git: 653e8fb20e84 - stable/13 - bsdinstall partedit: Replace malloc + sprintf with asprintf

From: John Baldwin <jhb_at_FreeBSD.org>
Date: Fri, 05 Jan 2024 00:23:08 UTC
The branch stable/13 has been updated by jhb:

URL: https://cgit.FreeBSD.org/src/commit/?id=653e8fb20e8452de2c83c6f87dd3d0779f8eba3b

commit 653e8fb20e8452de2c83c6f87dd3d0779f8eba3b
Author:     John Baldwin <jhb@FreeBSD.org>
AuthorDate: 2023-10-16 23:25:15 +0000
Commit:     John Baldwin <jhb@FreeBSD.org>
CommitDate: 2024-01-05 00:08:25 +0000

    bsdinstall partedit: Replace malloc + sprintf with asprintf
    
    This avoids potential bugs with the length passed to malloc not
    matching the string written via sprintf.
    
    Reviewed by:    emaste
    Differential Revision:  https://reviews.freebsd.org/D42238
    
    (cherry picked from commit 51749e05e96eb07134a38984a8c06608b20f07ea)
---
 usr.sbin/bsdinstall/partedit/gpart_ops.c | 10 +++-------
 usr.sbin/bsdinstall/partedit/partedit.c  |  4 ++--
 2 files changed, 5 insertions(+), 9 deletions(-)

diff --git a/usr.sbin/bsdinstall/partedit/gpart_ops.c b/usr.sbin/bsdinstall/partedit/gpart_ops.c
index 331cbc4ffba6..bc45a0f2d383 100644
--- a/usr.sbin/bsdinstall/partedit/gpart_ops.c
+++ b/usr.sbin/bsdinstall/partedit/gpart_ops.c
@@ -697,18 +697,16 @@ set_default_part_metadata(const char *name, const char *scheme,
 		}
 
 		if (newfs != NULL && newfs[0] != '\0') {
-			md->newfs = malloc(strlen(newfs) + strlen(" /dev/") +
-			    strlen(mountpoint) + 5 + strlen(name) + 1);
 			if (strcmp("freebsd-zfs", type) == 0) {
 				zpool_name = strdup((strlen(mountpoint) == 1) ?
 				    "root" : &mountpoint[1]);
 				for (i = 0; zpool_name[i] != 0; i++)
 					if (!isalnum(zpool_name[i]))
 						zpool_name[i] = '_';
-				sprintf(md->newfs, "%s %s /dev/%s", newfs,
+				asprintf(&md->newfs, "%s %s /dev/%s", newfs,
 				    zpool_name, name);
 			} else {
-				sprintf(md->newfs, "%s /dev/%s", newfs, name);
+				asprintf(&md->newfs, "%s /dev/%s", newfs, name);
 			}
 		}
 	}
@@ -745,9 +743,7 @@ set_default_part_metadata(const char *name, const char *scheme,
 		if (strcmp("freebsd-zfs", type) == 0) {
 			md->fstab->fs_spec = strdup(zpool_name);
 		} else {
-			md->fstab->fs_spec = malloc(strlen(name) +
-			    strlen("/dev/") + 1);
-			sprintf(md->fstab->fs_spec, "/dev/%s", name);
+			asprintf(&md->fstab->fs_spec, "/dev/%s", name);
 		}
 		md->fstab->fs_file = strdup(mountpoint);
 		/* Get VFS from text after freebsd-, if possible */
diff --git a/usr.sbin/bsdinstall/partedit/partedit.c b/usr.sbin/bsdinstall/partedit/partedit.c
index ffc809507b08..0f116d2c716a 100644
--- a/usr.sbin/bsdinstall/partedit/partedit.c
+++ b/usr.sbin/bsdinstall/partedit/partedit.c
@@ -349,8 +349,8 @@ apply_changes(struct gmesh *mesh)
 	TAILQ_FOREACH(md, &part_metadata, metadata) {
 		if (md->newfs != NULL) {
 			char *item;
-			item = malloc(255);
-			sprintf(item, "Initializing %s", md->name);
+
+			asprintf(&item, "Initializing %s", md->name);
 			items[i*2] = item;
 			items[i*2 + 1] = "Pending";
 			i++;