[src/netbsd-7-0]: src/games/fortune Pull up following revision(s) (requested ...

[martin <martin%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/d946af587264
branches:  netbsd-7-0
changeset: 931830:d946af587264
user:      martin <martin%NetBSD.org@localhost>
date:      Thu Apr 30 21:24:25 2020 +0000

description:
Pull up following revision(s) (requested by nia in ticket #1729):

        games/fortune/strfile/strfile.c: revision 1.39
        games/fortune/unstr/unstr.c: revision 1.15

strfile: Check that input/output filenames don't exceed the buffer size
unstr: Check that the input filename fits in the buffer.

diffstat:

 games/fortune/strfile/strfile.c |  20 ++++++++++++++++----
 games/fortune/unstr/unstr.c     |   6 +++---
 2 files changed, 19 insertions(+), 7 deletions(-)

diffs (81 lines):

diff -r 883f241c7816 -r d946af587264 games/fortune/strfile/strfile.c
--- a/games/fortune/strfile/strfile.c   Thu Apr 30 16:25:15 2020 +0000
+++ b/games/fortune/strfile/strfile.c   Thu Apr 30 21:24:25 2020 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: strfile.c,v 1.38 2013/09/19 00:34:00 uwe Exp $ */
+/*     $NetBSD: strfile.c,v 1.38.6.1 2020/04/30 21:24:25 martin Exp $  */
 
 /*-
  * Copyright (c) 1989, 1993
@@ -47,7 +47,7 @@
 #if 0
 static char sccsid[] = "@(#)strfile.c  8.1 (Berkeley) 5/31/93";
 #else
-__RCSID("$NetBSD: strfile.c,v 1.38 2013/09/19 00:34:00 uwe Exp $");
+__RCSID("$NetBSD: strfile.c,v 1.38.6.1 2020/04/30 21:24:25 martin Exp $");
 #endif
 #endif /* not lint */
 #endif /* __NetBSD__ */
@@ -267,6 +267,7 @@
        int     ch;
        extern  int optind;
        extern  char *optarg;
+       size_t  len;
 
        while ((ch = getopt(argc, argv, "c:iorsx")) != -1)
                switch(ch) {
@@ -300,14 +301,25 @@
 
        if (*argv) {
                Infile = *argv;
-               if (*++argv)
-                       (void) strcpy(Outfile, *argv);
+               if (*++argv) {
+                       len = strlen(*argv);
+                       if (len >= sizeof(Outfile)) {
+                               puts("Bad output filename");
+                               usage();
+                       }
+                       (void) memcpy(Outfile, *argv, len + 1);
+               }
        }
        if (!Infile) {
                puts("No input file name");
                usage();
        }
        if (*Outfile == '\0') {
+               len = strlen(Infile) + sizeof(".dat");
+               if (len > sizeof(Outfile)) {
+                       puts("Bad input filename");
+                       usage();
+               }
                (void) strcpy(Outfile, Infile);
                (void) strcat(Outfile, ".dat");
        }
diff -r 883f241c7816 -r d946af587264 games/fortune/unstr/unstr.c
--- a/games/fortune/unstr/unstr.c       Thu Apr 30 16:25:15 2020 +0000
+++ b/games/fortune/unstr/unstr.c       Thu Apr 30 21:24:25 2020 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: unstr.c,v 1.14 2012/06/19 05:46:08 dholland Exp $      */
+/*     $NetBSD: unstr.c,v 1.14.12.1 2020/04/30 21:24:25 martin Exp $   */
 
 /*-
  * Copyright (c) 1991, 1993
@@ -42,7 +42,7 @@
 #if 0
 static char sccsid[] = "@(#)unstr.c    8.1 (Berkeley) 5/31/93";
 #else
-__RCSID("$NetBSD: unstr.c,v 1.14 2012/06/19 05:46:08 dholland Exp $");
+__RCSID("$NetBSD: unstr.c,v 1.14.12.1 2020/04/30 21:24:25 martin Exp $");
 #endif
 #endif /* not lint */
 
@@ -114,7 +114,7 @@
 void
 getargs(char *av[])
 {
-       if (!*++av) {
+       if (!*++av || (strlen(*av) + sizeof(".dat")) > sizeof(Datafile)) {
                (void) fprintf(stderr, "usage: unstr datafile\n");
                exit(1);
        }