From nobody Fri Jan 05 00:23:07 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4T5kgw1zBXz55fLl; Fri, 5 Jan 2024 00:23:08 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4T5kgv6jykz4dh8; Fri, 5 Jan 2024 00:23:07 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1704414187; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=SWfXbSKygoViMBKsQNeVf/5h/v+rl7060E3mMMFYwjU=; b=cXB2jZMNJXkUz5oZH+F83QRAHqrsdd2A0Uzk2nI50BczIiaq/1+p37QCb6H6/hRuKgrwU1 +of9mVFMjMADYOKTN8/ACx872RiCrLB1lLnntHbMi5yRLJwaOpiA+yr1uKm/91S6HY7FpW LlveHCoEuMZebG1nyvoUQqVd4jblNLzj+DcI9l0Chjp+Lqc1SRLnyRZxX54me7VD7xiFZj PXQD27sQ3ukqeKOMZ+363kexHLz2k0R2Lch5bebLWOYoNBeCAKEm+nR/l/F5p8Xf8JminZ dWxXk2tU3rKQMGS9FW4GvQS6865xDoZTF6d2CMWwOHwjZee9enKzeZq9gnvcPA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1704414187; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=SWfXbSKygoViMBKsQNeVf/5h/v+rl7060E3mMMFYwjU=; b=g0XoRiMDoG0IYVAZZOgbpNGeN0yGhrYTpHKkEuDEkXokvKzC1BZBRBuP06NVPytvRF/due m7mWun0zQjzbt6Cd1vr8s6B5k7lb7vEj7l/jgeurI2hw2aL0Xniz9IdmaGbb8qevPy/AJm GZ46BAK9oiDNbJ6iolCuJmPzl9ZgDH97X6uFaaoKfOnroKl1Iz2+jf/4Pxx9kliemMAJVz EFEYbJ5KWUd/21SByMQjdnNj9ZL2NHFdt0tyyKaj0ab1JE9+L07ycxKJgYfLNSNDGMYQ4v OV4iwv028KtwMoomuNiwadc+uYUr3MDRg2fvkpZGs3vJP+xhNXAOOXWHcWUWCg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1704414187; a=rsa-sha256; cv=none; b=APHXaLZqdRbG154HjkwxQm+h0EDrCy4ri2iBUOd4vB2XRM6N37QkvfITEKqCzL4NWOHsAV N5ubaTBYzT4zTwn6xPVZdm2twllZD7z1c73hE22fAweXc3NPobwWSouVpyXEc8bXF7dBAA V93Z/Q6Amhw8YSFmtS2Z0uk0ryuYxd9PTxHXaH74kOgj5VEc8PEVrtg7WwHTkZJ+J2mtly 19fFSkmbzGyhAD1Ui1D8Mqe1Vxh5FZcU5bxBT0Py9sHLcsoIOsDXYQKXfYyooQJ6sQ+rGK tJoSL04MzL9gaVTRVsYJpsi101lAN5w4m4Bcw1cb8y2Wf4k78o6AV5lJcD9QUA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4T5kgv5Xjvzbp9; Fri, 5 Jan 2024 00:23:07 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 4050N70K025360; Fri, 5 Jan 2024 00:23:07 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 4050N7mn025356; Fri, 5 Jan 2024 00:23:07 GMT (envelope-from git) Date: Fri, 5 Jan 2024 00:23:07 GMT Message-Id: <202401050023.4050N7mn025356@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: John Baldwin Subject: git: a78807a2fa0e - stable/13 - bsdinstall partedit: Avoid potential buffer overflow in newfs_command List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-branches@freebsd.org X-BeenThere: dev-commits-src-branches@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jhb X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: a78807a2fa0e2d81954e984883477c9b567b8617 Auto-Submitted: auto-generated The branch stable/13 has been updated by jhb: URL: https://cgit.FreeBSD.org/src/commit/?id=a78807a2fa0e2d81954e984883477c9b567b8617 commit a78807a2fa0e2d81954e984883477c9b567b8617 Author: John Baldwin AuthorDate: 2023-10-16 23:25:03 +0000 Commit: John Baldwin CommitDate: 2024-01-04 23:51:34 +0000 bsdinstall partedit: Avoid potential buffer overflow in newfs_command Allocate the buffer holding the newfs command string dynamically (building