Building with GCC 7 produces an error building rpcgen:
rpc_parse.c: In function 'get_prog_declaration':
rpc_parse.c:543:25: error: may write a terminating nul past the end of the destination [-Werror=format-length=]
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
~~~~^
rpc_parse.c:543:5: note: format output between 5 and 14 bytes into a destination of size 10
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
That buffer overrun is for the case where the .x file declares a
program with a million arguments. The strcpy two lines above can
generate a buffer overrun much more simply for a long argument name.
The limit on length of line read by rpcgen (MAXLINESIZE == 1024)
provides a bound on the buffer size needed, so this patch just changes
the buffer size to MAXLINESIZE to avoid both possible buffer
overruns. A testcase is added that rpcgen does not crash with a
500-character argument name, where it previously crashed.
It would not at all surprise me if there are many other ways of
crashing rpcgen with either valid or invalid input; fuzz testing would
likely find various such bugs, though I don't think they are that
important to fix (rpcgen is not that likely to be used with untrusted
.x files as input). (As well as fuzz-findable bugs there are probably
also issues when various int variables get overflowed on very large
input.) The test infrastructure for rpcgen-not-crashing tests would
need extending if tests are to be added for cases where rpcgen should
produce an error, as opposed to cases where it should succeed.
Tested for x86_64 and x86.
[BZ #20790]
* sunrpc/rpc_parse.c (get_prog_declaration): Increase buffer size
to MAXLINESIZE.
* sunrpc/bug20790.x: New file.
* sunrpc/Makefile [$(run-built-tests) = yes] (rpcgen-tests): New
variable.
[$(run-built-tests) = yes] (tests-special): Add $(rpcgen-tests).
[$(run-built-tests) = yes] ($(rpcgen-tests)): New rule.
into a macro. Use preprocessor to decide how to initialize
attempts [Coverity CID 67].
* io/fts.c (fts_build): Comment out dead code [Coverity CID 68].
* sunrpc/rpc_parse.c (def_union): Comment out dead code
[Coverity CID 70].
* locale/programs/linereader.c (lr_token): Remove duplicate
handling of EOF [Coverity CID 71].
* locale/programs/ld-numeric.c (numeric_read) [case tok_grouping]:
We bail out early if ignore_content is set, so there is no need to
check it later again [Coverity CID 72].
* inet/inet6_option.c (inet6_option_find): Check *tptrp for NULL,
not tptrp [Coverity CID 73].
* inet/inet6_option.c (inet6_option_next): Check *tptrp for NULL,
not tptrp [Coverity CID 74].
* misc/tsearch.c (__tsearch): Don't rotate tree if memory
allocation failed [Coverity CID 78].
invalid length [Coverity CID 106].
* nss/nss_files/files-key.c (search): Close stream before
successful return [Coverity CID 107].
* io/fts.c (fts_open): Don't allocate parent if *argv==NULL
[Coverity CID 108].
* sunrpc/rpc_cout.c (inline_struct): Free sizestr after use
[Coverity CID 110, 109].
* sunrpc/rpc_scan.c (docppline): Free file string if it is not
going to be used [Coverity CID 111].
* sysdeps/unix/sysv/linux/getsourcefilter.c (getsourcefilter): Free
memory if socket level value cannot be retrieved [Coverity CID 112].
* nis/nis_clone_dir.c (nis_clone_directory): Free all memory in
error case [Coverity CID 114].
* nis/nis_clone_res.c (nis_clone_result): Free all memory in the
error cases [Coverity CID 115].
* sunrpc/rpc_parse.c (get_definition): Free defp if tok ==
TOK_EOF [Coverity CID 116].
* sysdeps/unix/sysv/linux/setsourcefilter.c (setsourcefilter): Free
memory if socket level value cannot be retrieved [Coverity CID 117].
* elf/cache.c (save_cache): Initialize pad to avoid writing
uninitialized data to disk.
* elf/cache.c (save_cache): Free file_entries_new [Coverity CID 118].
* intl/finddomain.c (_nl_find_domain): Avoid strdup of expand
locale name, use strdupa. Remove free call [Coverity CID 119].
* sunrpc/rpc_main.c (generate_guard): Avoid extra allocation and
the resulting leak [Coverity CID 121].
* sunrpc/rpc_main.c (mkfile_output): Free all allocated memory
[Coverity CID 122].
* sunrpc/rpc_main.c (h_output): Free guard after we are done
[Coverity CID 123].
* sunrpc/svc_udp.c (cache_set): Free victim if newbuf allocation
fails [Coverity CID 126].
