diff options
author | Ray Lai <ray@cvs.openbsd.org> | 2006-04-29 05:31:29 +0000 |
---|---|---|
committer | Ray Lai <ray@cvs.openbsd.org> | 2006-04-29 05:31:29 +0000 |
commit | f36c2e3e0a2a4d86a12061db66523cadaa8434fc (patch) | |
tree | 852a7c50b27b6a533aab94a7ef37f12ba175796c | |
parent | b8cce2c60fab9bd9cc2acde64fe2e07b91fe700a (diff) |
Check return values for all strlcpy, and strlcat calls.
OK xsa@ and probably others.
-rw-r--r-- | usr.bin/rcs/ci.c | 33 | ||||
-rw-r--r-- | usr.bin/rcs/co.c | 12 | ||||
-rw-r--r-- | usr.bin/rcs/diff.c | 7 | ||||
-rw-r--r-- | usr.bin/rcs/diff3.c | 33 | ||||
-rw-r--r-- | usr.bin/rcs/rcs.c | 95 | ||||
-rw-r--r-- | usr.bin/rcs/rcsdiff.c | 43 | ||||
-rw-r--r-- | usr.bin/rcs/rcsnum.c | 14 | ||||
-rw-r--r-- | usr.bin/rcs/rcsprog.c | 7 | ||||
-rw-r--r-- | usr.bin/rcs/rcsutil.c | 8 | ||||
-rw-r--r-- | usr.bin/rcs/xmalloc.c | 5 |
10 files changed, 151 insertions, 106 deletions
diff --git a/usr.bin/rcs/ci.c b/usr.bin/rcs/ci.c index e3840e7942f..dd9bc54b2b1 100644 --- a/usr.bin/rcs/ci.c +++ b/usr.bin/rcs/ci.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ci.c,v 1.165 2006/04/29 05:10:16 ray Exp $ */ +/* $OpenBSD: ci.c,v 1.166 2006/04/29 05:31:28 ray Exp $ */ /* * Copyright (c) 2005, 2006 Niall O'Higgins <niallo@openbsd.org> * All rights reserved. @@ -352,15 +352,17 @@ checkin_diff_file(struct checkin_params *pb) goto out; } - strlcpy(path1, rcs_tmpdir, sizeof(path1)); - strlcat(path1, "/diff1.XXXXXXXXXX", sizeof(path1)); + if (strlcpy(path1, rcs_tmpdir, sizeof(path1)) >= sizeof(path1) || + strlcat(path1, "/diff1.XXXXXXXXXX", sizeof(path1)) >= sizeof(path1)) + errx(1, "path truncated"); rcs_buf_write_stmp(b1, path1, 0600); rcs_buf_free(b1); b1 = NULL; - strlcpy(path2, rcs_tmpdir, sizeof(path2)); - strlcat(path2, "/diff2.XXXXXXXXXX", sizeof(path2)); + if (strlcpy(path2, rcs_tmpdir, sizeof(path2)) >= sizeof(path2) || + strlcat(path2, "/diff2.XXXXXXXXXX", sizeof(path2)) >= sizeof(path2)) + errx(1, "path truncated"); rcs_buf_write_stmp(b2, path2, 0600); rcs_buf_free(b2); @@ -881,10 +883,9 @@ checkin_keywordscan(char *data, RCSNUM **rev, time_t *date, char **author, while (*c++) { if (*c == '$') { end = c - start + 2; - if (end >= sizeof(buf)) + if (strlcpy(buf, start, end) >= end) errx(1, "keyword buffer" " too small!"); - strlcpy(buf, start, end); checkin_parsekeyword(buf, rev, date, author, state); break; @@ -970,11 +971,12 @@ checkin_parsekeyword(char *keystring, RCSNUM **rev, time_t *date, *state = xstrdup(tokens[6]); len = strlen(tokens[3]) + strlen(tokens[4]) + 2; datestring = xmalloc(len); - strlcpy(datestring, tokens[3], len); - strlcat(datestring, " ", len); - strlcat(datestring, tokens[4], len); + if (strlcpy(datestring, tokens[3], len) >= len || + strlcat(datestring, " ", len) >= len || + strlcat(datestring, tokens[4], len) >= len) + errx(1, "date too long"); if ((*date = rcs_date_parse(datestring)) <= 0) - errx(1, "could not parse date"); + errx(1, "could not parse date"); xfree(datestring); break; case KW_TYPE_AUTHOR: @@ -995,11 +997,12 @@ checkin_parsekeyword(char *keystring, RCSNUM **rev, time_t *date, } len = strlen(tokens[1]) + strlen(tokens[2]) + 2; datestring = xmalloc(len); - strlcpy(datestring, tokens[1], len); - strlcat(datestring, " ", len); - strlcat(datestring, tokens[2], len); + if (strlcpy(datestring, tokens[1], len) >= len || + strlcat(datestring, " ", len) >= len || + strlcat(datestring, tokens[2], len) >= len) + errx(1, "date too long"); if ((*date = rcs_date_parse(datestring)) <= 0) - errx(1, "could not parse date"); + errx(1, "could not parse date"); xfree(datestring); break; case KW_TYPE_STATE: diff --git a/usr.bin/rcs/co.c b/usr.bin/rcs/co.c index 80c68db241e..20d9e83fb17 100644 --- a/usr.bin/rcs/co.c +++ b/usr.bin/rcs/co.c @@ -1,4 +1,4 @@ -/* $OpenBSD: co.c,v 1.86 2006/04/26 21:55:22 joris Exp $ */ +/* $OpenBSD: co.c,v 1.87 2006/04/29 05:31:28 ray Exp $ */ /* * Copyright (c) 2005 Joris Vink <joris@openbsd.org> * All rights reserved. @@ -330,12 +330,14 @@ checkout_rev(RCSFILE *file, RCSNUM *frev, const char *dst, int flags, if (file->rf_ndelta != 0 && rdp->rd_locker != NULL) { if (strcmp(lockname, rdp->rd_locker)) { - strlcpy(msg, "Revision %s is already locked by %s; ", - sizeof(msg)); + if (strlcpy(msg, "Revision %s is already locked by %s; ", + sizeof(msg)) >= sizeof(msg)) + errx(1, "msg too long"); if (flags & CO_UNLOCK) { - strlcat(msg, "use co -r or rcs -u", - sizeof(msg)); + if (strlcat(msg, "use co -r or rcs -u", + sizeof(msg)) >= sizeof(msg)) + errx(1, "msg too long"); } warnx(msg, buf, rdp->rd_locker); diff --git a/usr.bin/rcs/diff.c b/usr.bin/rcs/diff.c index 6eecdd738c4..10e74089007 100644 --- a/usr.bin/rcs/diff.c +++ b/usr.bin/rcs/diff.c @@ -1,4 +1,4 @@ -/* $OpenBSD: diff.c,v 1.2 2006/04/26 15:08:25 xsa Exp $ */ +/* $OpenBSD: diff.c,v 1.3 2006/04/29 05:31:28 ray Exp $ */ /* * Copyright (C) Caldera International Inc. 2001-2002. * All rights reserved. @@ -1182,8 +1182,9 @@ match_function(const long *f, int pos, FILE *fp) if (p != NULL) *p = '\0'; if (isalpha(buf[0]) || buf[0] == '_' || buf[0] == '$') { - strlcpy(lastbuf, (const char *)buf, - sizeof lastbuf); + if (strlcpy(lastbuf, (const char *)buf, + sizeof(lastbuf)) >= sizeof(lastbuf)) + errx(1, "match_function: strlcpy"); lastmatchline = pos; return lastbuf; } diff --git a/usr.bin/rcs/diff3.c b/usr.bin/rcs/diff3.c index bd04b9efff9..8ec3e9d3130 100644 --- a/usr.bin/rcs/diff3.c +++ b/usr.bin/rcs/diff3.c @@ -1,4 +1,4 @@ -/* $OpenBSD: