1 |
--- fortune-mod-2.6.2/tests/t/valgrind.t.ORIG 2020-04-30 10:32:03.737000691 +0300 |
2 |
+++ fortune-mod-2.6.2/tests/t/valgrind.t 2020-04-30 10:32:36.067685806 +0300 |
3 |
@@ -7,7 +7,7 @@ |
4 |
use Test::RunValgrind; |
5 |
|
6 |
# plan skip_all => 'lib-recode has memory leaks'; |
7 |
-plan tests => 4; |
8 |
+plan tests => 7; |
9 |
|
10 |
my $obj = Test::RunValgrind->new({}); |
11 |
|
12 |
@@ -50,3 +50,37 @@ |
13 |
blurb => 'fortune -i -m valgrind test', |
14 |
} |
15 |
); |
16 |
+ |
17 |
+# TEST*2 |
18 |
+foreach my $prog (qw/ strfile unstr /) |
19 |
+{ |
20 |
+ $obj->run( |
21 |
+ { |
22 |
+ log_fn => "./fortune--$prog-buffer-overflow.valgrind-log", |
23 |
+ prog => "./$prog", |
24 |
+ argv => [ |
25 |
+ ( ( $prog eq "randstr" ) ? ("filler") : () ), |
26 |
+ scalar( "AAAAAAAAAAAAAAAA/" x 1000 ) |
27 |
+ ], |
28 |
+ blurb => "$prog buffer overflow test", |
29 |
+ } |
30 |
+ ); |
31 |
+} |
32 |
+ |
33 |
+# TEST |
34 |
+foreach my $prog (qw/ unstr /) |
35 |
+{ |
36 |
+ $obj->run( |
37 |
+ { |
38 |
+ log_fn => "./fortune--$prog-buffer-overflow.valgrind-log", |
39 |
+ prog => "./$prog", |
40 |
+ argv => [ |
41 |
+ scalar( "AAAAAAAAAAAAAAAA/" x 1000 ), |
42 |
+ scalar( "BBBBBBBBBBBBBBBB/" x 1000 ), |
43 |
+ scalar( "BBBBBBBBBBBBBBBB/" x 1000 ), |
44 |
+ scalar( "BBBBBBBBBBBBBBBB/" x 1000 ), |
45 |
+ ], |
46 |
+ blurb => "$prog buffer overflow two args test", |
47 |
+ } |
48 |
+ ); |
49 |
+} |
50 |
--- fortune-mod-2.6.2/util/randstr.c.ORIG 2016-04-05 16:53:59.000000000 +0300 |
51 |
+++ fortune-mod-2.6.2/util/randstr.c 2020-04-30 10:30:36.725852569 +0300 |
52 |
@@ -120,14 +120,18 @@ |
53 |
Infile = *av; |
54 |
/* Hmm. Don't output anything if we can help it. |
55 |
* fprintf(stderr, "Input file: %s\n",Infile); */ |
56 |
+ if (strlen(Infile) > sizeof(Datafile)-10) |
57 |
+ { |
58 |
+ perror("input filename too long."); |
59 |
+ exit(1); |
60 |
+ } |
61 |
if (!strrchr(Infile, '.')) |
62 |
{ |
63 |
- strcpy(Datafile, Infile); |
64 |
- strcat(Datafile, ".dat"); |
65 |
+ snprintf(Datafile, sizeof(Datafile), "%s.dat", Infile); |
66 |
} |
67 |
else |
68 |
{ |
69 |
- strcpy(Datafile, Infile); |
70 |
+ snprintf(Datafile, sizeof(Datafile), "%s", Infile); |
71 |
extc = strrchr(Infile, '.'); |
72 |
*extc = '\0'; |
73 |
} |
74 |
--- fortune-mod-2.6.2/util/strfile.c.ORIG 2018-05-09 17:15:16.000000000 +0300 |
75 |
+++ fortune-mod-2.6.2/util/strfile.c 2020-04-30 10:30:36.725852569 +0300 |
76 |
@@ -209,7 +209,14 @@ |
77 |
{ |
78 |
Infile = *argv; |
79 |
if (*++argv) |
80 |
- (void) strcpy(Outfile, *argv); |
81 |
+ { |
82 |
+ if (strlen(*argv) > sizeof(Outfile)-10) |
83 |
+ { |
84 |
+ perror("input filename too long."); |
85 |
+ exit(1); |
86 |
+ } |
87 |
+ snprintf(Outfile, sizeof(Outfile), "%s", *argv); |
88 |
+ } |
89 |
} |
90 |
if (!Infile) |
91 |
{ |
92 |
@@ -218,8 +225,12 @@ |
93 |
} |
94 |
if (*Outfile == '\0') |
95 |
{ |
96 |
- strcpy(Outfile, Infile); |
97 |
- strcat(Outfile, ".dat"); |
98 |
+ if (strlen(Infile) > sizeof(Outfile)-10) |
99 |
+ { |
100 |
+ perror("input filename too long."); |
101 |
+ exit(1); |
102 |
+ } |
103 |
+ snprintf(Outfile, sizeof(Outfile), "%s.dat", Infile); |
104 |
} |
105 |
} |
106 |
|
107 |
--- fortune-mod-2.6.2/util/unstr.c.ORIG 2018-05-09 17:15:16.000000000 +0300 |
108 |
+++ fortune-mod-2.6.2/util/unstr.c 2020-04-30 10:30:36.726852559 +0300 |
109 |
@@ -139,20 +139,29 @@ |
110 |
{ |
111 |
Infile = *av; |
112 |
fprintf(stderr, "Input file: %s\n", Infile); |
113 |
+ if (strlen(Infile) > sizeof(Datafile)-10) |
114 |
+ { |
115 |
+ perror("input filename too long."); |
116 |
+ exit(1); |
117 |
+ } |
118 |
if (!strrchr(Infile, '.')) |
119 |
{ |
120 |
- strcpy(Datafile, Infile); |
121 |
- strcat(Datafile, ".dat"); |
122 |
+ snprintf(Datafile, sizeof(Datafile), "%s.dat", Infile); |
123 |
} |
124 |
else |
125 |
{ |
126 |
- strcpy(Datafile, Infile); |
127 |
+ snprintf(Datafile, sizeof(Datafile), "%s", Infile); |
128 |
extc = strrchr(Infile, '.'); |
129 |
*extc = '\0'; |
130 |
} |
131 |
if (*++av) |
132 |
{ |
133 |
- strcpy(Outfile, *av); |
134 |
+ if (strlen(*av) > sizeof(Outfile)-10) |
135 |
+ { |
136 |
+ perror("input filename too long."); |
137 |
+ exit(1); |
138 |
+ } |
139 |
+ snprintf(Outfile, sizeof(Outfile), "%s", *av); |
140 |
fprintf(stderr, "Output file: %s\n", Outfile); |
141 |
} |
142 |
} |