* sunrpc/svc_udp.c (svcudp_enablecache): Free memory in error
cases [Coverity CID 127].
* nis/nis_table.c (__create_ib_request): Free ibreq in case strdup
fails [Coverity CID 128].
* nis/nis_getservlist.c (nis_getservlist): Free all memory in case
of an error [Coverity CID 130, 129].
* nis/nis_print_group_entry.c (nis_print_group_entry): If
nis_lookup call failed, return. Free lookup result in error
cases [Coverity CID 131].
* nis/nis_removemember.c (nis_removemember): Free all memory in
error cases [Coverity CID 132].
* nis/nss_nisplus/nisplus-alias.c (_nss_nisplus_getaliasbyname_r):
Always free lookup result [Coverity CID 134].
* nis/nss_nisplus/nisplus-ethers.c (_nss_nisplus_gethostton_r):
Always free lookup result [Coverity CID 135].
* nis/nss_nisplus/nisplus-ethers.c (_nss_nisplus_getntohost_r):
Always free lookup result [Coverity CID 136].
* nis/nss_nisplus/nisplus-network.c (_nss_nisplus_getnetbyaddr_r):
Before retrying, free old result [Coverity CID 137].
* nis/nss_nisplus/nisplus-publickey.c (_nss_nisplus_netname2user):
Free res in case UID is zero [Coverity CID 138].
* nis/ypclnt.c (yp_update): Always free master string
[Coverity CID 140].
* nis/nis_creategroup.c (nis_creategroup): Free all memory in
error cases [Coverity CID 143, 142, 141].
* nis/nss_nis/nis-publickey.c (_nss_nis_getpublickey): Free result
if yp_match call succeeded [Coverity CID 155].
* nis/nss_nis/nis-publickey.c (_nss_nis_getsecretkey): Free string
allocated in yp_match at all times [Coverity CID 157, 156].
* nscd/nscd.c (write_pid): Close stream also if writing failed
[Coverity CID 165].
* nis/nis_table.c (nis_add_entry): Move test for NULL parameter
ahead of first use [Coverity CID 167].
* nis/nss_nis/nis-alias.c (_nss_nis_getaliasbyname_r): Move test
for NULL parameter ahead of first use [Coverity CID 168].
* intl/finddomain.c (_nl_find_domain): We never return NULL if we
found the locale [Coverity CID 169].
* inet/getnameinfo.c (getnameinfo): __getservbyport_r does not set
herrno [Coverity CID 178].
* nis/nis_checkpoint.c (nis_checkpoint): Don't access and returned
freed object [Coverity CID 182].
Thu Oct 17 01:55:34 1996 Ulrich Drepper <drepper@cygnus.com>
* sunrpc/Makefile ($(objpfx)rpcsvc/%.h, $(objpfx)x%.c): Write
output to $@T and move to $@ later since the new rpcgen will not
overwrite existing files.
* po/Makefile (libc.pot): Fix typo.
Sun Oct 13 20:52:07 1996 Thorsten Kukuk <kukuk@weber.uni-paderborn.de>
Update rpcgen program to TI-rpc code.
* sunrpc/Makefile (rpcgen-objs): Add rpc_tblout.o and rpc_sample.o.
(distribute): Add proto.h.
* sunrpc/proto.h: New file. Prototypes for all the RPC functions.
* sunrpc/rpc_clntout.c: Change to allow generation of ISO C code.
* sunrpc/rpc_cout.c: Likewise.
* sunrpc/rpc_hout.c: Likewise.
* sunrpc/rpc_main.c: Likewise.
* sunrpc/rpc_parse.c: Likewise.
* sunrpc/rpc_parse.h: Likewise.
* sunrpc/rpc_scan.c: Likewise.
* sunrpc/rpc_scan.h: Likewise.
* sunrpc/rpc_svcout.c: Likewise.
* sunrpc/rpc_util.c: Likewise.
* sunrpc/rpc_util.h: Likewise.
* sunrpc/rpc_tblout.c: New file.
* sunrpc/rpc_sample.c: Likewise.
Thu Oct 17 00:26:20 1996 NIIBE Yutaka <gniibe@mri.co.jp>
* sysdeps/unix/opendir.c: Add semicolon for consistency.
Wed Oct 16 12:26:53 1996 Sven Verdoolaege <skimo@breughel.ufsia.ac.be>
* locale/progams/localedef.c (main): Test with -1 to find out
whether read failed.
Wed Oct 16 14:54:59 1996 Ulrich Drepper <drepper@cygnus.com>
* sysdeps/unix/sysv/linux/i386/clone.S: Use JUMPTARGET and
PSEUDO_END macro.
