From: Christian Weisgerber <naddy@mips.inka.de>
Subject: Re: xinstall: do not overrun filename buffer
To: "Todd C. Miller" <Todd.Miller@sudo.ws>
Cc: tech@openbsd.org
Date: Thu, 17 Oct 2024 16:07:38 +0200

Todd C. Miller:

> We should probably check the return value of strlcpy() and strlcat()
> too.  Something like this:

Good point, ok naddy@

> --- usr.bin/xinstall/xinstall.c	4 Dec 2022 23:50:50 -0000	1.77
> +++ usr.bin/xinstall/xinstall.c	16 Oct 2024 19:28:46 -0000
> @@ -621,13 +621,19 @@ create_tempfile(char *path, char *temp, 
>  {
>  	char *p;
>  
> -	strlcpy(temp, path, tsize);
> +	if (strlcpy(temp, path, tsize) >= tsize) {
> +		errno = ENAMETOOLONG;
> +		return(-1);
> +	}
>  	if ((p = strrchr(temp, '/')) != NULL)
>  		p++;
>  	else
>  		p = temp;
>  	*p = '\0';
> -	strlcat(p, "INS@XXXXXXXXXX", tsize);
> +	if (strlcat(temp, "INS@XXXXXXXXXX", tsize) >= tsize) {
> +		errno = ENAMETOOLONG;
> +		return(-1);
> +	}
>  
>  	return(mkstemp(temp));
>  }

-- 
Christian "naddy" Weisgerber                          naddy@mips.inka.de