svn commit: r345389 - in stable/11: libexec/tftpd usr.bin/tftp
Alan Somers
asomers at FreeBSD.org
Thu Mar 21 21:45:22 UTC 2019
Author: asomers
Date: Thu Mar 21 21:45:18 2019
New Revision: 345389
URL: https://svnweb.freebsd.org/changeset/base/345389
Log:
MFC r336609:
Fix several Coverity warnings in tftp
Some of the changes are in the libexec/tftpd directory, but to functions that
are only used by tftp(1) (they share some code).
* strcpy => strlcpy (1006793, 1006794, 1006796, 1006741)
* Unchecked return value and TOCTTOU (1009314)
* NULL pointer dereference (1018035, 1018036)
Reported by: Coverity
CID: 1006793, 1006794, 1006796, 1006741, 1009314, 1018035
CID: 1018036
Modified:
stable/11/libexec/tftpd/tftp-io.c
stable/11/libexec/tftpd/tftp-utils.c
stable/11/usr.bin/tftp/main.c
stable/11/usr.bin/tftp/tftp.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/libexec/tftpd/tftp-io.c
==============================================================================
--- stable/11/libexec/tftpd/tftp-io.c Thu Mar 21 21:45:02 2019 (r345388)
+++ stable/11/libexec/tftpd/tftp-io.c Thu Mar 21 21:45:18 2019 (r345389)
@@ -38,6 +38,7 @@ __FBSDID("$FreeBSD$");
#include <errno.h>
#include <setjmp.h>
#include <signal.h>
+#include <stddef.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -191,16 +192,16 @@ send_wrq(int peer, char *filename, char *mode)
tp = (struct tftphdr *)buf;
tp->th_opcode = htons((u_short)WRQ);
- size = 2;
+ size = offsetof(struct tftphdr, th_stuff);
bp = tp->th_stuff;
- strcpy(bp, filename);
+ strlcpy(bp, filename, sizeof(buf) - size);
bp += strlen(filename);
*bp = 0;
bp++;
size += strlen(filename) + 1;
- strcpy(bp, mode);
+ strlcpy(bp, mode, sizeof(buf) - size);
bp += strlen(mode);
*bp = 0;
bp++;
@@ -239,16 +240,16 @@ send_rrq(int peer, char *filename, char *mode)
tp = (struct tftphdr *)buf;
tp->th_opcode = htons((u_short)RRQ);
- size = 2;
+ size = offsetof(struct tftphdr, th_stuff);
bp = tp->th_stuff;
- strcpy(bp, filename);
+ strlcpy(bp, filename, sizeof(buf) - size);
bp += strlen(filename);
*bp = 0;
bp++;
size += strlen(filename) + 1;
- strcpy(bp, mode);
+ strlcpy(bp, mode, sizeof(buf) - size);
bp += strlen(mode);
*bp = 0;
bp++;
Modified: stable/11/libexec/tftpd/tftp-utils.c
==============================================================================
--- stable/11/libexec/tftpd/tftp-utils.c Thu Mar 21 21:45:02 2019 (r345388)
+++ stable/11/libexec/tftpd/tftp-utils.c Thu Mar 21 21:45:18 2019 (r345389)
@@ -235,14 +235,15 @@ const char *
debug_show(int d)
{
static char s[100];
+ size_t space = sizeof(s);
int i = 0;
s[0] = '\0';
while (debugs[i].name != NULL) {
if (d&debugs[i].value) {
- if (s[0] != '\0')
- strcat(s, " ");
- strcat(s, debugs[i].name);
+ if (s[0] != '\0')
+ strlcat(s, " ", space);
+ strlcat(s, debugs[i].name, space);
}
i++;
}
Modified: stable/11/usr.bin/tftp/main.c
==============================================================================
--- stable/11/usr.bin/tftp/main.c Thu Mar 21 21:45:02 2019 (r345388)
+++ stable/11/usr.bin/tftp/main.c Thu Mar 21 21:45:18 2019 (r345389)
@@ -405,7 +405,7 @@ static void
settftpmode(const char *newmode)
{
- strcpy(mode, newmode);
+ strlcpy(mode, newmode, sizeof(mode));
if (verbose)
printf("mode set to %s\n", mode);
}
@@ -465,7 +465,10 @@ put(int argc, char *argv[])
return;
}
- stat(cp, &sb);
+ if (fstat(fd, &sb) < 0) {
+ warn("%s", cp);
+ return;
+ }
asprintf(&options[OPT_TSIZE].o_request, "%ju", sb.st_size);
if (verbose)
@@ -487,7 +490,10 @@ put(int argc, char *argv[])
continue;
}
- stat(cp, &sb);
+ if (fstat(fd, &sb) < 0) {
+ warn("%s", argv[n]);
+ continue;
+ }
asprintf(&options[OPT_TSIZE].o_request, "%ju", sb.st_size);
if (verbose)
Modified: stable/11/usr.bin/tftp/tftp.c
==============================================================================
--- stable/11/usr.bin/tftp/tftp.c Thu Mar 21 21:45:02 2019 (r345388)
+++ stable/11/usr.bin/tftp/tftp.c Thu Mar 21 21:45:18 2019 (r345389)
@@ -48,6 +48,7 @@ __FBSDID("$FreeBSD$");
#include <arpa/tftp.h>
+#include <assert.h>
#include <err.h>
#include <netdb.h>
#include <stdio.h>
@@ -83,6 +84,7 @@ xmitfile(int peer, char *port, int fd, char *name, cha
if (port == NULL) {
struct servent *se;
se = getservbyname("tftp", "udp");
+ assert(se != NULL);
((struct sockaddr_in *)&peer_sock)->sin_port = se->s_port;
} else
((struct sockaddr_in *)&peer_sock)->sin_port =
@@ -182,6 +184,7 @@ recvfile(int peer, char *port, int fd, char *name, cha
if (port == NULL) {
struct servent *se;
se = getservbyname("tftp", "udp");
+ assert(se != NULL);
((struct sockaddr_in *)&peer_sock)->sin_port = se->s_port;
} else
((struct sockaddr_in *)&peer_sock)->sin_port =
More information about the svn-src-stable-11
mailing list