Tue Oct 15 21:27:42 1996 Andreas Schwab <schwab@issan.informatik.uni-dortmund.de>
* sysdeps/unix/sysv/linux/m68k/sigcontext.h: Removed.
Tue Oct 15 15:52:29 1996 Andreas Schwab <schwab@issan.informatik.uni-dortmund.de>
* sysdeps/unix/sysv/linux/m68k/clone.S: Add CALL_MCOUNT.
* sysdeps/unix/sysv/linux/m68k/mmap.S: Likewise.
* sysdeps/unix/sysv/linux/m68k/sigreturn.S: Likewise.
* sysdeps/unix/sysv/linux/m68k/socket.S: Likewise.
* sysdeps/unix/sysv/linux/m68k/sysdep.S (__errno_location):
Likewise.
* sysdeps/unix/sysv/linux/m68k/syscall.S: Likewise.
Correct generation of system call.
Tue Oct 15 15:13:16 1996 Andreas Schwab <schwab@issan.informatik.uni-dortmund.de>
* Makerules (sysd-Makefile): Fix command so that it works in the
subdirectories.
(BUILD_CFLAGS): Change back using $(..) instead of
$(common-objpfx), the latter fails in the toplevel directory when
$(objdir) is relative.
(common-objdir-compile): Run compiler in $(objdir).
* sysdeps/posix/Makefile (mk-stdiolim): Likewise.
Tue Oct 15 23:39:48 1996 Ulrich Drepper <drepper@cygnus.com>
* string/string.h [__USE_SVID]: Add prototype for swab.
* time/sys/time.h [__USE_BSD]: Add prototype for ualarm.
Reported by Andreas Jaeger.
The available nlist implementation is not generally usable.
Especially on the currently supported ELF systems the nlist
function comes with the libelf.
* misc/Makefile (headers): Remove nlist.h.
(routines): Remove nlist.
* Makefile ($(objpfx)version-info.h): Include information about
system the libc is built on in version-info.h file.
* po/Makefile (distribute): Add header.pot.
Tue Oct 15 16:34:15 1996 Andreas Jaeger <aj@arthur.pfalz.de>
* sysdeps/unix/sysv/linux/sleep.c: Include file with prototype.
* sysdeps/unix/sysv/linux/reboot.c: Likewise.
* misc/error.c: Likewise.
Tue Oct 15 22:41:27 1996 Ulrich Drepper <drepper@cygnus.com>
* sysdeps/unix/sysv/linux/syscalls.list: Add {get,set}resuid.
Tue Oct 15 08:06:02 1996 Andreas Jaeger <aj@arthur.pfalz.de>
* crypt/Makefiel (rpath-link): Extend search path to current directory.
Fri Oct 11 09:18:06 1996 Sven Verdoolaege <skimo@breughel.ufsia.ac.be>
* sysdeps/i386/i586/strlen.S: Correct handling of prolog for
aligning pointer.
Tue Oct 15 02:13:21 1996 Ulrich Drepper <drepper@cygnus.com>
* stdio-common/vfprintf.c: Don't declare __flockfile as weak.
* crypt/md5-crypt.c (md5_crypt_r): Add cast to prevent warning.
Sun Oct 13 19:16:10 1996 Andreas Schwab <schwab@issan.informatik.uni-dortmund.de>
* sysdeps/unix/sysv/linux/m68k/sysdep.h (POUND): Macro removed,
replaced by `&'.
(PSEUDO_END): Provide definition to use .size directive.
(PSEUDO): Don't interpret negative return values less than -128 as
syscall error.
* sysdeps/unix/sysv/linux/m68k/syscall.S (syscall): Likewise.
* sysdeps/m68k/bsd-_setjmp.S: Use PSEUDO_END macro to provide
.size directive.
* sysdeps/m68k/bsd-setjmp.S: Likewise.
* sysdeps/unix/sysv/linux/m68k/clone.S: Likewise.
* sysdeps/unix/sysv/linux/m68k/mmap.S: Likewise.
* sysdeps/unix/sysv/linux/m68k/sigreturn.S: Likewise.
* sysdeps/unix/sysv/linux/m68k/socket.S: Likewise.
* sysdeps/unix/sysv/linux/m68k/syscall.S: Likewise.
* sysdeps/unix/sysv/linux/m68k/sysdep.S: Use PSEUDO_END instead of
explicit .size directive.
* libio/iogets.c: Warn when gets is used.
cd * time/strptime.c: Recognize %s, %u, %g, and %G format.