Re: git: e17fede8ff46 - main - Fix too small sscanf output buffers in kbdmap

From: Dimitry Andric <dim_at_FreeBSD.org>
Date: Sun, 06 Feb 2022 18:07:35 UTC
On 6 Feb 2022, at 16:41, Shawn Webb <shawn.webb@hardenedbsd.org> wrote:
> 
> On Sun, Feb 06, 2022 at 03:26:00PM +0000, Dimitry Andric wrote:
>> The branch main has been updated by dim:
>> 
>> URL: https://cgit.FreeBSD.org/src/commit/?id=e17fede8ff4629b5ff640ed660940b04c70da0b6
>> 
>> commit e17fede8ff4629b5ff640ed660940b04c70da0b6
>> Author:     Dimitry Andric <dim@FreeBSD.org>
>> AuthorDate: 2022-02-06 15:25:11 +0000
>> Commit:     Dimitry Andric <dim@FreeBSD.org>
>> CommitDate: 2022-02-06 15:25:25 +0000
>> 
>>    Fix too small sscanf output buffers in kbdmap
>> 
>>    This fixes the following warnings from clang 14:
>> 
>>    usr.sbin/kbdmap/kbdmap.c:241:16: error: 'sscanf' may overflow; destination buffer in argument 5 has size 20, but the corresponding specifier may require size 21 [-Werror,-Wfortify-source]
>>                                &a, &b, buf);
>>                                        ^
...
> Would commits like this and d310bf3867b4168e57365196c3a31797c0538097
> normally cause SAs? Off-by-one bugs are typically considered security
> bugs.

In this particular case, you could make /usr/sbin/kdbmap (or its alias
/usr/sbin/vidfont) crash, by deliberately corrupting /etc/rc.conf or the
various INDEX.keymaps files under /usr/share. But what you would gain
from this is unclear, none of these tools are setuid, and you already
need to be root to edit those files.

In case of /usr/sbin/bootparamd, you could make it crash on a
deliberately corrupted /etc/bootparams file. Again, this tool is not
setuid, and you can only edit the file if you are root anyway.

-Dimitry