Bug 192971

Summary:

[PATCH]Some utilies might lead to overflow

Product:

Base System

Reporter:

David CARLIER <david.carlier>

Component:

bin

Assignee:

freebsd-bugs (Nobody) <bugs>

Status:

Closed Overcome By Events

Severity:

Affects Many People

CC:

emaste, pstef

Priority:

Normal

Keywords:

patch

Version:

CURRENT

Hardware:

Any

OS:

Any

Attachments:

Description	Flags
Diff proposal	none
Sysctl patch	none

Description David CARLIER 2014-08-24 18:50:31 UTC

Some base utilities which use (especially with atoi without checking the values limits) might cause overflow.
Also vi uses strtol for COLUMNS / LINES env var but does not check out of range => Float point exception.

I propose a small patch to correct some of them.

Comment 1 David CARLIER 2014-08-24 18:51:04 UTC

Created attachment 146223 [details]
Diff proposal

Comment 2 David CARLIER 2014-08-25 10:26:05 UTC

Created attachment 146248 [details]
Sysctl patch

if I do sysctl kern.maxfiles=293879823734892347923849 => kern.maxfiles = -1 ... an overflow case ... I propose a small patch for it.

Comment 3 David CARLIER 2014-09-15 12:07:20 UTC

Patched version are available in HardenedBSD userlandenhanced branch if anyone interested https://github.com/HardenedBSD/hardenedBSD/tree/hardened/current/userlandenhanced
or the unstable one with all others HardenedBSD features
https://github.com/HardenedBSD/hardenedBSD/tree/hardened/current/unstable

Comment 4 commit-hook freebsd_committer

2015-07-13 05:56:43 UTC

A commit references this bug:

Author: bapt
Date: Mon Jul 13 05:56:28 UTC 2015
New revision: 285437
URL: https://svnweb.freebsd.org/changeset/base/285437

Log:
  Prevent potential integer overflow

  PR:		192971
  Submitted by:	David Carlier <david.carlier@hardenedbsd.org>

Changes:
  head/bin/ls/ls.c

Comment 5 commit-hook freebsd_committer

2015-07-13 05:59:45 UTC

A commit references this bug:

Author: bapt
Date: Mon Jul 13 05:59:42 UTC 2015
New revision: 285438
URL: https://svnweb.freebsd.org/changeset/base/285438

Log:
  Prevent potential integer overflow

  PR:		192971
  Submitted by:	David Carlier <david.carlier@hardenedbsd.org>

Changes:
  head/bin/stty/stty.c

Comment 6 Baptiste Daroussin freebsd_committer

2015-07-13 06:07:57 UTC

Sorry for delay.

I have committed 2 of them: 
ls and sttys.

Concerning vi it will have to be upstreamed first: https://github.com/lichray/nvi2

Concerning the systcl one it does not apply at all on vanilla's freebsd sysctl.c. There was probably a previous patch on hardennedbsd that has not been provided along with yours

Comment 7 Eitan Adler freebsd_committer

2018-05-20 23:51:51 UTC

For bugs matching the following conditions:
- Status == In Progress
- Assignee == "bugs@FreeBSD.org"
- Last Modified Year <= 2017

Do
- Set Status to "Open"

Comment 8 Piotr Pawel Stefaniak freebsd_committer

2021-09-30 21:37:33 UTC

I think we can close this. nvi now uses atoz_or() which uses strtol() and sysctl still uses strto*() which clamp values originally out of range.