Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/usr.sbin/dumplfs PR/53367: Thomas Barabosch: Integer overflo...
details: https://anonhg.NetBSD.org/src/rev/52606a60dcb8
branches: trunk
changeset: 362553:52606a60dcb8
user: christos <christos%NetBSD.org@localhost>
date: Fri Jun 15 15:16:05 2018 +0000
description:
PR/53367: Thomas Barabosch: Integer overflow in usr.sbin/dumplfs
While here use the "e" functions to always check for allocation errors.
diffstat:
usr.sbin/dumplfs/Makefile | 4 +++-
usr.sbin/dumplfs/dumplfs.c | 35 ++++++++++++++---------------------
2 files changed, 17 insertions(+), 22 deletions(-)
diffs (138 lines):
diff -r 8e2714767714 -r 52606a60dcb8 usr.sbin/dumplfs/Makefile
--- a/usr.sbin/dumplfs/Makefile Fri Jun 15 15:15:10 2018 +0000
+++ b/usr.sbin/dumplfs/Makefile Fri Jun 15 15:16:05 2018 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.17 2016/06/15 14:08:24 riastradh Exp $
+# $NetBSD: Makefile,v 1.18 2018/06/15 15:16:05 christos Exp $
# @(#)Makefile 8.1 (Berkeley) 6/18/93
WARNS?= 3 # XXX -Wsign-compare
@@ -9,5 +9,7 @@
SRCS= dumplfs.c lfs_cksum.c misc.c
.PATH: ${NETBSDSRCDIR}/sys/ufs/lfs
MAN= dumplfs.8
+LDADD+= -lutil
+DPADD+= ${LIBUTIL}
.include <bsd.prog.mk>
diff -r 8e2714767714 -r 52606a60dcb8 usr.sbin/dumplfs/dumplfs.c
--- a/usr.sbin/dumplfs/dumplfs.c Fri Jun 15 15:15:10 2018 +0000
+++ b/usr.sbin/dumplfs/dumplfs.c Fri Jun 15 15:16:05 2018 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: dumplfs.c,v 1.63 2016/08/12 08:22:13 dholland Exp $ */
+/* $NetBSD: dumplfs.c,v 1.64 2018/06/15 15:16:05 christos Exp $ */
/*-
* Copyright (c) 1991, 1993
@@ -40,7 +40,7 @@
#if 0
static char sccsid[] = "@(#)dumplfs.c 8.5 (Berkeley) 5/24/95";
#else
-__RCSID("$NetBSD: dumplfs.c,v 1.63 2016/08/12 08:22:13 dholland Exp $");
+__RCSID("$NetBSD: dumplfs.c,v 1.64 2018/06/15 15:16:05 christos Exp $");
#endif
#endif /* not lint */
@@ -61,6 +61,7 @@
#include <stdio.h>
#include <string.h>
#include <unistd.h>
+#include <util.h>
#include "extern.h"
static void addseg(char *);
@@ -226,10 +227,7 @@
if ((fd = open(special, O_RDONLY, 0)) < 0)
err(1, "%s", special);
- sbuf = malloc(LFS_SBPAD);
- if (sbuf == NULL)
- err(1, "malloc");
-
+ sbuf = emalloc(LFS_SBPAD);
if (sbdaddr == 0x0) {
/* Read the proto-superblock */
__CTASSERT(sizeof(struct dlfs) == sizeof(struct dlfs64));
@@ -332,8 +330,7 @@
if (!addr)
addr = lfs_sb_getidaddr(lfsp);
- if (!(dpage = malloc(psize)))
- err(1, "malloc");
+ dpage = emalloc(psize);
get(fd, fsbtobyte(lfsp, addr), dpage, psize);
dip = NULL;
@@ -363,8 +360,7 @@
block_limit = MIN(nblocks, ULFS_NDADDR);
/* Get the direct block */
- if ((ipage = malloc(psize)) == NULL)
- err(1, "malloc");
+ ipage = emalloc(psize);
for (inum = 0, i = 0; i < block_limit; i++) {
pdb = lfs_dino_getdb(lfsp, dip, i);
get(fd, fsbtobyte(lfsp, pdb), ipage, psize);
@@ -395,8 +391,7 @@
goto e0;
/* Dump out blocks off of single indirect block */
- if (!(indir = malloc(psize)))
- err(1, "malloc");
+ indir = emalloc(psize);
get(fd, fsbtobyte(lfsp, lfs_dino_getib(lfsp, dip, 0)), indir, psize);
block_limit = MIN(i + lfs_sb_getnindir(lfsp), nblocks);
for (offset = 0; i < block_limit; i++, offset++) {
@@ -429,8 +424,7 @@
goto e1;
/* Get the double indirect block */
- if (!(dindir = malloc(psize)))
- err(1, "malloc");
+ dindir = emalloc(psize);
get(fd, fsbtobyte(lfsp, lfs_dino_getib(lfsp, dip, 1)), dindir, psize);
for (j = 0; j < lfs_sb_getnindir(lfsp); j++) {
thisblock = lfs_iblock_get(lfsp, dindir, j);
@@ -617,7 +611,7 @@
/* Dump out inode disk addresses */
iip = SEGSUM_IINFOSTART(lfsp, sp);
- diblock = malloc(lfs_sb_getbsize(lfsp));
+ diblock = emalloc(lfs_sb_getbsize(lfsp));
printf(" Inode addresses:");
numbytes = 0;
numblocks = 0;
@@ -680,11 +674,11 @@
} else {
el_size = sizeof(u_int32_t);
}
- datap = (char *)malloc(el_size * numblocks);
- memset(datap, 0, el_size * numblocks);
+ datap = ecalloc(numblocks, el_size);
+
acc = 0;
addr += lfs_btofsb(lfsp, lfs_sb_getsumsize(lfsp));
- buf = malloc(lfs_sb_getbsize(lfsp));
+ buf = emalloc(lfs_sb_getbsize(lfsp));
for (i = 0; i < lfs_ss_getnfinfo(lfsp, sp); i++) {
while (addr == lfs_ii_getblock(lfsp, iip2)) {
get(fd, fsbtobyte(lfsp, addr), buf, lfs_sb_getibsize(lfsp));
@@ -737,7 +731,7 @@
(void)printf("\nSEGMENT %lld (Disk Address 0x%llx)\n",
(long long)lfs_dtosn(lfsp, addr), (long long)addr);
sum_offset = fsbtobyte(lfsp, addr);
- sumblock = malloc(lfs_sb_getsumsize(lfsp));
+ sumblock = emalloc(lfs_sb_getsumsize(lfsp));
if (lfs_sb_getversion(lfsp) > 1 && segnum == 0) {
if (lfs_fsbtob(lfsp, lfs_sb_gets0addr(lfsp)) < LFS_LABELPAD) {
@@ -897,8 +891,7 @@
{
SEGLIST *p;
- if ((p = malloc(sizeof(SEGLIST))) == NULL)
- err(1, "malloc");
+ p = emalloc(sizeof(*p));
p->next = seglist;
p->num = atoi(arg);
seglist = p;
Home |
Main Index |
Thread Index |
Old Index