NetBSD Problem Report #39746
From www@NetBSD.org Thu Oct 16 05:04:43 2008
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
by narn.NetBSD.org (Postfix) with ESMTP id 6CD2A63BC83
for <gnats-bugs@gnats.netbsd.org>; Thu, 16 Oct 2008 05:04:43 +0000 (UTC)
Message-Id: <20081016050443.0DFB563BAC6@narn.NetBSD.org>
Date: Thu, 16 Oct 2008 05:04:43 +0000 (UTC)
From: abutter.gao@gmail.com
Reply-To: abutter.gao@gmail.com
To: gnats-bugs@NetBSD.org
Subject: Too small buffer for long TMPDIR and unlinked-file in src/usr.bin/config/main.c
X-Send-Pr-Version: www-1.0
>Number: 39746
>Category: bin
>Synopsis: Too small buffer for long TMPDIR and unlinked-file in src/usr.bin/config/main.c
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: bin-bug-people
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Oct 16 05:05:00 +0000 2008
>Closed-Date: Thu Oct 16 05:42:12 +0000 2008
>Last-Modified: Thu Oct 16 18:40:01 +0000 2008
>Originator: Gao Ya'nan
>Release: NetBSD-current and NetBSD-4.0
>Organization:
>Environment:
NetBSD abutter.foo.org 4.0 NetBSD 4.0 (GENERIC) #0: Sun Dec 16 00:20:10 PST 2007 builds@wb34:/home/builds/ab/netbsd-4-0-RELEASE/i386/200712160005Z-obj/home/builds/ab/netbsd-4-0-RELEASE/src/sys/arch/i386/compile/GENERIC i386
>Description:
----------------------------------->cut<----------------------------------------
int
main(int argc, char **argv)
{
char *p, cname[20];
const char *last_component;
----------------------------------->cut<----------------------------------------
So, cname only takes 20 bytes.
----------------------------------->cut<----------------------------------------
/* Open temporary configuration file */
tmpdir = getenv("TMPDIR");
if (tmpdir == NULL)
tmpdir = "/tmp";
snprintf(cname, sizeof(cname), "%s/config.tmp.XXXXXX", tmpdir);
cfd = mkstemp(cname);
if (cfd == -1)
err(EXIT_FAILURE, "Cannot create `%s'", cname);
printf("Using configuration data embedded in kernel...\n");
if (!extract_config(conffile, cname, cfd))
errx(EXIT_FAILURE, "%s does not contain embedded "
"configuration data", conffile);
removeit = 1;
close(cfd);
firstfile(cname);
----------------------------------->cut<----------------------------------------
First, if $TMPDIR is more than 7 bytes, 'XXXXXX' will be lost, and if $TMPDIR is longer enough, full name will be truncated
Second, extract_config() returns with 0, there will be an unlink-ed file in TMPDIR or above directory.
>How-To-Repeat:
TMPDIR=/mnt/averylongtmpdirforconfig config -b /mnt/build netbsd
>Fix:
1, change the size of cname to MAXPATHLEN;
2, unlinked the file if extract_config returns with 0.
>Release-Note:
>Audit-Trail:
From: "David A. Holland" <dholland@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/39746 CVS commit: src/usr.bin/config
Date: Thu, 16 Oct 2008 05:35:01 +0000 (UTC)
Module Name: src
Committed By: dholland
Date: Thu Oct 16 05:35:01 UTC 2008
Modified Files:
src/usr.bin/config: main.c
Log Message:
Fix ridiculously small filename buffer for temporary file and resulting
truncation if $TMPDIR is set; also, fix an error path to not leave the
temporary file behind. From Gao Ya'nan in PR 39746.
While here, use _PATH_TMP instead of a hardwired "/tmp".
To generate a diff of this commit:
cvs rdiff -r1.29 -r1.30 src/usr.bin/config/main.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: open->closed
State-Changed-By: dholland@NetBSD.org
State-Changed-When: Thu, 16 Oct 2008 05:42:12 +0000
State-Changed-Why:
Fixed in HEAD.
I'm not going to request this be pulled up to netbsd-4 because it's noncritical
and has some chance of breaking cross-building.
From: "Greg A. Woods; Planix, Inc." <woods@planix.ca>
To: gnats-bugs@NetBSD.org
Cc: dholland@NetBSD.org,
abutter.gao@gmail.com
Subject: Re: bin/39746 (Too small buffer for long TMPDIR and unlinked-file in src/usr.bin/config/main.c)
Date: Thu, 16 Oct 2008 11:02:06 -0400
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--Apple-Mail-43-1048990712
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
Content-Transfer-Encoding: 7bit
On 16-Oct-08, at 1:42 AM, dholland@netbsd.org wrote:
> Synopsis: Too small buffer for long TMPDIR and unlinked-file in src/
> usr.bin/config/main.c
>
> State-Changed-From-To: open->closed
> State-Changed-By: dholland@NetBSD.org
> State-Changed-When: Thu, 16 Oct 2008 05:42:12 +0000
> State-Changed-Why:
> Fixed in HEAD.
> I'm not going to request this be pulled up to netbsd-4 because it's
> noncritical
> and has some chance of breaking cross-building.
Are you worried about new the use of _PATH_TMP? That's already
covered in the toools/compat headers fetched by nbtool_config.h so it
shouldn't cause any problems.
I'm not quite sure how such an otherwise serious bug fix could cause
problems for cross-building.
--
Greg A. Woods; Planix, Inc.
<woods@planix.ca>
--Apple-Mail-43-1048990712
content-type: application/pgp-signature; x-mac-type=70674453;
name=PGP.sig
content-description: This is a digitally signed message part
content-disposition: inline; filename=PGP.sig
content-transfer-encoding: 7bit
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
iD8DBQFI91duZn1xt3i/9H8RAh4JAKD1DgeB/k8CHtDeztxpcb86NkY6xgCggoIE
5buQUo6evT716iZpHWYCvYs=
=Wvzw
-----END PGP SIGNATURE-----
--Apple-Mail-43-1048990712--
From: David Holland <dholland-bugs@netbsd.org>
To: gnats-bugs@NetBSD.org
Cc: gnats-admin@netbsd.org, netbsd-bugs@netbsd.org, abutter.gao@gmail.com
Subject: Re: bin/39746 (Too small buffer for long TMPDIR and unlinked-file
in src/usr.bin/config/main.c)
Date: Thu, 16 Oct 2008 18:36:57 +0000
On Thu, Oct 16, 2008 at 03:05:05PM +0000, Greg A. Woods; Planix, Inc. wrote:
>> I'm not going to request this be pulled up to netbsd-4 because it's
>> noncritical and has some chance of breaking cross-building.
>
> Are you worried about new the use of _PATH_TMP? That's already
> covered in the toools/compat headers fetched by nbtool_config.h so it
> shouldn't cause any problems.
>
> I'm not quite sure how such an otherwise serious bug fix could cause
> problems for cross-building.
The change added a couple headers and symbols that weren't previously
used. We try to build on a lot of broken platforms. Meanwhile, it is a
minor issue and not worth spending time on.
--
David A. Holland
dholland@netbsd.org
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.