diff3.c,v 1.2 2006/04/27 07:59:33 xsa Exp $ */ +/* $OpenBSD: diff3.c,v 1.3 2006/04/29 05:31:28 ray Exp $ */ /* * Copyright (C) Caldera International Inc. 2001-2002. @@ -72,7 +72,7 @@ static const char copyright[] = #ifndef lint static const char rcsid[] = - "$OpenBSD: diff3.c,v 1.2 2006/04/27 07:59:33 xsa Exp $"; + "$OpenBSD: diff3.c,v 1.3 2006/04/29 05:31:28 ray Exp $"; #endif /* not lint */ #include "includes.h" @@ -186,13 +186,13 @@ rcs_diff3(RCSFILE *rf, char *workfile, RCSNUM *rev1, RCSNUM *rev2, int verbose) d2 = rcs_buf_alloc((size_t)128, BUF_AUTOEXT); diffb = rcs_buf_alloc((size_t)128, BUF_AUTOEXT); - strlcpy(path1, "/tmp/diff1.XXXXXXXXXX", sizeof(path1)); - rcs_buf_write_stmp(b1, path1, 0600); + if (strlcpy(path1, "/tmp/diff1.XXXXXXXXXX", sizeof(path1)) >= sizeof(path1) || + strlcpy(path2, "/tmp/diff2.XXXXXXXXXX", sizeof(path2)) >= sizeof(path2) || + strlcpy(path3, "/tmp/diff3.XXXXXXXXXX", sizeof(path3)) >= sizeof(path3)) + errx(1, "rcs_diff3: string truncated"); - strlcpy(path2, "/tmp/diff2.XXXXXXXXXX", sizeof(path2)); + rcs_buf_write_stmp(b1, path1, 0600); rcs_buf_write_stmp(b2, path2, 0600); - - strlcpy(path3, "/tmp/diff3.XXXXXXXXXX", sizeof(path3)); rcs_buf_write_stmp(b3, path3, 0600); rcs_buf_free(b2); @@ -201,13 +201,15 @@ rcs_diff3(RCSFILE *rf, char *workfile, RCSNUM *rev1, RCSNUM *rev2, int verbose) rcs_diffreg(path1, path3, d1); rcs_diffreg(path2, path3, d2); - strlcpy(dp13, "/tmp/d13.XXXXXXXXXX", sizeof(dp13)); + if (strlcpy(dp13, "/tmp/d13.XXXXXXXXXX", sizeof(dp13)) >= sizeof(dp13)) + errx(1, "rcs_diff3: string truncated"); rcs_buf_write_stmp(d1, dp13, 0600); rcs_buf_free(d1); d1 = NULL; - strlcpy(dp23, "/tmp/d23.XXXXXXXXXX", sizeof(dp23)); + if (strlcpy(dp23, "/tmp/d23.XXXXXXXXXX", sizeof(dp23)) >= sizeof(dp23)) + errx(1, "rcs_diff3: string truncated"); rcs_buf_write_stmp(d2, dp23, 0600); rcs_buf_free(d2); @@ -281,22 +283,23 @@ diff3_internal(int argc, char **argv, const char *fmark, const char *rmark) if (argc < 5) return (-1); - strlcpy(f1mark, "<<<<<<< ", sizeof(f1mark)); - strlcat(f1mark, fmark, sizeof(f1mark)); + if (strlcpy(f1mark, "<<<<<<< ", sizeof(f1mark)) >= sizeof(f1mark) || + strlcat(f1mark, fmark, sizeof(f1mark)) >= sizeof(f1mark)) + errx(1, "diff3_internal: string truncated"); - strlcpy(f3mark, ">>>>>>> ", sizeof(f3mark)); - strlcat(f3mark, rmark, sizeof(f3mark)); + if (strlcpy(f3mark, ">>>>>>> ", sizeof(f3mark)) >= sizeof(f3mark) || + strlcat(f3mark, rmark, sizeof(f3mark)) >= sizeof(f3mark)) + errx(1, "diff3_internal: strlcat"); increase(); m = readin(argv[0], &d13); n = readin(argv[1], &d23); - for (i = 0; i <= 2; i++) { + for (i = 0; i <= 2; i++) if ((fp[i] = fopen(argv[i + 2], "r")) == NULL) { warn("%s", argv[i + 2]); return (-1); } - } return (merge(m, n)); } diff --git a/usr.bin/rcs/rcs.c b/usr.bin/rcs/rcs.c index b1f3f5de11b..2eca0e99d7f 100644 --- a/usr.bin/rcs/rcs.c +++ b/usr.bin/rcs/rcs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rcs.c,v 1.4 2006/04/27 07:59:33 xsa Exp $ */ +/* $OpenBSD: rcs.c,v 1.5 2006/04/29 05:31:28 ray Exp $ */ /* * Copyright (c) 2004 Jean-Francois Brousseau <jfb@openbsd.org> * All rights reserved. @@ -358,7 +358,7 @@ int rcs_write(RCSFILE *rfp) { FILE *fp; - char buf[1024], numbuf[64], fn[19] = ""; + char buf[1024], numbuf[64], fn[20] = ""; void *bp; struct rcs_access *ap; struct rcs_sym *symp; @@ -377,12 +377,17 @@ rcs_write(RCSFILE *rfp) /* Write operations need the whole file parsed */ rcs_parse_deltatexts(rfp, NULL); - strlcpy(fn, "/tmp/rcs.XXXXXXXXXX", sizeof(fn)); + if (strlcpy(fn, "/tmp/rcs.XXXXXXXXXX", sizeof(fn)) >= sizeof(fn)) + errx(1, "rcs_write: string truncated"); if ((fd = mkstemp(fn)) == -1) err(1, "%s", fn); if ((fp = fdopen(fd, "w+")) == NULL) { + int saved_errno; + + saved_errno = errno; (void)unlink(fn); + errno = saved_errno; err(1, "%s", fn); } @@ -407,9 +412,10 @@ rcs_write(RCSFILE *rfp) fprintf(fp, "symbols"); TAILQ_FOREACH(symp, &(rfp->rf_symbols), rs_list) { rcsnum_tostr(symp->rs_num, numbuf, sizeof(numbuf)); - strlcpy(buf, symp->rs_name, sizeof(buf)); - strlcat(buf, ":", sizeof(buf)); - strlcat(buf, numbuf, sizeof(buf)); + if (strlcpy(buf, symp->rs_name, sizeof(buf)) >= sizeof(buf) || + strlcat(buf, ":", sizeof(buf)) >= sizeof(buf) || + strlcat(buf, numbuf, sizeof(buf)) >= sizeof(buf)) + errx(1, "rcs_write: string overflow"); fprintf(fp, "\n\t%s", buf); } fprintf(fp, ";\n"); @@ -2084,7 +2090,9 @@ rcs_parse_deltatext(RCSFILE *rfp) } rdp->rd_text = xmalloc(RCS_TOKLEN(rfp) + 1); - strlcpy(rdp->rd_text, RCS_TOKSTR(rfp), (RCS_TOKLEN(rfp) + 1)); + if (strlcpy(rdp->rd_text, RCS_TOKSTR(rfp), (RCS_TOKLEN(rfp) + 1)) >= + RCS_TOKLEN(rfp) + 1) + errx(1, "rcs_parse_deltatext: strlcpy"); rdp->rd_tlen = RCS_TOKLEN(rfp); return (1); @@ -2369,7 +2377,9 @@ rcs_gettok(RCSFILE *rfp) if (pdp->rp_pttype != RCS_TOK_ERR) { type = pdp->rp_pttype; - strlcpy(pdp->rp_buf, pdp->rp_ptok, pdp->rp_blen); + if (strlcpy(pdp->rp_buf, pdp->rp_ptok, pdp->rp_blen) >= + pdp->rp_blen) + errx(1, "rcs_gettok: strlcpy"); pdp->rp_pttype = RCS_TOK_ERR; return (type); } @@ -2483,7 +2493,9 @@ rcs_pushtok(RCSFILE *rfp, const char *tok, int type) return (-1); pdp->rp_pttype = type; - strlcpy(pdp->rp_ptok, tok, sizeof(pdp->rp_ptok)); + if (strlcpy(pdp->rp_ptok, tok, sizeof(pdp->rp_ptok)) >= + sizeof(pdp->rp_ptok)) + errx(1, "rcs_pushtok: strlcpy"); return (0); } @@ -2633,10 +2645,12 @@ rcs_expand_keywords(char *rcsfile, struct rcs_delta *rdp, char *data, expbuf[0] = '\0'; if (mode & RCS_KWEXP_NAME) { - strlcat(expbuf, "$", sizeof(expbuf)); - strlcat(expbuf, kwstr, sizeof(expbuf)); - if (mode & RCS_KWEXP_VAL) - strlcat(expbuf, ": ", sizeof(expbuf)); + if (strlcat(expbuf, "$", sizeof(expbuf)) >= sizeof(expbuf) || + strlcat(expbuf, kwstr, sizeof(expbuf)) >= sizeof(expbuf)) + errx(1, "rcs_expand_keywords: string truncated"); + if ((mode & RCS_KWEXP_VAL) && + strlcat(expbuf, ": ", sizeof(expbuf)) >= sizeof(expbuf)) + errx(1, "rcs_expand_keywords: string truncated"); } /* @@ -2646,20 +2660,18 @@ rcs_expand_keywords(char *rcsfile, struct rcs_delta *rdp, char *data, if (mode & RCS_KWEXP_VAL) { if (kwtype & RCS_KW_RCSFILE) { if (!(kwtype & RCS_KW_FULLPATH)) - strlcat(expbuf, - basename(rcsfile), - sizeof(expbuf)); + (void)strlcat(expbuf, basename(rcsfile), sizeof(expbuf)); else - strlcat(expbuf, rcsfile, - sizeof(expbuf)); - strlcat(expbuf, " ", sizeof(expbuf)); + (void)strlcat(expbuf, rcsfile, sizeof(expbuf)); + if (strlcat(expbuf, " ", sizeof(expbuf)) >= sizeof(expbuf)) + errx(1, "rcs_expand_keywords: string truncated"); } if (kwtype & RCS_KW_REVISION) { - rcsnum_tostr(rdp->rd_num, buf, - sizeof(buf)); - strlcat(buf, " ", sizeof(buf)); - strlcat(expbuf, buf, sizeof(expbuf)); + rcsnum_tostr(rdp->rd_num, buf, sizeof(buf)); + if (strlcat(buf, " ", sizeof(buf)) >= sizeof(buf) || + strlcat(expbuf, buf, sizeof(expbuf)) >= sizeof(buf)) + errx(1, "rcs_expand_keywords: string truncated"); } if (kwtype & RCS_KW_DATE) { @@ -2669,38 +2681,42 @@ rcs_expand_keywords(char *rcsfile, struct rcs_delta *rdp, char *data, fmt = "%Y/%m/%d %H:%M:%S "; strftime(buf, sizeof(buf), fmt, &tb); - strlcat(expbuf, buf, sizeof(expbuf)); + if (strlcat(expbuf, buf, sizeof(expbuf)) >= sizeof(expbuf)) + errx(1, "rcs_expand_keywords: string truncated"); } if (kwtype & RCS_KW_AUTHOR) { - strlcat(expbuf, rdp->rd_author, - sizeof(expbuf)); - strlcat(expbuf, " ", sizeof(expbuf)); + if (strlcat(expbuf, rdp->rd_author, sizeof(expbuf)) >= sizeof(expbuf) || + strlcat(expbuf, " ", sizeof(expbuf)) >= sizeof(expbuf)) + errx(1, "rcs_expand_keywords: string truncated"); } if (kwtype & RCS_KW_STATE) { - strlcat(expbuf, rdp->rd_state, - sizeof(expbuf)); - strlcat(expbuf, " ", sizeof(expbuf)); + if (strlcat(expbuf, rdp->rd_state, sizeof(expbuf)) >= sizeof(expbuf) || + strlcat(expbuf, " ", sizeof(expbuf)) >= sizeof(expbuf)) + errx(1, "rcs_expand_keywords: string truncated"); } /* order does not matter anymore below */ if (kwtype & RCS_KW_LOG) - strlcat(expbuf, " ", sizeof(expbuf)); + if (strlcat(expbuf, " ", sizeof(expbuf)) >= sizeof(expbuf)) + errx(1, "rcs_expand_keywords: string truncated"); if (kwtype & RCS_KW_SOURCE) { - strlcat(expbuf, rcsfile, - sizeof(expbuf)); - strlcat(expbuf, " ", sizeof(expbuf)); + if (strlcat(expbuf, rcsfile, sizeof(expbuf)) >= sizeof(expbuf) || + strlcat(expbuf, " ", sizeof(expbuf)) >= sizeof(expbuf)) + errx(1, "rcs_expand_keywords: string truncated"); } if (kwtype & RCS_KW_NAME) - strlcat(expbuf, " ", sizeof(expbuf)); + if (strlcat(expbuf, " ", sizeof(expbuf)) >= sizeof(expbuf)) + errx(1, "rcs_expand_keywords: string truncated"); } /* end the expansion */ if (mode & RCS_KWEXP_NAME) - strlcat(expbuf, "$", sizeof(expbuf)); + if (strlcat(expbuf, "$", sizeof(expbuf)) >= sizeof(expbuf)) + errx(1, "rcs_expand_keywords: string truncated"); sizdiff = strlen(expbuf) - (end - start); tbuf = xstrdup(end); @@ -2718,8 +2734,9 @@ rcs_expand_keywords(char *rcsfile, struct rcs_delta *rdp, char *data, start = data + start_offset; c = data + c_offset; } - strlcpy(start, expbuf, len); - strlcat(data, tbuf, len); + if (strlcpy(start, expbuf, len) >= len || + strlcat(data, tbuf, len) >= len) + errx(1, "rcs_expand_keywords: string truncated"); xfree(tbuf); i += strlen(expbuf); } @@ -2887,7 +2904,7 @@ rcs_kwexp_buf(BUF *bp, RCSFILE *rf, RCSNUM *rev) if (!(expmode & RCS_KWEXP_NONE)) { if ((rdp = rcs_findrev(rf, rev)) == NULL) - errx(1, "could not fetch revision"); + errx(1, "could not fetch revision"); rcs_buf_putc(bp, '\0'); len = rcs_buf_len(bp); tbuf = rcs_buf_release(bp); diff --git a/usr.bin/rcs/rcsdiff.c b/usr.bin/rcs/rcsdiff.c index a475d4a20cf..87a2929e426 100644 --- a/usr.bin/rcs/rcsdiff.c +++ b/usr.bin/rcs/rcsdiff.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rcsdiff.c,v 1.58 2006/04/26 21:55:22 joris Exp $ */ +/* $OpenBSD: rcsdiff.c,v 1.59 2006/04/29 05:31:28 ray Exp $ */ /* * Copyright (c) 2005 Joris Vink <joris@openbsd.org> * All rights reserved. @@ -47,12 +47,15 @@ rcsdiff_main(int argc, char **argv) rev_str1 = rev_str2 = NULL; status = 0; - strlcpy(diffargs, "diff", sizeof(diffargs)); + if (strlcpy(diffargs, "diff", sizeof(diffargs)) >= sizeof(diffargs)) + errx(1, "diffargs too long"); while ((ch = rcs_getopt(argc, argv, "ck:nqr:TuVx::z::")) != -1) { switch (ch) { case 'c': - strlcat(diffargs, " -c", sizeof(diffargs)); + if (strlcat(diffargs, " -c", sizeof(diffargs)) >= + sizeof(diffargs)) + errx(1, "diffargs too long"); diff_format = D_CONTEXT; break; case 'k': @@ -64,16 +67,14 @@ rcsdiff_main(int argc, char **argv) } break; case 'n': - strlcat(diffargs, " -n", sizeof(diffargs)); + if (strlcat(diffargs, " -n", sizeof(diffargs)) >= + sizeof(diffargs)) + errx(1, "diffargs too long"); diff_format = D_RCSDIFF; break; case 'q': flags |= QUIET; break; - case 'u': - strlcat(diffargs, " -u", sizeof(diffargs)); - diff_format = D_UNIFIED; - break; case 'r': rcs_setrevstr2(&rev_str1, &rev_str2, rcs_optarg); break; @@ -82,6 +83,12 @@ rcsdiff_main(int argc, char **argv) * kept for