Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/usr.sbin/dumplfs PR/53367: Thomas Barabosch: Integer overflo...



details:   https://anonhg.NetBSD.org/src/rev/e238305972c9
branches:  trunk
changeset: 323441:e238305972c9
user:      christos <christos%NetBSD.org@localhost>
date:      Fri Jun 15 15:16:05 2018 +0000

description:
PR/53367: Thomas Barabosch: Integer overflow in usr.sbin/dumplfs
While here use the "e" functions to always check for allocation errors.

diffstat:

 usr.sbin/dumplfs/Makefile  |   4 +++-
 usr.sbin/dumplfs/dumplfs.c |  35 ++++++++++++++---------------------
 2 files changed, 17 insertions(+), 22 deletions(-)

diffs (138 lines):

diff -r e5b30b5cf217 -r e238305972c9 usr.sbin/dumplfs/Makefile
--- a/usr.sbin/dumplfs/Makefile Fri Jun 15 15:15:10 2018 +0000
+++ b/usr.sbin/dumplfs/Makefile Fri Jun 15 15:16:05 2018 +0000
@@ -1,4 +1,4 @@
-#      $NetBSD: Makefile,v 1.17 2016/06/15 14:08:24 riastradh Exp $
+#      $NetBSD: Makefile,v 1.18 2018/06/15 15:16:05 christos Exp $
 #      @(#)Makefile    8.1 (Berkeley) 6/18/93
 
 WARNS?=        3       # XXX -Wsign-compare
@@ -9,5 +9,7 @@
 SRCS=  dumplfs.c lfs_cksum.c misc.c
 .PATH: ${NETBSDSRCDIR}/sys/ufs/lfs
 MAN=   dumplfs.8
+LDADD+=        -lutil
+DPADD+= ${LIBUTIL}
 
 .include <bsd.prog.mk>
diff -r e5b30b5cf217 -r e238305972c9 usr.sbin/dumplfs/dumplfs.c
--- a/usr.sbin/dumplfs/dumplfs.c        Fri Jun 15 15:15:10 2018 +0000
+++ b/usr.sbin/dumplfs/dumplfs.c        Fri Jun 15 15:16:05 2018 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: dumplfs.c,v 1.63 2016/08/12 08:22:13 dholland Exp $    */
+/*     $NetBSD: dumplfs.c,v 1.64 2018/06/15 15:16:05 christos Exp $    */
 
 /*-
  * Copyright (c) 1991, 1993
@@ -40,7 +40,7 @@
 #if 0
 static char sccsid[] = "@(#)dumplfs.c  8.5 (Berkeley) 5/24/95";
 #else
-__RCSID("$NetBSD: dumplfs.c,v 1.63 2016/08/12 08:22:13 dholland Exp $");
+__RCSID("$NetBSD: dumplfs.c,v 1.64 2018/06/15 15:16:05 christos Exp $");
 #endif
 #endif /* not lint */
 
@@ -61,6 +61,7 @@
 #include <stdio.h>
 #include <string.h>
 #include <unistd.h>
+#include <util.h>
 #include "extern.h"
 
 static void    addseg(char *);
@@ -226,10 +227,7 @@
        if ((fd = open(special, O_RDONLY, 0)) < 0)
                err(1, "%s", special);
 
-       sbuf = malloc(LFS_SBPAD);
-       if (sbuf == NULL)
-               err(1, "malloc");
-
+       sbuf = emalloc(LFS_SBPAD);
        if (sbdaddr == 0x0) {
                /* Read the proto-superblock */
                __CTASSERT(sizeof(struct dlfs) == sizeof(struct dlfs64));
@@ -332,8 +330,7 @@
        if (!addr)
                addr = lfs_sb_getidaddr(lfsp);
 
-       if (!(dpage = malloc(psize)))
-               err(1, "malloc");
+       dpage = emalloc(psize);
        get(fd, fsbtobyte(lfsp, addr), dpage, psize);
 
        dip = NULL;
@@ -363,8 +360,7 @@
        block_limit = MIN(nblocks, ULFS_NDADDR);
 
        /* Get the direct block */
-       if ((ipage = malloc(psize)) == NULL)
-               err(1, "malloc");
+       ipage = emalloc(psize);
        for (inum = 0, i = 0; i < block_limit; i++) {
                pdb = lfs_dino_getdb(lfsp, dip, i);
                get(fd, fsbtobyte(lfsp, pdb), ipage, psize);
@@ -395,8 +391,7 @@
                goto e0;
 
        /* Dump out blocks off of single indirect block */
-       if (!(indir = malloc(psize)))
-               err(1, "malloc");
+       indir = emalloc(psize);
        get(fd, fsbtobyte(lfsp, lfs_dino_getib(lfsp, dip, 0)), indir, psize);
        block_limit = MIN(i + lfs_sb_getnindir(lfsp), nblocks);
        for (offset = 0; i < block_limit; i++, offset++) {
@@ -429,8 +424,7 @@
                goto e1;
 
        /* Get the double indirect block */
-       if (!(dindir = malloc(psize)))
-               err(1, "malloc");
+       dindir = emalloc(psize);
        get(fd, fsbtobyte(lfsp, lfs_dino_getib(lfsp, dip, 1)), dindir, psize);
        for (j = 0; j < lfs_sb_getnindir(lfsp); j++) {
                thisblock = lfs_iblock_get(lfsp, dindir, j);
@@ -617,7 +611,7 @@
 
        /* Dump out inode disk addresses */
        iip = SEGSUM_IINFOSTART(lfsp, sp);
-       diblock = malloc(lfs_sb_getbsize(lfsp));
+       diblock = emalloc(lfs_sb_getbsize(lfsp));
        printf("    Inode addresses:");
        numbytes = 0;
        numblocks = 0;
@@ -680,11 +674,11 @@
        } else {
                el_size = sizeof(u_int32_t);
        }
-       datap = (char *)malloc(el_size * numblocks);
-       memset(datap, 0, el_size * numblocks);
+       datap = ecalloc(numblocks, el_size);
+
        acc = 0;
        addr += lfs_btofsb(lfsp, lfs_sb_getsumsize(lfsp));
-       buf = malloc(lfs_sb_getbsize(lfsp));
+       buf = emalloc(lfs_sb_getbsize(lfsp));
        for (i = 0; i < lfs_ss_getnfinfo(lfsp, sp); i++) {
                while (addr == lfs_ii_getblock(lfsp, iip2)) {
                        get(fd, fsbtobyte(lfsp, addr), buf, lfs_sb_getibsize(lfsp));
@@ -737,7 +731,7 @@
        (void)printf("\nSEGMENT %lld (Disk Address 0x%llx)\n",
                     (long long)lfs_dtosn(lfsp, addr), (long long)addr);
        sum_offset = fsbtobyte(lfsp, addr);
-       sumblock = malloc(lfs_sb_getsumsize(lfsp));
+       sumblock = emalloc(lfs_sb_getsumsize(lfsp));
 
        if (lfs_sb_getversion(lfsp) > 1 && segnum == 0) {
                if (lfs_fsbtob(lfsp, lfs_sb_gets0addr(lfsp)) < LFS_LABELPAD) {
@@ -897,8 +891,7 @@
 {
        SEGLIST *p;
 
-       if ((p = malloc(sizeof(SEGLIST))) == NULL)
-               err(1, "malloc");
+       p = emalloc(sizeof(*p));
        p->next = seglist;
        p->num = atoi(arg);
        seglist = p;



Home | Main Index | Thread Index | Old Index