diff --git a/lib/libc/stdio/fmemopen.c b/lib/libc/stdio/fmemopen.c index 2f835a34951b..dc323921d93a 100644 --- a/lib/libc/stdio/fmemopen.c +++ b/lib/libc/stdio/fmemopen.c @@ -1,261 +1,261 @@ /*- * SPDX-License-Identifier: BSD-2-Clause * * Copyright (C) 2013 Pietro Cerutti * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include #include #include #include #include #include #include "local.h" struct fmemopen_cookie { char *buf; /* pointer to the memory region */ bool own; /* did we allocate the buffer ourselves? */ char bin; /* is this a binary buffer? */ size_t size; /* buffer length in bytes */ size_t len; /* data length in bytes */ size_t off; /* current offset into the buffer */ }; static int fmemopen_read(void *cookie, char *buf, int nbytes); static int fmemopen_write(void *cookie, const char *buf, int nbytes); static fpos_t fmemopen_seek(void *cookie, fpos_t offset, int whence); static int fmemopen_close(void *cookie); FILE * fmemopen(void * __restrict buf, size_t size, const char * __restrict mode) { struct fmemopen_cookie *ck; FILE *f; int flags, rc; /* * POSIX says we shall return EINVAL if size is 0. */ if (size == 0) { errno = EINVAL; return (NULL); } /* * Retrieve the flags as used by open(2) from the mode argument, and * validate them. */ rc = __sflags(mode, &flags); if (rc == 0) { errno = EINVAL; return (NULL); } /* - * There's no point in requiring an automatically allocated buffer - * in write-only mode. + * An automatically allocated buffer is only allowed in read-write mode. */ - if (!(flags & O_RDWR) && buf == NULL) { + if ((flags & O_ACCMODE) != O_RDWR && buf == NULL) { errno = EINVAL; return (NULL); } ck = malloc(sizeof(struct fmemopen_cookie)); if (ck == NULL) { return (NULL); } ck->off = 0; ck->size = size; /* Check whether we have to allocate the buffer ourselves. */ ck->own = ((ck->buf = buf) == NULL); if (ck->own) { ck->buf = malloc(size); if (ck->buf == NULL) { free(ck); return (NULL); } } /* * POSIX distinguishes between w+ and r+, in that w+ is supposed to * truncate the buffer. */ if (ck->own || mode[0] == 'w') { ck->buf[0] = '\0'; } /* Check for binary mode. */ ck->bin = strchr(mode, 'b') != NULL; /* * The size of the current buffer contents is set depending on the * mode: * * for append (text-mode), the position of the first NULL byte, or the * size of the buffer if none is found * * for append (binary-mode), the size of the buffer * * for read, the size of the buffer * * for write, 0 */ switch (mode[0]) { case 'a': ck->off = ck->len = strnlen(ck->buf, ck->size); break; case 'r': ck->len = size; break; case 'w': ck->len = 0; break; } + /* Disable read in O_WRONLY mode, and write in O_RDONLY mode. */ f = funopen(ck, - flags & O_WRONLY ? NULL : fmemopen_read, - flags & O_RDONLY ? NULL : fmemopen_write, + (flags & O_ACCMODE) == O_WRONLY ? NULL : fmemopen_read, + (flags & O_ACCMODE) == O_RDONLY ? NULL : fmemopen_write, fmemopen_seek, fmemopen_close); if (f == NULL) { if (ck->own) free(ck->buf); free(ck); return (NULL); } if (mode[0] == 'a') f->_flags |= __SAPP; /* * Turn off buffering, so a write past the end of the buffer * correctly returns a short object count. */ setvbuf(f, NULL, _IONBF, 0); return (f); } static int fmemopen_read(void *cookie, char *buf, int nbytes) { struct fmemopen_cookie *ck = cookie; if (nbytes > ck->len - ck->off) nbytes = ck->len - ck->off; if (nbytes == 0) return (0); memcpy(buf, ck->buf + ck->off, nbytes); ck->off += nbytes; return (nbytes); } static int fmemopen_write(void *cookie, const char *buf, int nbytes) { struct fmemopen_cookie *ck = cookie; if (nbytes > ck->size - ck->off) nbytes = ck->size - ck->off; if (nbytes == 0) return (0); memcpy(ck->buf + ck->off, buf, nbytes); ck->off += nbytes; if (ck->off > ck->len) ck->len = ck->off; /* * We append a NULL byte if all these conditions are met: * - the buffer is not binary * - the buffer is not full * - the data just written doesn't already end with a NULL byte */ if (!ck->bin && ck->off < ck->size && ck->buf[ck->off - 1] != '\0') ck->buf[ck->off] = '\0'; return (nbytes); } static fpos_t fmemopen_seek(void *cookie, fpos_t offset, int whence) { struct fmemopen_cookie *ck = cookie; switch (whence) { case SEEK_SET: if (offset > ck->size) { errno = EINVAL; return (-1); } ck->off = offset; break; case SEEK_CUR: if (ck->off + offset > ck->size) { errno = EINVAL; return (-1); } ck->off += offset; break; case SEEK_END: if (offset > 0 || -offset > ck->len) { errno = EINVAL; return (-1); } ck->off = ck->len + offset; break; default: errno = EINVAL; return (-1); } return (ck->off); } static int fmemopen_close(void *cookie) { struct fmemopen_cookie *ck = cookie; if (ck->own) free(ck->buf); free(ck); return (0); } diff --git a/lib/libc/tests/stdio/fmemopen2_test.c b/lib/libc/tests/stdio/fmemopen2_test.c index 2e1b9ea917a5..a558ff3515e9 100644 --- a/lib/libc/tests/stdio/fmemopen2_test.c +++ b/lib/libc/tests/stdio/fmemopen2_test.c @@ -1,285 +1,318 @@ /*- Copyright (C) 2013 Pietro Cerutti Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /* * Test basic FILE * functions (fread, fwrite, fseek, fclose) against * a FILE * retrieved using fmemopen() */ #include #include #include #include #include ATF_TC_WITHOUT_HEAD(test_preexisting); ATF_TC_BODY(test_preexisting, tc) { /* Use a pre-existing buffer. */ char buf[512]; char buf2[512]; char str[] = "Test writing some stuff"; char str2[] = "AAAAAAAAA"; char str3[] = "AAAA writing some stuff"; FILE *fp; size_t nofw, nofr; int rc; /* Open a FILE * using fmemopen. */ fp = fmemopen(buf, sizeof(buf), "w"); ATF_REQUIRE(fp != NULL); /* Write to the buffer. */ nofw = fwrite(str, 1, sizeof(str), fp); ATF_REQUIRE(nofw == sizeof(str)); /* Close the FILE *. */ rc = fclose(fp); ATF_REQUIRE(rc == 0); /* Re-open the FILE * to read back the data. */ fp = fmemopen(buf, sizeof(buf), "r"); ATF_REQUIRE(fp != NULL); /* Read from the buffer. */ bzero(buf2, sizeof(buf2)); nofr = fread(buf2, 1, sizeof(buf2), fp); ATF_REQUIRE(nofr == sizeof(buf2)); /* * Since a write on a FILE * retrieved by fmemopen * will add a '\0' (if there's space), we can check * the strings for equality. */ ATF_REQUIRE(strcmp(str, buf2) == 0); /* Close the FILE *. */ rc = fclose(fp); ATF_REQUIRE(rc == 0); /* Now open a FILE * on the first 4 bytes of the string. */ fp = fmemopen(str, 4, "w"); ATF_REQUIRE(fp != NULL); /* * Try to write more bytes than we shoud, we'll get a short count (4). */ nofw = fwrite(str2, 1, sizeof(str2), fp); ATF_REQUIRE(nofw == 4); /* Close the FILE *. */ rc = fclose(fp); ATF_REQUIRE(rc == 0); /* Check that the string was not modified after the first 4 bytes. */ ATF_REQUIRE(strcmp(str, str3) == 0); } ATF_TC_WITHOUT_HEAD(test_autoalloc); ATF_TC_BODY(test_autoalloc, tc) { /* Let fmemopen allocate the buffer. */ FILE *fp; long pos; size_t nofw, i; int rc; /* Open a FILE * using fmemopen. */ fp = fmemopen(NULL, 512, "w+"); ATF_REQUIRE(fp != NULL); /* fill the buffer */ for (i = 0; i < 512; i++) { nofw = fwrite("a", 1, 1, fp); ATF_REQUIRE(nofw == 1); } /* Get the current position into the stream. */ pos = ftell(fp); ATF_REQUIRE(pos == 512); /* Try to write past the end, we should get a short object count (0) */ nofw = fwrite("a", 1, 1, fp); ATF_REQUIRE(nofw == 0); /* Close the FILE *. */ rc = fclose(fp); ATF_REQUIRE(rc == 0); /* Open a FILE * using a wrong mode */ fp = fmemopen(NULL, 512, "r"); ATF_REQUIRE(fp == NULL); + ATF_REQUIRE(errno == EINVAL); fp = fmemopen(NULL, 512, "w"); ATF_REQUIRE(fp == NULL); + ATF_REQUIRE(errno == EINVAL); } ATF_TC_WITHOUT_HEAD(test_data_length); ATF_TC_BODY(test_data_length, tc) { /* * Here we test that a read operation doesn't go past the end of the * data actually written, and that a SEEK_END seeks from the end of the * data, not of the whole buffer. */ FILE *fp; char buf[512] = {'\0'}; char