From owner-svn-src-head@freebsd.org Wed May 31 16:07:33 2017 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7FCD9B7D713; Wed, 31 May 2017 16:07:33 +0000 (UTC) (envelope-from asomers@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5C2EC81505; Wed, 31 May 2017 16:07:33 +0000 (UTC) (envelope-from asomers@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v4VG7WmC015052; Wed, 31 May 2017 16:07:32 GMT (envelope-from asomers@FreeBSD.org) Received: (from asomers@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v4VG7WcO015049; Wed, 31 May 2017 16:07:32 GMT (envelope-from asomers@FreeBSD.org) Message-Id: <201705311607.v4VG7WcO015049@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: asomers set sender to asomers@FreeBSD.org using -f From: Alan Somers Date: Wed, 31 May 2017 16:07:32 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r319339 - in head/bin/dd: . tests X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 31 May 2017 16:07:33 -0000 Author: asomers Date: Wed May 31 16:07:32 2017 New Revision: 319339 URL: https://svnweb.freebsd.org/changeset/base/319339 Log: Fix integer overflow detection in dd dd(1) tried to detect whether the seek offset would overflow, but it failed to account for the case where the provided argument was negative and the file was a regular file (negative seeks are allowed for character devices). I fixed it, and added a regression test. Reported by: Coverity CID: 1368659 MFC after: 3 weeks Sponsored by: Spectra Logic Corp Added: head/bin/dd/tests/dd2_test.sh (contents, props changed) Modified: head/bin/dd/position.c head/bin/dd/tests/Makefile Modified: head/bin/dd/position.c ============================================================================== --- head/bin/dd/position.c Wed May 31 15:05:44 2017 (r319338) +++ head/bin/dd/position.c Wed May 31 16:07:32 2017 (r319339) @@ -70,7 +70,7 @@ seek_offset(IO *io) * * Bail out if the calculation of a file offset would overflow. */ - if ((io->flags & ISCHR) == 0 && n > OFF_MAX / (ssize_t)sz) + if ((io->flags & ISCHR) == 0 && (n < 0 || n > OFF_MAX / (ssize_t)sz)) errx(1, "seek offsets cannot be larger than %jd", (intmax_t)OFF_MAX); else if ((io->flags & ISCHR) != 0 && (uint64_t)n > UINT64_MAX / sz) Modified: head/bin/dd/tests/Makefile ============================================================================== --- head/bin/dd/tests/Makefile Wed May 31 15:05:44 2017 (r319338) +++ head/bin/dd/tests/Makefile Wed May 31 16:07:32 2017 (r319339) @@ -1,5 +1,10 @@ # $FreeBSD$ +.include + +.PATH: ${.CURDIR}/.. + +ATF_TESTS_SH= dd2_test NETBSD_ATF_TESTS_SH= dd_test .include Added: head/bin/dd/tests/dd2_test.sh ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/bin/dd/tests/dd2_test.sh Wed May 31 16:07:32 2017 (r319339) @@ -0,0 +1,50 @@ +# +# Copyright (c) 2017 Spectra Logic Corporation +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS +# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# +# $FreeBSD$ + + +atf_test_case seek_overflow +seek_overflow_head() { + atf_set "descr" "dd(1) should reject too-large seek values" +} +seek_overflow_body() { + touch f.in + # Positive tests + seek=`echo "2^63 / 4096 - 1" | bc` + atf_check -s exit:0 -e ignore dd if=f.in of=f.out bs=4096 seek=$seek + + # Negative tests + seek=`echo "2^63 / 4096" | bc` + atf_check -s not-exit:0 -e match:"seek offsets cannot be larger than" \ + dd if=f.in of=f.out bs=4096 seek=$seek + atf_check -s not-exit:0 -e match:"seek offsets cannot be larger than" \ + dd if=f.in of=f.out bs=4096 seek=-1 +} + +atf_init_test_cases() +{ + atf_add_test_case seek_overflow +}