compatibility */ break; + case 'u': + if (strlcat(diffargs, " -u", sizeof(diffargs)) >= + sizeof(diffargs)) + errx(1, "diffargs too long"); + diff_format = D_UNIFIED; + break; case 'V': printf("%s\n", rcs_version); exit(0); @@ -228,8 +235,9 @@ rcsdiff_file(RCSFILE *file, RCSNUM *rev, const char *filename) tv2[0].tv_sec = t; tv2[1].tv_sec = t; - strlcpy(path1, rcs_tmpdir, sizeof(path1)); - strlcat(path1, "/diff1.XXXXXXXXXX", sizeof(path1)); + if (strlcpy(path1, rcs_tmpdir, sizeof(path1)) >= sizeof(path1) || + strlcat(path1, "/diff1.XXXXXXXXXX", sizeof(path1)) >= sizeof(path1)) + errx(1, "path too long"); rcs_buf_write_stmp(b1, path1, 0600); rcs_buf_free(b1); @@ -238,8 +246,9 @@ rcsdiff_file(RCSFILE *file, RCSNUM *rev, const char *filename) if (utimes(path1, (const struct timeval *)&tv) < 0) warn("utimes"); - strlcpy(path2, rcs_tmpdir, sizeof(path2)); - strlcat(path2, "/diff2.XXXXXXXXXX", sizeof(path2)); + if (strlcpy(path2, rcs_tmpdir, sizeof(path2)) >= sizeof(path2) || + strlcat(path2, "/diff2.XXXXXXXXXX", sizeof(path2)) >= sizeof(path2)) + errx(1, "path too long"); rcs_buf_write_stmp(b2, path2, 0600); rcs_buf_free(b2); @@ -308,8 +317,9 @@ rcsdiff_rev(RCSFILE *file, RCSNUM *rev1, RCSNUM *rev2) if (!(flags & QUIET)) fprintf(stderr, "%s -r%s -r%s\n", diffargs, rbuf1, rbuf2); - strlcpy(path1, rcs_tmpdir, sizeof(path1)); - strlcat(path1, "/diff1.XXXXXXXXXX", sizeof(path1)); + if (strlcpy(path1, rcs_tmpdir, sizeof(path1)) >= sizeof(path1) || + strlcat(path1, "/diff1.XXXXXXXXXX", sizeof(path1)) >= sizeof(path1)) + errx(1, "path too long"); rcs_buf_write_stmp(b1, path1, 0600); rcs_buf_free(b1); @@ -318,8 +328,9 @@ rcsdiff_rev(RCSFILE *file, RCSNUM *rev1, RCSNUM *rev2) if (utimes(path1, (const struct timeval *)&tv) < 0) warn("utimes"); - strlcpy(path2, rcs_tmpdir, sizeof(path2)); - strlcat(path2, "/diff2.XXXXXXXXXX", sizeof(path2)); + if (strlcpy(path2, rcs_tmpdir, sizeof(path2)) >= sizeof(path2) || + strlcat(path2, "/diff2.XXXXXXXXXX", sizeof(path2)) >= sizeof(path2)) + errx(1, "path too long"); rcs_buf_write_stmp(b2, path2, 0600); rcs_buf_free(b2); diff --git a/usr.bin/rcs/rcsnum.c b/usr.bin/rcs/rcsnum.c index 1c6aa5af620..061ea2073d7 100644 --- a/usr.bin/rcs/rcsnum.c +++ b/usr.bin/rcs/rcsnum.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rcsnum.c,v 1.1 2006/04/26 02:55:13 joris Exp $ */ +/* $OpenBSD: rcsnum.c,v 1.2 2006/04/29 05:31:28 ray Exp $ */ /* * Copyright (c) 2004 Jean-Francois Brousseau <jfb@openbsd.org> * All rights reserved. @@ -106,11 +106,15 @@ rcsnum_tostr(const RCSNUM *nump, char *buf, size_t blen) return (buf); } - strlcpy(buf, rcsnum_itoa(nump->rn_id[0], buf, blen), blen); + if (strlcpy(buf, rcsnum_itoa(nump->rn_id[0], buf, blen), blen) >= blen) + errx(1, "rcsnum_tostr: