From: florian <florian@openbsd.org>
Date: Sat, 18 Dec 2021 10:34:19 +0000 (+0000)
Subject: Make sure we receive what we expect over imsg.
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=159ce6f47fcc91337d08d542439ca72e66e6b411;p=openbsd

Make sure we receive what we expect over imsg.

Instead of repairing potential garbage ensure that we receive proper C
strings. Inspired by a similar diff by deraadt@ for ldapd.
---

diff --git a/sbin/dhcpleased/engine.c b/sbin/dhcpleased/engine.c
index 39eca76924e..13bea5b89fd 100644
--- a/sbin/dhcpleased/engine.c
+++ b/sbin/dhcpleased/engine.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: engine.c,v 1.33 2021/12/13 16:12:10 florian Exp $	*/
+/*	$OpenBSD: engine.c,v 1.34 2021/12/18 10:34:19 florian Exp $	*/
 
 /*
  * Copyright (c) 2017, 2021 Florian Obser <florian@openbsd.org>
@@ -452,6 +452,8 @@ engine_dispatch_main(int fd, short event, void *bula)
 				fatalx("%s: IMSG_UPDATE_IF wrong length: %lu",
 				    __func__, IMSG_DATA_SIZE(imsg));
 			memcpy(&imsg_ifinfo, imsg.data, sizeof(imsg_ifinfo));
+			if (imsg_ifinfo.lease[LEASE_SIZE - 1] != '\0')
+				fatalx("Invalid lease");
 			engine_update_iface(&imsg_ifinfo);
 			break;
 #ifndef SMALL
@@ -1742,9 +1744,6 @@ parse_lease(struct dhcpleased_iface *iface, struct imsg_ifinfo *imsg_ifinfo)
 {
 	char	*p, *p1;
 
-	/* make sure this is a string */
-	imsg_ifinfo->lease[sizeof(imsg_ifinfo->lease) - 1] = '\0';
-
 	iface->requested_ip.s_addr = INADDR_ANY;
 
 	if ((p = strstr(imsg_ifinfo->lease, LEASE_IP_PREFIX)) == NULL)
diff --git a/sbin/unwind/resolver.c b/sbin/unwind/resolver.c
index 24d1054a468..79e7b9bde91 100644
--- a/sbin/unwind/resolver.c
+++ b/sbin/unwind/resolver.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: resolver.c,v 1.153 2021/11/16 16:45:23 kn Exp $	*/
+/*	$OpenBSD: resolver.c,v 1.154 2021/12/18 10:34:19 florian Exp $	*/
 
 
 /*
@@ -535,8 +535,9 @@ resolver_dispatch_frontend(int fd, short event, void *bula)
 			show_mem(imsg.hdr.pid);
 			break;
 		case IMSG_NEW_TA:
-			/* make sure this is a string */
-			((char *)imsg.data)[IMSG_DATA_SIZE(imsg) - 1] = '\0';
+			if (((char *)imsg.data)[IMSG_DATA_SIZE(imsg) - 1] !=
+			    '\0')
+				fatalx("Invalid trust anchor");
 			ta = imsg.data;
 			add_new_ta(&new_trust_anchors, ta);
 			break;
diff --git a/sbin/unwind/unwind.c b/sbin/unwind/unwind.c
index adea414b2df..3a407c97f77 100644
--- a/sbin/unwind/unwind.c
+++ b/sbin/unwind/unwind.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: unwind.c,v 1.66 2021/10/22 15:11:51 florian Exp $	*/
+/*	$OpenBSD: unwind.c,v 1.67 2021/12/18 10:34:19 florian Exp $	*/
 
 /*
  * Copyright (c) 2018 Florian Obser <florian@openbsd.org>
@@ -897,8 +897,8 @@ imsg_receive_config(struct imsg *imsg, struct uw_conf **xconf)
 		RB_INIT(&nconf->force);
 		break;
 	case IMSG_RECONF_BLOCKLIST_FILE:
-		/* make sure this is a string */
-		((char *)imsg->data)[IMSG_DATA_SIZE(*imsg) - 1] = '\0';
+		if (((char *)imsg->data)[IMSG_DATA_SIZE(*imsg) - 1] != '\0')
+			fatalx("Invalid blocklist file");
 		if ((nconf->blocklist_file = strdup(imsg->data)) ==
 		    NULL)
 			fatal("%s: strdup", __func__);