Mailing List Archive

From:: Christian Weisgerber <naddy@mips.inka.de>
Subject:: xinstall: do not overrun filename buffer
To:: tech@openbsd.org
Date:: Wed, 16 Oct 2024 21:15:24 +0200

Download raw body.

Thread

2024-10-16 19:15 Christian Weisgerber:
xinstall: do not overrun filename buffer
- 2024-10-16 19:24 Todd C. Miller:
  xinstall: do not overrun filename buffer
- 2024-10-16 19:30 Todd C. Miller:
  xinstall: do not overrun filename buffer

There was a weird failure during a ports build:

install: /usr/obj/ports/unknown-horizons-2019.1/fake-amd64/usr/local/share/unknown-horizons/content/gfx/atlas//INS@FkRVpXXcoW: Bad address

I was going to write it off as a spurious failure, but tb@ took a look
at xinstall and noticed that the wrong buffer length was passed to
strlcat().  Or rather, the conversion to strl*() accidentally used
the wrong variable.

OK?

-----------------------------------------------
commit 9f54bfa9cf2d54a2ada9c1a98f8d34343602a4e0 (local)
from: Christian Weisgerber <naddy@mips.inka.de>
date: Wed Oct 16 19:09:49 2024 UTC
 
 xinstall: do not overrun filename buffer, with tb@
 
diff 7bdf6ca705b36b265b68bc2823ac67b75515319d 9f54bfa9cf2d54a2ada9c1a98f8d34343602a4e0
commit - 7bdf6ca705b36b265b68bc2823ac67b75515319d
commit + 9f54bfa9cf2d54a2ada9c1a98f8d34343602a4e0
blob - 6183347f22c3d7aa8e5943539e18f8dfe21cfcd2
blob + 5b6ef655cb5b3e7b92fb5f6e4ab5eca96897f196
--- usr.bin/xinstall/xinstall.c
+++ usr.bin/xinstall/xinstall.c
@@ -627,7 +627,7 @@ create_tempfile(char *path, char *temp, size_t tsize)
 	else
 		p = temp;
 	*p = '\0';
-	strlcat(p, "INS@XXXXXXXXXX", tsize);
+	strlcat(temp, "INS@XXXXXXXXXX", tsize);
 
 	return(mkstemp(temp));
 }

-- 
Christian "naddy" Weisgerber                          naddy@mips.inka.de

2024-10-16 19:15 Christian Weisgerber:
xinstall: do not overrun filename buffer
- 2024-10-16 19:24 Todd C. Miller:
  xinstall: do not overrun filename buffer
- 2024-10-16 19:30 Todd C. Miller:
  xinstall: do not overrun filename buffer