src - OpenBSD base system

diff options


context:
space:
mode:

author	Stefan Sperling <stsp@cvs.openbsd.org>	2014-12-09 18:05:17 +0000
committer	Stefan Sperling <stsp@cvs.openbsd.org>	2014-12-09 18:05:17 +0000
commit	41f9ee410bda7fc608a9be1213ba38e793adb135 (patch)
tree	54a077729c2efb99838f42e9acff2415ac2e48a8
parent	3ab1f450d9d21aad4072c28200b090e71fb8cfd1 (diff)

Check strlcpy(), strlcat(), and snprintf() return values in sparc64 ofwboot.

tweak and ok millert@ miod@

Diffstat

-rw-r--r--

sys/arch/sparc64/stand/ofwboot/boot.c

-rw-r--r--

sys/arch/sparc64/stand/ofwboot/diskprobe.c

-rw-r--r--

sys/arch/sparc64/stand/ofwboot/ofdev.c

3 files changed, 71 insertions, 33 deletions

diff --git a/sys/arch/sparc64/stand/ofwboot/boot.c b/sys/arch/sparc64/stand/ofwboot/boot.c
index d4641ee80ad..514c73dd215 100644
--- a/sys/arch/sparc64/stand/ofwboot/boot.c
+++ b/sys/arch/sparc64/stand/ofwboot/boot.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: boot.c,v 1.21 2014/11/26 20:30:41 stsp Exp $ */

+/* $OpenBSD: boot.c,v 1.22 2014/12/09 18:05:16 stsp Exp $ */

/* $NetBSD: boot.c,v 1.3 2001/05/31 08:55:19 mrg Exp $ */

@@ -367,7 +367,7 @@ main()

int chosen;

char bootline[512]; /* Should check size? */

char *cp;

- int i, fd;

+ int i, fd, len;

#ifdef SOFTRAID

int err;

#endif

@@ -423,7 +423,12 @@ main()

kernels[0] = 0; /* no more iteration */

} else if (cp != bootline) {

printf("Trying %s...\n", cp);

- strlcpy(bootline, cp, sizeof bootline);

+ if (strlcpy(bootline, cp, sizeof bootline)

+ >= sizeof bootline) {

+ printf("bootargs too long: %s\n",

+ bootline);

+ _rtt();

+ }

}

if (!bootlp) {

@@ -450,14 +455,16 @@ main()

OF_setprop(chosen, "bootpath", opened_name, strlen(opened_name) + 1);

cp = bootline;

#else

- strlcpy(bootline, opened_name, sizeof bootline);

+ len = snprintf(bootline, sizeof bootline, "%s%s%s%s",

+ opened_name,

+ (boothowto & RB_ASKNAME) ? " -a" : "",

+ (boothowto & RB_SINGLE) ? " -s" : "",

+ (boothowto & RB_KDB) ? " -d" : "");

+ if (len >= sizeof bootline) {

+ printf("bootargs too long: %s\n", bootline);

+ _rtt();

+ }

#endif

- if (boothowto & RB_ASKNAME)

- strlcat(bootline, " -a", sizeof bootline);

- if (boothowto & RB_SINGLE)

- strlcat(bootline, " -s", sizeof bootline);

- if (boothowto & RB_KDB)

- strlcat(bootline, " -d", sizeof bootline);

#ifdef __notyet__

OF_setprop(chosen, "bootargs", bootline, strlen(bootline) + 1);

#endif

diff --git a/sys/arch/sparc64/stand/ofwboot/diskprobe.c b/sys/arch/sparc64/stand/ofwboot/diskprobe.c
index cc6099ee4c4..3d969a5eeef 100644
--- a/sys/arch/sparc64/stand/ofwboot/diskprobe.c
+++ b/sys/arch/sparc64/stand/ofwboot/diskprobe.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: diskprobe.c,v 1.2 2014/12/04 10:33:41 stsp Exp $ */

+/* $OpenBSD: diskprobe.c,v 1.3 2014/12/09 18:05:16 stsp Exp $ */

@@ -45,9 +45,12 @@ new_diskinfo(int node)

bzero(dip, sizeof(*dip));

len = OF_package_to_path(node, dip->path, sizeof(dip->path));

- if (len < 0 || len >= sizeof(dip->path)) {

+ if (len < 0) {

DPRINTF("could not get path for disk node %x\n", node);

goto bad;

+ } else if (len >= sizeof(dip->path)) {

+ printf("disk device path too long: %s", dip->path);

+ goto bad;

}

dip->path[len] = '\0';

@@ -61,8 +64,13 @@ new_diskinfo(int node)

break;

}

- if (unit == NULL)

