• Address concerns of Chris Palmer from the Android security team
– possible integer overflows in memory allocation, mostly
‣ multiplication: all are checked now
‣ addition: reviewed them, most were “proven” or guessed to be
“almost” impossible to run over (e.g. when we have a string
whose length is taken it is assumed that the length will be
more than only a few bytes below SIZE_MAX, since code and
stack have to fit); some are checked now (e.g. when one of
the summands is an off_t); most of the unchecked ones are
annotated now
⇒ cost (MirBSD/i386 static): +76 .text
⇒ cost (Debian sid/i386): +779 .text -4 .data
– on Linux targets, setuid() setresuid() setresgid() can fail
with EAGAIN; check for that and, if so, warn once and retry
infinitely (other targets to be added later once we know that
they are “insane”)
⇒ cost (Debian sid/i386): +192 .text (includes .rodata)
• setmode.c: Do overflow checking for realloc() too; switch back
from calloc() to a checked malloc() for simplification while there
• define -DIN_MKSH and let setmode.c look a tad nicer while here
This commit is contained in:
tg
21
histrap.c
21
histrap.c
@@ -26,7 +26,7 @@
|
||||
#include <sys/file.h>
|
||||
#endif
|
||||
|
||||
__RCSID("$MirOS: src/bin/mksh/histrap.c,v 1.101 2010/08/28 20:22:18 tg Exp $");
|
||||
__RCSID("$MirOS: src/bin/mksh/histrap.c,v 1.102 2010/09/14 21:26:13 tg Exp $");
|
||||
|
||||
/*-
|
||||
* MirOS: This is the default mapping type, and need not be specified.
|
||||
@@ -92,6 +92,8 @@ c_fc(const char **wp)
|
||||
sflag = true;
|
||||
else {
|
||||
size_t len = strlen(p);
|
||||
|
||||
/* almost certainly not overflowing */
|
||||
editor = alloc(len + 4, ATEMP);
|
||||
memcpy(editor, p, len);
|
||||
memcpy(editor + len, " $_", 4);
|
||||
@@ -269,7 +271,17 @@ c_fc(const char **wp)
|
||||
return (1);
|
||||
}
|
||||
|
||||
n = stat(tf->name, &statb) < 0 ? 128 : statb.st_size + 1;
|
||||
if (stat(tf->name, &statb) < 0)
|
||||
n = 128;
|
||||
else {
|
||||
if (notoktoadd(statb.st_size, 1 + X_EXTRA)) {
|
||||
bi_errorf(T_intovfl,
|
||||
(unsigned long)statb.st_size, '+',
|
||||
1UL + X_EXTRA);
|
||||
goto errout;
|
||||
}
|
||||
n = statb.st_size + 1;
|
||||
}
|
||||
Xinit(xs, xp, n, hist_source->areap);
|
||||
while ((n = shf_read(xp, Xnleft(xs, xp), shf)) > 0) {
|
||||
xp += n;
|
||||
@@ -279,6 +291,7 @@ c_fc(const char **wp)
|
||||
if (n < 0) {
|
||||
bi_errorf("can't %s temporary file %s: %s",
|
||||
"read", tf->name, strerror(shf_errno(shf)));
|
||||
errout:
|
||||
shf_close(shf);
|
||||
return (1);
|
||||
}
|
||||
@@ -532,7 +545,7 @@ sethistsize(int n)
|
||||
cursize = n;
|
||||
}
|
||||
|
||||
history = aresize(history, n * sizeof(char *), APERM);
|
||||
history = aresize2(history, n, sizeof(char *), APERM);
|
||||
|
||||
histsize = n;
|
||||
histptr = history + cursize;
|
||||
@@ -583,7 +596,7 @@ init_histvec(void)
|
||||
{
|
||||
if (history == (char **)NULL) {
|
||||
histsize = HISTORYSIZE;
|
||||
history = alloc(histsize * sizeof(char *), APERM);
|
||||
history = alloc2(histsize, sizeof(char *), APERM);
|
||||
histptr = history - 1;
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user