git: 33ee87fa0ae8 - main - improve error handling for corrupt database
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 30 Jan 2022 18:06:19 UTC
The branch main has been updated by wosch: URL: https://cgit.FreeBSD.org/src/commit/?id=33ee87fa0ae80cb48fa5bba2bc2b090fc622e413 commit 33ee87fa0ae80cb48fa5bba2bc2b090fc622e413 Author: Wolfram Schneider <wosch@FreeBSD.org> AuthorDate: 2022-01-30 18:04:52 +0000 Commit: Wolfram Schneider <wosch@FreeBSD.org> CommitDate: 2022-01-30 18:04:52 +0000 improve error handling for corrupt database --- usr.bin/locate/locate/fastfind.c | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/usr.bin/locate/locate/fastfind.c b/usr.bin/locate/locate/fastfind.c index 4cae9381024d..69a3c2ed8152 100644 --- a/usr.bin/locate/locate/fastfind.c +++ b/usr.bin/locate/locate/fastfind.c @@ -67,7 +67,7 @@ statistic (fp, path_fcodes) } else count += c - OFFSET; - if (count < 0 || count > MAXPATHLEN) { + if (count < 0 || count >= MAXPATHLEN) { /* stop on error and display the statstics anyway */ warnx("corrupted database: %s", path_fcodes); error = 1; @@ -155,7 +155,7 @@ fastfind register int c, cc; int count, found, globflag; u_char *cutoff; - u_char bigram1[NBG], bigram2[NBG], path[MAXPATHLEN]; + u_char bigram1[NBG], bigram2[NBG], path[MAXPATHLEN + 2]; #ifdef FF_ICASE /* use a lookup table for case insensitive search */ @@ -206,7 +206,9 @@ fastfind foundchar = 0; #ifdef FF_MMAP - c = (u_char)*paddr++; len--; + c = (u_char)*paddr++; + len--; + for (; len > 0; ) { #else c = getc(fp); @@ -216,8 +218,12 @@ fastfind /* go forward or backward */ if (c == SWITCH) { /* big step, an integer */ #ifdef FF_MMAP + if (len < sizeof(int)) + errx(1, "corrupted database: %s", database); + count += getwm(paddr) - OFFSET; - len -= INTSIZE; paddr += INTSIZE; + len -= INTSIZE; + paddr += INTSIZE; #else count += getwf(fp) - OFFSET; #endif /* FF_MMAP */ @@ -225,8 +231,9 @@ fastfind count += c - OFFSET; } - if (count < 0 || count > MAXPATHLEN) - errx(1, "corrupted database: %s", database); + if (count < 0 || count >= MAXPATHLEN) + errx(1, "corrupted database: %s %d", database, count); + /* overlay old path */ p = path + count; foundchar = p - 1; @@ -285,6 +292,10 @@ fastfind *p++ = bigram1[c]; *p++ = bigram2[c]; } + + if (p - path >= MAXPATHLEN) + errx(1, "corrupted database: %s", database); + } if (found) { /* previous line matched */