Some base utilities which use (especially with atoi without checking the values limits) might cause overflow. Also vi uses strtol for COLUMNS / LINES env var but does not check out of range => Float point exception. I propose a small patch to correct some of them.
Created attachment 146223 [details] Diff proposal
Created attachment 146248 [details] Sysctl patch if I do sysctl kern.maxfiles=293879823734892347923849 => kern.maxfiles = -1 ... an overflow case ... I propose a small patch for it.
Patched version are available in HardenedBSD userlandenhanced branch if anyone interested https://github.com/HardenedBSD/hardenedBSD/tree/hardened/current/userlandenhanced or the unstable one with all others HardenedBSD features https://github.com/HardenedBSD/hardenedBSD/tree/hardened/current/unstable
A commit references this bug: Author: bapt Date: Mon Jul 13 05:56:28 UTC 2015 New revision: 285437 URL: https://svnweb.freebsd.org/changeset/base/285437 Log: Prevent potential integer overflow PR: 192971 Submitted by: David Carlier <david.carlier@hardenedbsd.org> Changes: head/bin/ls/ls.c
A commit references this bug: Author: bapt Date: Mon Jul 13 05:59:42 UTC 2015 New revision: 285438 URL: https://svnweb.freebsd.org/changeset/base/285438 Log: Prevent potential integer overflow PR: 192971 Submitted by: David Carlier <david.carlier@hardenedbsd.org> Changes: head/bin/stty/stty.c
Sorry for delay. I have committed 2 of them: ls and sttys. Concerning vi it will have to be upstreamed first: https://github.com/lichray/nvi2 Concerning the systcl one it does not apply at all on vanilla's freebsd sysctl.c. There was probably a previous patch on hardennedbsd that has not been provided along with yours
For bugs matching the following conditions: - Status == In Progress - Assignee == "bugs@FreeBSD.org" - Last Modified Year <= 2017 Do - Set Status to "Open"
I think we can close this. nvi now uses atoz_or() which uses strtol() and sysctl still uses strto*() which clamp values originally out of range.