Make sure we receive what we expect over imsg.

Instead of repairing potential garbage ensure that we receive proper C
strings. Inspired by a similar diff by deraadt@ for ldapd.

diff --git a/sbin/dhcpleased/engine.c b/sbin/dhcpleased/engine.c
index 39eca76..13bea5b 100644 (file)
--- a/sbin/dhcpleased/engine.c
+++ b/sbin/dhcpleased/engine.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: engine.c,v 1.33 2021/12/13 16:12:10 florian Exp $     */
+/*     $OpenBSD: engine.c,v 1.34 2021/12/18 10:34:19 florian Exp $     */
 
 /*
  * Copyright (c) 2017, 2021 Florian Obser <florian@openbsd.org>
@@ -452,6 +452,8 @@ engine_dispatch_main(int fd, short event, void *bula)
                                fatalx("%s: IMSG_UPDATE_IF wrong length: %lu",
                                    __func__, IMSG_DATA_SIZE(imsg));
                        memcpy(&imsg_ifinfo, imsg.data, sizeof(imsg_ifinfo));
+                       if (imsg_ifinfo.lease[LEASE_SIZE - 1] != '\0')
+                               fatalx("Invalid lease");
                        engine_update_iface(&imsg_ifinfo);
                        break;
 #ifndef SMALL
@@ -1742,9 +1744,6 @@ parse_lease(struct dhcpleased_iface *iface, struct imsg_ifinfo *imsg_ifinfo)
 {
        char    *p, *p1;
 
-       /* make sure this is a string */
-       imsg_ifinfo->lease[sizeof(imsg_ifinfo->lease) - 1] = '\0';
-
        iface->requested_ip.s_addr = INADDR_ANY;
 
        if ((p = strstr(imsg_ifinfo->lease, LEASE_IP_PREFIX)) == NULL)

diff --git a/sbin/unwind/resolver.c b/sbin/unwind/resolver.c
index 24d1054..79e7b9b 100644 (file)
--- a/sbin/unwind/resolver.c
+++ b/sbin/unwind/resolver.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: resolver.c,v 1.153 2021/11/16 16:45:23 kn Exp $       */
+/*     $OpenBSD: resolver.c,v 1.154 2021/12/18 10:34:19 florian Exp $  */
 
 
 /*
@@ -535,8 +535,9 @@ resolver_dispatch_frontend(int fd, short event, void *bula)
                        show_mem(imsg.hdr.pid);
                        break;
                case IMSG_NEW_TA:
-                       /* make sure this is a string */
-                       ((char *)imsg.data)[IMSG_DATA_SIZE(imsg) - 1] = '\0';
+                       if (((char *)imsg.data)[IMSG_DATA_SIZE(imsg) - 1] !=
+                           '\0')
+                               fatalx("Invalid trust anchor");
                        ta = imsg.data;
                        add_new_ta(&new_trust_anchors, ta);
                        break;

diff --git a/sbin/unwind/unwind.c b/sbin/unwind/unwind.c
index adea414..3a407c9 100644 (file)
--- a/sbin/unwind/unwind.c
+++ b/sbin/unwind/unwind.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: unwind.c,v 1.66 2021/10/22 15:11:51 florian Exp $     */
+/*     $OpenBSD: unwind.c,v 1.67 2021/12/18 10:34:19 florian Exp $     */
 
 /*
  * Copyright (c) 2018 Florian Obser <florian@openbsd.org>
@@ -897,8 +897,8 @@ imsg_receive_config(struct imsg *imsg, struct uw_conf **xconf)
                RB_INIT(&nconf->force);
                break;
        case IMSG_RECONF_BLOCKLIST_FILE:
-               /* make sure this is a string */
-               ((char *)imsg->data)[IMSG_DATA_SIZE(*imsg) - 1] = '\0';
+               if (((char *)imsg->data)[IMSG_DATA_SIZE(*imsg) - 1] != '\0')
+                       fatalx("Invalid blocklist file");
                if ((nconf->blocklist_file = strdup(imsg->data)) ==
                    NULL)
                        fatal("%s: strdup", __func__);