string truncated"); for (i = 1; i < nump->rn_len; i++) { - strlcat(buf, ".", blen); - strlcat(buf, rcsnum_itoa(nump->rn_id[i], tmp, sizeof(tmp)), - blen); + const char *str; + + str = rcsnum_itoa(nump->rn_id[i], tmp, sizeof(tmp)); + if (strlcat(buf, ".", blen) >= blen || + strlcat(buf, str, blen) >= blen) + errx(1, "rcsnum_tostr: string truncated"); } return (buf); diff --git a/usr.bin/rcs/rcsprog.c b/usr.bin/rcs/rcsprog.c index 0fe107d0c34..7c024123e03 100644 --- a/usr.bin/rcs/rcsprog.c +++ b/usr.bin/rcs/rcsprog.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rcsprog.c,v 1.121 2006/04/29 05:10:16 ray Exp $ */ +/* $OpenBSD: rcsprog.c,v 1.122 2006/04/29 05:31:28 ray Exp $ */ /* * Copyright (c) 2005 Jean-Francois Brousseau <jfb@openbsd.org> * All rights reserved. @@ -74,8 +74,9 @@ rcs_init(char *envstr, char **argv, int argvlen) int argc, error; char linebuf[256], *lp, *cp; - strlcpy(linebuf, envstr, sizeof(linebuf)); - memset(argv, 0, argvlen * sizeof(char *)); + if (strlcpy(linebuf, envstr, sizeof(linebuf)) >= sizeof(linebuf)) + errx(1, "rcs_init: string truncation"); + (void)memset(argv, 0, argvlen * sizeof(char *)); error = argc = 0; for (lp = linebuf; lp != NULL;) { diff --git a/usr.bin/rcs/rcsutil.c b/usr.bin/rcs/rcsutil.c index 31119174e33..c1ce031ec7c 100644 --- a/usr.bin/rcs/rcsutil.c +++ b/usr.bin/rcs/rcsutil.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rcsutil.c,v 1.7 2006/04/27 07:59:33 xsa Exp $ */ +/* $OpenBSD: rcsutil.c,v 1.8 2006/04/29 05:31:28 ray Exp $ */ /* * Copyright (c) 2005, 2006 Joris Vink <joris@openbsd.org> * Copyright (c) 2006 Xavier Santolaria <xsa@openbsd.org> @@ -197,7 +197,8 @@ rcs_choosefile(const char *filename, char *out, size_t len) */ if (strcmp(rcs_suffixes, "") == 0) { fd = open(rcspath, O_RDONLY); - strlcpy(out, rcspath, len); + if (strlcpy(out, rcspath, len) >= len) + errx(1, "rcs_choosefile: truncation"); return (fd); } @@ -263,7 +264,8 @@ rcs_choosefile(const char *filename, char *out, size_t len) xfree(suffixes); fd = open(rcspath, O_RDONLY); - strlcpy(out, rcspath, len); + if (strlcpy(out, rcspath, len) >= len) + errx(1, "rcs_choosefile: truncation"); return (fd); } diff --git a/usr.bin/rcs/xmalloc.c b/usr.bin/rcs/xmalloc.c index 3d90ca09170..370ab0f99e7 100644 --- a/usr.bin/rcs/xmalloc.c +++ b/usr.bin/rcs/xmalloc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: xmalloc.c,v 1.1 2006/04/26 02:55:13 joris Exp $ */ +/* $OpenBSD: xmalloc.c,v 1.2 2006/04/29 05:31:28 ray Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -84,7 +84,8 @@ xstrdup(const char *str) len = strlen(str) + 1; cp = xmalloc(len); - strlcpy(cp, str, len); + if (strlcpy(cp, str, len) >= len) + errx(1, "xstrdup: string truncated"); return cp; } |