Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mfiutil: Fix unsafe assumptions of snprintf(3) return value in function mfi_autolearn_period #1405

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

mfiutil: Fix unsafe assumptions of snprintf(3) return value in function mfi_autolearn_period #1405

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 13 additions & 2 deletions usr.sbin/mfiutil/mfi_bbu.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,13 +50,24 @@

tmp = buf;
if (d != 0) {
tmp += snprintf(buf, sz, "%u day%s", d, d == 1 ? "" : "s");
int fmt_len;
fmt_len = snprintf(buf, sz, "%u day%s", d, d == 1 ? "" : "s");
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The proposed change won't hurt but I don't think snprintf can return a negative number here, no?

Copy link
Member

@bsdimp bsdimp Sep 21, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It returns the number of characters that would be written if there was an unlimited buffer. It might be > sz.
However, it can return < 0 if there's an error in formatting (well, the man page just says "an error") so we return at least an empty buffer.

if (fmt_len < 0) {
*buf = 0;
return;
}
if ((size_t)fmt_len >= sz) return;

Check failure on line 59 in usr.sbin/mfiutil/mfi_bbu.c

View workflow job for this annotation

GitHub Actions / Style Checker 

trailing statements should be on next line

Check failure on line 59 in usr.sbin/mfiutil/mfi_bbu.c

View workflow job for this annotation

GitHub Actions / Style Checker 

trailing statements should be on next line
tmp += fmt_len;
sz -= tmp - buf;
if (h != 0) {
tmp += snprintf(tmp, sz, ", ");
fmt_len = snprintf(tmp, sz, ", ");
if (fmt_len < 0 || (size_t)fmt_len >= sz) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

or maybe just strlcat()? I don't see a need to use snprintf here...

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

agree'd

return;
}
tmp += fmt_len;
sz -= 2;
}
}

Check warning on line 70 in usr.sbin/mfiutil/mfi_bbu.c

View workflow job for this annotation

GitHub Actions / Style Checker 

Missing Signed-off-by: line

Check warning on line 70 in usr.sbin/mfiutil/mfi_bbu.c

View workflow job for this annotation

GitHub Actions / Style Checker 

Missing Signed-off-by: line
if (h != 0)
snprintf(tmp, sz, "%u hour%s", h, h == 1 ? "" : "s");

Expand Down
Loading