str[] = "Test data length. "; char str2[] = "Do we have two sentences?"; char str3[sizeof(str) + sizeof(str2) -1]; long pos; size_t nofw, nofr; int rc; /* Open a FILE * for updating our buffer. */ fp = fmemopen(buf, sizeof(buf), "w+"); ATF_REQUIRE(fp != NULL); /* Write our string into the buffer. */ nofw = fwrite(str, 1, sizeof(str), fp); ATF_REQUIRE(nofw == sizeof(str)); /* Now seek to the end and check that ftell gives us sizeof(str). */ rc = fseek(fp, 0, SEEK_END); ATF_REQUIRE(rc == 0); pos = ftell(fp); ATF_REQUIRE(pos == sizeof(str)); /* Close the FILE *. */ rc = fclose(fp); ATF_REQUIRE(rc == 0); /* Reopen the buffer for appending. */ fp = fmemopen(buf, sizeof(buf), "a+"); ATF_REQUIRE(fp != NULL); /* We should now be writing after the first string. */ nofw = fwrite(str2, 1, sizeof(str2), fp); ATF_REQUIRE(nofw == sizeof(str2)); /* Rewind the FILE *. */ rc = fseek(fp, 0, SEEK_SET); ATF_REQUIRE(rc == 0); /* Make sure we're at the beginning. */ pos = ftell(fp); ATF_REQUIRE(pos == 0); /* Read the whole buffer. */ nofr = fread(str3, 1, sizeof(buf), fp); ATF_REQUIRE(nofr == sizeof(str3)); /* Make sure the two strings are there. */ ATF_REQUIRE(strncmp(str3, str, sizeof(str) - 1) == 0); ATF_REQUIRE(strncmp(str3 + sizeof(str) - 1, str2, sizeof(str2)) == 0); /* Close the FILE *. */ rc = fclose(fp); ATF_REQUIRE(rc == 0); } ATF_TC_WITHOUT_HEAD(test_binary); ATF_TC_BODY(test_binary, tc) { /* * Make sure that NULL bytes are never appended when opening a buffer * in binary mode. */ FILE *fp; char buf[20]; char str[] = "Test"; size_t nofw; int rc, i; /* Pre-fill the buffer. */ memset(buf, 'A', sizeof(buf)); /* Open a FILE * in binary mode. */ fp = fmemopen(buf, sizeof(buf), "w+b"); ATF_REQUIRE(fp != NULL); /* Write some data into it. */ nofw = fwrite(str, 1, strlen(str), fp); ATF_REQUIRE(nofw == strlen(str)); /* Make sure that the buffer doesn't contain any NULL bytes. */ for (i = 0; i < sizeof(buf); i++) ATF_REQUIRE(buf[i] != '\0'); /* Close the FILE *. */ rc = fclose(fp); ATF_REQUIRE(rc == 0); } ATF_TC_WITHOUT_HEAD(test_append_binary_pos); ATF_TC_BODY(test_append_binary_pos, tc) { /* * For compatibility with other implementations (glibc), we set the * position to 0 when opening an automatically allocated binary stream * for appending. */ FILE *fp; fp = fmemopen(NULL, 16, "ab+"); ATF_REQUIRE(fp != NULL); ATF_REQUIRE(ftell(fp) == 0L); fclose(fp); /* Make sure that a pre-allocated buffer behaves correctly. */ char buf[] = "Hello"; fp = fmemopen(buf, sizeof(buf), "ab+"); ATF_REQUIRE(fp != NULL); ATF_REQUIRE(ftell(fp) == strlen(buf)); fclose(fp); } ATF_TC_WITHOUT_HEAD(test_size_0); ATF_TC_BODY(test_size_0, tc) { /* POSIX mandates that we return EINVAL if size is 0. */ FILE *fp; fp = fmemopen(NULL, 0, "r+"); ATF_REQUIRE(fp == NULL); ATF_REQUIRE(errno == EINVAL); } +/* + * PR281953 - ensure we cannot write in read-only only mode, and cannot read in + * write-only mode. + */ +ATF_TC_WITHOUT_HEAD(test_rdonly_wronly); +ATF_TC_BODY(test_rdonly_wronly, tc) +{ + FILE *fp; + char buf[16]; + char buf_orig[16] = "input data"; + char buf_write[16] = "write"; + size_t sz; + + memcpy(buf, buf_orig, sizeof(buf)); + fp = fmemopen(buf, sizeof(buf), "r"); + ATF_REQUIRE(fp != NULL); + sz = fwrite(buf_write, 1, strlen(buf_write), fp); + ATF_REQUIRE(sz == 0); + ATF_REQUIRE(errno == EBADF); + ATF_REQUIRE(memcmp(buf, buf_orig, sizeof(buf)) == 0); + fclose(fp); + + fp = fmemopen(buf_orig, sizeof(buf), "w"); + ATF_REQUIRE(fp != NULL); + sz = fread(buf, sizeof(buf), 1, fp); + ATF_REQUIRE(sz == 0); + ATF_REQUIRE(errno == EBADF); + fclose(fp); +} + ATF_TP_ADD_TCS(tp) { ATF_TP_ADD_TC(tp, test_autoalloc); ATF_TP_ADD_TC(tp, test_preexisting); ATF_TP_ADD_TC(tp, test_data_length); ATF_TP_ADD_TC(tp, test_binary); ATF_TP_ADD_TC(tp, test_append_binary_pos); ATF_TP_ADD_TC(tp, test_size_0); + ATF_TP_ADD_TC(tp, test_rdonly_wronly); return (atf_no_error()); }