the string via open_memstream) rather than storing the command into a caller-supplied buffer of unknown length. Reviewed by: emaste Differential Revision: https://reviews.freebsd.org/D42237 (cherry picked from commit ae2fc74fe76ca8b89c5ef0081ef3f4008f83de41) --- usr.sbin/bsdinstall/partedit/gpart_ops.c | 70 +++++++++++++++++++------------- 1 file changed, 42 insertions(+), 28 deletions(-) diff --git a/usr.sbin/bsdinstall/partedit/gpart_ops.c b/usr.sbin/bsdinstall/partedit/gpart_ops.c index 368ef9b14727..331cbc4ffba6 100644 --- a/usr.sbin/bsdinstall/partedit/gpart_ops.c +++ b/usr.sbin/bsdinstall/partedit/gpart_ops.c @@ -78,9 +78,15 @@ scheme_supports_labels(const char *scheme) return (0); } -static void -newfs_command(const char *fstype, char *command, int use_default) +static char * +newfs_command(const char *fstype, int use_default) { + FILE *fp; + char *buf; + size_t len; + + fp = open_memstream(&buf, &len); + if (strcmp(fstype, "freebsd-ufs") == 0) { int i; DIALOG_LISTITEM items[] = { @@ -103,21 +109,21 @@ newfs_command(const char *fstype, char *command, int use_default) nitems(items), items, NULL, FLAG_CHECK, &i); if (choice == 1) /* Cancel */ - return; + goto out; } - strcpy(command, "newfs "); + fputs("newfs ", fp); for (i = 0; i < (int)nitems(items); i++) { if (items[i].state == 0) continue; if (strcmp(items[i].name, "UFS1") == 0) - strcat(command, "-O1 "); + fputs("-O1 ", fp); else if (strcmp(items[i].name, "SU") == 0) - strcat(command, "-U "); + fputs("-U ", fp); else if (strcmp(items[i].name, "SUJ") == 0) - strcat(command, "-j "); + fputs("-j ", fp); else if (strcmp(items[i].name, "TRIM") == 0) - strcat(command, "-t "); + fputs("-t ", fp); } } else if (strcmp(fstype, "freebsd-zfs") == 0) { int i; @@ -141,30 +147,31 @@ newfs_command(const char *fstype, char *command, int use_default) nitems(items), items, NULL, FLAG_CHECK, &i); if (choice == 1) /* Cancel */ - return; + goto out; } - strcpy(command, "zpool create -f -m none "); + fputs("zpool create -f -m none ", fp); if (getenv("BSDINSTALL_TMPBOOT") != NULL) { char zfsboot_path[MAXPATHLEN]; + snprintf(zfsboot_path, sizeof(zfsboot_path), "%s/zfs", getenv("BSDINSTALL_TMPBOOT")); mkdir(zfsboot_path, S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH); - sprintf(command, "%s -o cachefile=%s/zpool.cache ", - command, zfsboot_path); + fprintf(fp, " -o cachefile=%s/zpool.cache ", + zfsboot_path); } for (i = 0; i < (int)nitems(items); i++) { if (items[i].state == 0) continue; if (strcmp(items[i].name, "fletcher4") == 0) - strcat(command, "-O checksum=fletcher4 "); + fputs("-O checksum=fletcher4 ", fp); else if (strcmp(items[i].name, "fletcher2") == 0) - strcat(command, "-O checksum=fletcher2 "); + fputs("-O checksum=fletcher2 ", fp); else if (strcmp(items[i].name, "sha256") == 0) - strcat(command, "-O checksum=sha256 "); + fputs("-O checksum=sha256 ", fp); else if (strcmp(items[i].name, "atime") == 0) - strcat(command, "-O atime=off "); + fputs("-O atime=off ", fp); } } else if (strcmp(fstype, "fat32") == 0 || strcmp(fstype, "efi") == 0 || strcmp(fstype, "ms-basic-data") == 0) { @@ -184,26 +191,29 @@ newfs_command(const char *fstype, char *command, int use_default) nitems(items), items, NULL, FLAG_RADIO, &i); if (choice == 1) /* Cancel */ - return; + goto out; } - strcpy(command, "newfs_msdos "); + fputs("newfs_msdos ", fp); for (i = 0; i < (int)nitems(items); i++) { if (items[i].state == 0) continue; if (strcmp(items[i].name, "FAT32") == 0) - strcat(command, "-F 32 -c 1"); + fputs("-F 32 -c 1", fp); else if (strcmp(items[i].name, "FAT16") == 0) - strcat(command, "-F 16 "); + fputs("-F 16 ", fp); else if (strcmp(items[i].name, "FAT12") == 0) - strcat(command, "-F 12 "); + fputs("-F 12 ", fp); } } else { if (!use_default) dialog_msgbox("Error", "No configurable options exist " "for this filesystem.", 0, 0, TRUE); - command[0] = '\0'; } + +out: + fclose(fp); + return (buf); } const char * @@ -509,7 +519,7 @@ gpart_edit(struct gprovider *pp) const char *errstr, *oldtype, *scheme; struct partition_metadata *md; char sizestr[32]; - char newfs[255]; + char *newfs; intmax_t idx; int hadlabel, choice, junk, nitems; unsigned i; @@ -650,10 +660,11 @@ editpart: } gctl_free(r); - newfs_command(items[0].text, newfs, 1); + newfs = newfs_command(items[0].text, 1); set_default_part_metadata(pp->lg_name, scheme, items[0].text, items[2].text, (strcmp(oldtype, items[0].text) != 0) ? newfs : NULL); + free(newfs); endedit: if (strcmp(oldtype, items[0].text) != 0 && cp != NULL) @@ -981,7 +992,7 @@ gpart_create(struct gprovider *pp, const char *default_type, struct ggeom *geom; const char *errstr, *scheme; char sizestr[32], startstr[32], output[64], *newpartname; - char newfs[255], options_fstype[64]; + char *newfs, options_fstype[64]; intmax_t maxsize, size, sector, firstfree, stripe; uint64_t bytes; int nitems, choice, junk; @@ -1078,7 +1089,7 @@ gpart_create(struct gprovider *pp, const char *default_type, /* Default options */ strncpy(options_fstype, items[0].text, sizeof(options_fstype)); - newfs_command(options_fstype, newfs, 1); + newfs = newfs_command(options_fstype, 1); addpartform: if (interactive) { dialog_vars.extra_label = "Options"; @@ -1092,9 +1103,10 @@ addpartform: case 1: /* Cancel */ return; case 3: /* Options */ + free(newfs); strncpy(options_fstype, items[0].text, sizeof(options_fstype)); - newfs_command(options_fstype, newfs, 0); + newfs = newfs_command(options_fstype, 0); goto addpartform; } } @@ -1104,8 +1116,9 @@ addpartform: * their choices in favor of the new filesystem's defaults. */ if (strcmp(options_fstype, items[0].text) != 0) { + free(newfs); strncpy(options_fstype, items[0].text, sizeof(options_fstype)); - newfs_command(options_fstype, newfs, 1); + newfs = newfs_command(options_fstype, 1); } size = maxsize; @@ -1250,6 +1263,7 @@ addpartform: else set_default_part_metadata(newpartname, scheme, items[0].text, items[2].text, newfs); + free(newfs); for (i = 0; i < nitems(items); i++) if (items[i].text_free)