Bug 192971 - [PATCH]Some utilies might lead to overflow
Summary: [PATCH]Some utilies might lead to overflow
Status: Open
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: CURRENT
Hardware: Any Any
: Normal Affects Many People
Assignee: freebsd-bugs mailing list
URL:
Keywords: patch
Depends on:
Blocks:
 
Reported: 2014-08-24 18:50 UTC by David CARLIER
Modified: 2018-05-20 23:51 UTC (History)
1 user (show)

See Also:


Attachments
Diff proposal (2.53 KB, patch)
2014-08-24 18:51 UTC, David CARLIER
no flags Details | Diff
Sysctl patch (1.66 KB, patch)
2014-08-25 10:26 UTC, David CARLIER
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description David CARLIER 2014-08-24 18:50:31 UTC
Some base utilities which use (especially with atoi without checking the values limits) might cause overflow.
Also vi uses strtol for COLUMNS / LINES env var but does not check out of range => Float point exception.

I propose a small patch to correct some of them.
Comment 1 David CARLIER 2014-08-24 18:51:04 UTC
Created attachment 146223 [details]
Diff proposal
Comment 2 David CARLIER 2014-08-25 10:26:05 UTC
Created attachment 146248 [details]
Sysctl patch

if I do sysctl kern.maxfiles=293879823734892347923849 => kern.maxfiles = -1 ... an overflow case ... I propose a small patch for it.
Comment 3 David CARLIER 2014-09-15 12:07:20 UTC
Patched version are available in HardenedBSD userlandenhanced branch if anyone interested https://github.com/HardenedBSD/hardenedBSD/tree/hardened/current/userlandenhanced
or the unstable one with all others HardenedBSD features
https://github.com/HardenedBSD/hardenedBSD/tree/hardened/current/unstable
Comment 4 commit-hook freebsd_committer 2015-07-13 05:56:43 UTC
A commit references this bug:

Author: bapt
Date: Mon Jul 13 05:56:28 UTC 2015
New revision: 285437
URL: https://svnweb.freebsd.org/changeset/base/285437

Log:
  Prevent potential integer overflow

  PR:		192971
  Submitted by:	David Carlier <david.carlier@hardenedbsd.org>

Changes:
  head/bin/ls/ls.c
Comment 5 commit-hook freebsd_committer 2015-07-13 05:59:45 UTC
A commit references this bug:

Author: bapt
Date: Mon Jul 13 05:59:42 UTC 2015
New revision: 285438
URL: https://svnweb.freebsd.org/changeset/base/285438

Log:
  Prevent potential integer overflow

  PR:		192971
  Submitted by:	David Carlier <david.carlier@hardenedbsd.org>

Changes:
  head/bin/stty/stty.c
Comment 6 Baptiste Daroussin freebsd_committer 2015-07-13 06:07:57 UTC
Sorry for delay.

I have committed 2 of them: 
ls and sttys.

Concerning vi it will have to be upstreamed first: https://github.com/lichray/nvi2

Concerning the systcl one it does not apply at all on vanilla's freebsd sysctl.c. There was probably a previous patch on hardennedbsd that has not been provided along with yours
Comment 7 Eitan Adler freebsd_committer freebsd_triage 2018-05-20 23:51:51 UTC
For bugs matching the following conditions:
- Status == In Progress
- Assignee == "bugs@FreeBSD.org"
- Last Modified Year <= 2017

Do
- Set Status to "Open"