Fix possibly wrong execution of commands and out of boundary write with

unusual input. Correction and regression tests based on FreeBSD bin/95079.

While at it, fix another segmentation fault when using ' ' as magic
character and also disallow '\0' as magic character. This cannot make any
sense and avoids a theoretical out of boundary read.

ok tb@

8 files changed, 68 insertions, 0 deletions

diff --git a/regress/usr.bin/apply/Makefile b/regress/usr.bin/apply/Makefile
new file mode 100644
index 00000000000..d46325027f6
--- /dev/null
+++ b/regress/usr.bin/apply/Makefile
@@ -0,0 +1,55 @@
+# $OpenBSD: Makefile,v 1.1 2018/03/27 10:00:16 tobias Exp $
+
+APPLY?=		apply
+CLEANFILES=	*.res
+
+REGRESS_TARGETS=t1 t2 t3 t4 t5 t6
+
+# .in: input file
+# .out: desired output
+
+# t1: uses arguments multiple times (from FreeBSD bin/95079)
+# t2: overflows ARG_MAX (from FreeBSD bin/95079)
+# t3: debugs -0 call
+# t4: debugs -2 call
+# t5: uses magic character '&'
+# t6: uses magic character ' ' with command starting with a number
+
+t1:
+	@echo ${*}
+	@(${APPLY} "echo %1 %1 %1 %1" `cat ${*}.in` > ${*}.res)
+	@cmp -s ${*}.out ${.CURDIR}/${*}.res || \
+	    (echo "XXX ${*} failed" && false)
+
+t2:
+	@echo ${*}
+	@ARG_MAX=`getconf ARG_MAX`;\
+	    ARG_MAX_HALF=$$((ARG_MAX / 2)); \
+	    ! ${APPLY} "echo %1 %1 %1" \
+	    `jot $$ARG_MAX_HALF 1 1 | tr -d '\n'` > ${*}.res 2>&1
+
+t3:
+	@echo ${*}
+	@(${APPLY} -0 -d who 1 2 3 4 5 > ${*}.res)
+	@cmp -s ${*}.out ${.CURDIR}/${*}.res || \
+	    (echo "XXX ${*} failed" && false)
+
+t4:
+	@echo ${*}
+	@(${APPLY} -2 -d cmp a1 b1 a2 b2 a3 b3 > ${*}.res)
+	@cmp -s ${*}.out ${.CURDIR}/${*}.res || \
+	    (echo "XXX ${*} failed" && false)
+
+t5:
+	@echo ${*}
+	@(${APPLY} -a "&" "echo &2 &1" hello world > ${*}.res)
+	@cmp -s ${*}.out ${.CURDIR}/${*}.res || \
+	    (echo "XXX ${*} failed" && false)
+
+t6:
+	@echo ${*}
+	@(${APPLY} -a " " -d "2to3  1" test.py > ${*}.res)
+	@cmp -s ${*}.out ${.CURDIR}/${*}.res || \
+	    (echo "XXX ${*} failed" && false)
+
+.include <bsd.regress.mk>
diff --git a/regress/usr.bin/apply/t1.in b/regress/usr.bin/apply/t1.in
new file mode 100644
index 00000000000..8282be78243
--- /dev/null
+++ b/regress/usr.bin/apply/t1.in
@@ -0,0 +1 @@
+12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012
diff --git a/regress/usr.bin/apply/t1.out b/regress/usr.bin/apply/t1.out
new file mode 100644
index 00000000000..c725cb2fa98
--- /dev/null
+++ b/regress/usr.bin/apply/t1.out
@@ -0,0 +1 @@
+12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012 12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012 12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012 12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012
diff --git a/regress/usr.bin/apply/t2.out b/regress/usr.bin/apply/t2.out
new file mode 100644
index 00000000000..bcf5ab29339
--- /dev/null
+++ b/regress/usr.bin/apply/t2.out
@@ -0,0 +1 @@
+apply: Argument list too long
diff --git a/regress/usr.bin/apply/t3.out b/regress/usr.bin/apply/t3.out
new file mode 100644
index 00000000000..204caaf306e
--- /dev/null
+++ b/regress/usr.bin/apply/t3.out
@@ -0,0 +1,5 @@
+exec who
+exec who
+exec who
+exec who
+exec who
diff --git a/regress/usr.bin/apply/t4.out b/regress/usr.bin/apply/t4.out
new file mode 100644
index 00000000000..1cbec768894
--- /dev/null
+++ b/regress/usr.bin/apply/t4.out
@@ -0,0 +1,3 @@
+exec cmp a1 b1
+exec cmp a2 b2
+exec cmp a3 b3
diff --git a/regress/usr.bin/apply/t5.out b/regress/usr.bin/apply/t5.out
new file mode 100644
index 00000000000..b4a78f9c1e0
--- /dev/null
+++ b/regress/usr.bin/apply/t5.out
@@ -0,0 +1 @@
+world hello
diff --git a/regress/usr.bin/apply/t6.out b/regress/usr.bin/apply/t6.out
new file mode 100644
index 00000000000..9f014fb77a0
--- /dev/null
+++ b/regress/usr.bin/apply/t6.out
@@ -0,0 +1 @@
+exec 2to3 test.py