[openssh-commits] [openssh] 03/04: upstream: make addargs() and replacearg() a little more robust and
git+noreply at mindrot.org
git+noreply at mindrot.org
Sun Mar 20 19:54:53 AEDT 2022
This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch master
in repository openssh.
commit a72bde294fe0518c9a44ba63864093a1ef2425e3
Author: djm at openbsd.org <djm at openbsd.org>
Date: Sun Mar 20 08:51:21 2022 +0000
upstream: make addargs() and replacearg() a little more robust and
improve error reporting
make freeargs(NULL) a noop like the other free functions
ok dtucker as part of bz3403
OpenBSD-Commit-ID: 15f86da83176978b4d1d288caa24c766dfa2983d
---
misc.c | 27 ++++++++++++++++++---------
1 file changed, 18 insertions(+), 9 deletions(-)
diff --git a/misc.c b/misc.c
index 417498de..85d22369 100644
--- a/misc.c
+++ b/misc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.c,v 1.174 2022/02/11 00:43:56 dtucker Exp $ */
+/* $OpenBSD: misc.c,v 1.175 2022/03/20 08:51:21 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2005-2020 Damien Miller. All rights reserved.
@@ -1069,16 +1069,21 @@ addargs(arglist *args, char *fmt, ...)
r = vasprintf(&cp, fmt, ap);
va_end(ap);
if (r == -1)
- fatal("addargs: argument too long");
+ fatal_f("argument too long");
nalloc = args->nalloc;
if (args->list == NULL) {
nalloc = 32;
args->num = 0;
- } else if (args->num+2 >= nalloc)
+ } else if (args->num > (256 * 1024))
+ fatal_f("too many arguments");
+ else if (args->num >= args->nalloc)
+ fatal_f("arglist corrupt");
+ else if (args->num+2 >= nalloc)
nalloc *= 2;
- args->list = xrecallocarray(args->list, args->nalloc, nalloc, sizeof(char *));
+ args->list = xrecallocarray(args->list, args->nalloc,
+ nalloc, sizeof(char *));
args->nalloc = nalloc;
args->list[args->num++] = cp;
args->list[args->num] = NULL;
@@ -1095,10 +1100,12 @@ replacearg(arglist *args, u_int which, char *fmt, ...)
r = vasprintf(&cp, fmt, ap);
va_end(ap);
if (r == -1)
- fatal("replacearg: argument too long");
+ fatal_f("argument too long");
+ if (args->list == NULL || args->num >= args->nalloc)
+ fatal_f("arglist corrupt");
if (which >= args->num)
- fatal("replacearg: tried to replace invalid arg %d >= %d",
+ fatal_f("tried to replace invalid arg %d >= %d",
which, args->num);
free(args->list[which]);
args->list[which] = cp;
@@ -1109,13 +1116,15 @@ freeargs(arglist *args)
{
u_int i;
- if (args->list != NULL) {
+ if (args == NULL)
+ return;
+ if (args->list != NULL && args->num < args->nalloc) {
for (i = 0; i < args->num; i++)
free(args->list[i]);
free(args->list);
- args->nalloc = args->num = 0;
- args->list = NULL;
}
+ args->nalloc = args->num = 0;
+ args->list = NULL;
}
/*
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list