Page MenuHomeFreeBSD

Prevent buffer overrun in tzsetup (for -C with overly large parameter)

Authored by se on Jan 22 2019, 1:56 PM.


Group Reviewers
Src Committers

The tzsetup command has been included in a CI report due to its use of strcpy(). While this particular use is save and the report is a false positive given the constant strings copied in to a PATH_MAX sized buffer, there is an actual potential buffer overrun nearby where the unbounded size value of chrootenv is assigned to fixed size buffers.

While the strcpy() uses are safe unless the _PATH_* defines are changed, I propose to silence the CI report by use of strlcpy.
The sprintf() calls are replaced by snprintf() to prevent overflow. (Not reported by CI.)

Test Plan

Build the tzsetup binary with the patch.
Assert that there are no compiler warnings/errors.
Verify that the command still operates correctly (finds the required files with and without "-C chrootenv").

Diff Detail

rS FreeBSD src repository
Lint Skipped
Unit Tests Skipped
Build Status
Buildable 22072

Event Timeline

se created this revision.Jan 22 2019, 1:56 PM
emaste added a subscriber: emaste.Jan 22 2019, 4:50 PM
hselasky accepted this revision.Jul 31 2019, 9:25 AM
This revision is now accepted and ready to land.Jul 31 2019, 9:25 AM
hselasky added inline comments.Jul 31 2019, 9:30 AM

You could also compile time assert that the buffer is big enough.