- strlcat(dip->path, "@0", sizeof(dip->path));

+ if (unit == NULL) {

+ len = strlcat(dip->path, "@0", sizeof(dip->path));

+ if (len >= sizeof(dip->path)) {

+ printf("disk device path too long: %s", dip->path);

+ goto bad;

+ }

DPRINTF("found disk %s\n", dip->path);

diff --git a/sys/arch/sparc64/stand/ofwboot/ofdev.c b/sys/arch/sparc64/stand/ofwboot/ofdev.c
index b81d08e82b1..8df6326e188 100644
--- a/sys/arch/sparc64/stand/ofwboot/ofdev.c
+++ b/sys/arch/sparc64/stand/ofwboot/ofdev.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ofdev.c,v 1.23 2014/11/26 20:30:41 stsp Exp $ */

+/* $OpenBSD: ofdev.c,v 1.24 2014/12/09 18:05:16 stsp Exp $ */

/* $NetBSD: ofdev.c,v 1.1 2000/08/20 14:58:41 mrg Exp $ */

@@ -516,7 +516,8 @@ devopen(struct open_file *of, const char *name, char **file)

if (of->f_flags != F_READ)

return EPERM;

DNPRINTF(BOOT_D_OFDEV, "devopen: you want %s\n", name);

- strlcpy(fname, name, sizeof fname);

+ if (strlcpy(fname, name, sizeof fname) >= sizeof fname)

+ return ENAMETOOLONG;

#ifdef SOFTRAID

if (bootdev_dip) {

if (fname[0] == 's' && fname[1] == 'r' &&

@@ -539,36 +540,58 @@ devopen(struct open_file *of, const char *name, char **file)

cp = &fname[0];

}

snprintf(buf, sizeof buf, "sr%c:%c", volno, partition);

- strlcpy(opened_name, buf, sizeof opened_name);

+ if (strlcpy(opened_name, buf, sizeof opened_name)

+ >= sizeof opened_name)

+ return ENAMETOOLONG;

*file = opened_name + strlen(opened_name);

- if (!*cp)

- strlcpy(buf, DEFAULT_KERNEL, sizeof buf);

- else

- snprintf(buf, sizeof buf, "%s%s",

- *cp == '/' ? "" : "/", cp);

- strlcat(opened_name, buf, sizeof opened_name);

+ if (!*cp) {

+ if (strlcpy(buf, DEFAULT_KERNEL, sizeof buf)

+ >= sizeof buf)

+ return ENAMETOOLONG;

+ } else {

+ if (snprintf(buf, sizeof buf, "%s%s",

+ *cp == '/' ? "" : "/", cp) >= sizeof buf)

+ return ENAMETOOLONG;

+ }

+ if (strlcat(opened_name, buf, sizeof opened_name) >=

+ sizeof opened_name)

+ return ENAMETOOLONG;

} else {

#endif

cp = filename(fname, &partition);

if (cp) {

- strlcpy(buf, cp, sizeof buf);

+ if (strlcpy(buf, cp, sizeof buf) >= sizeof buf)

+ return ENAMETOOLONG;

*cp = 0;

}

- if (!cp || !*buf)

- strlcpy(buf, DEFAULT_KERNEL, sizeof buf);

- if (!*fname)

- strlcpy(fname, bootdev, sizeof fname);

- strlcpy(opened_name, fname,

- partition ? (sizeof opened_name) - 2 : sizeof opened_name);

+ if (!cp || !*buf) {

+ if (strlcpy(buf, DEFAULT_KERNEL, sizeof buf)

+ >= sizeof buf)

+ return ENAMETOOLONG;

+ }

+ if (!*fname) {

+ if (strlcpy(fname, bootdev, sizeof fname)

+ >= sizeof fname)

+ return ENAMETOOLONG;

+ }

+ if (strlcpy(opened_name, fname,

+ partition ? (sizeof opened_name) - 2 : sizeof opened_name)

+ >= sizeof opened_name)

+ return ENAMETOOLONG;

if (partition) {

cp = opened_name + strlen(opened_name);

*cp++ = ':';

*cp++ = partition;

*cp = 0;

}

- if (*buf != '/')

- strlcat(opened_name, "/", sizeof opened_name);

- strlcat(opened_name, buf, sizeof opened_name);

+ if (*buf != '/') {

+ if (strlcat(opened_name, "/", sizeof opened_name) >=

+ sizeof opened_name)

+ return ENAMETOOLONG;

+ }

+ if (strlcat(opened_name, buf, sizeof opened_name) >=

+ sizeof opened_name)

+ return ENAMETOOLONG;

*file = opened_name + strlen(fname) + 1;

#ifdef SOFTRAID

}