From: tb Date: Fri, 15 Dec 2017 14:20:52 +0000 (+0000) Subject: Use the canonical idiom to check strlcat(3). An unchecked strlcat call X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=08e293d1d8094d6076f4760a75ceb05868dbd5a2;p=openbsd Use the canonical idiom to check strlcat(3). An unchecked strlcat call led to unexpected output: compare 'jot -w $(printf %1020s)%d%' 1 1' with 'jot -w $(printf %1019s)%d%' 1 1'. found by & ok martijn --- diff --git a/usr.bin/jot/jot.c b/usr.bin/jot/jot.c index c01ebb0fb3a..12b1fc5116b 100644 --- a/usr.bin/jot/jot.c +++ b/usr.bin/jot/jot.c @@ -1,4 +1,4 @@ -/* $OpenBSD: jot.c,v 1.38 2017/12/15 13:04:11 tb Exp $ */ +/* $OpenBSD: jot.c,v 1.39 2017/12/15 14:20:52 tb Exp $ */ /* $NetBSD: jot.c,v 1.3 1994/12/02 20:29:43 pk Exp $ */ /*- @@ -379,10 +379,9 @@ getformat(void) errx(1, "-w word too long"); intdata = true; } else if (*(p+1) == '\0') { - if (sz <= 0) - errx(1, "-w word too long"); /* cannot end in single '%' */ - strlcat(format, "%", sizeof format); + if (strlcat(format, "%", sizeof(format)) >= sizeof(format)) + errx(1, "-w word too long"); } else { /* * Allow conversion format specifiers of the form @@ -459,7 +458,10 @@ fmt_broken: else if (*p == '%' && *(p+1) == '%') p++; else if (*p == '%' && *(p+1) == '\0') { - strlcat(format, "%", sizeof format); + /* cannot end in single '%' */ + if (strlcat(format, "%", sizeof(format)) >= + sizeof(format)) + errx(1, "-w word too long"); break; } }