflags & PRINT_QUOTED)
 		xo_emit("{P:/%c}", qc);
 
-	xo_emit(param_name_value, value);
-
-	free(param_name_value);
+	xo_emit("{a:/%s}", name, value);
 
 	if (qc && pflags & PRINT_QUOTED)
 		xo_emit("{P:/%c}", qc);

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202011041431.0A4EVrlA029127>