Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 10 Dec 2018 21:47:19 +0000 (UTC)
From:      John Baldwin <jhb@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r341802 - head/usr.bin/truss
Message-ID:  <201812102147.wBALlJHg085283@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: jhb
Date: Mon Dec 10 21:47:19 2018
New Revision: 341802
URL: https://svnweb.freebsd.org/changeset/base/341802

Log:
  Validate the string size parameter passed to -s.
  
  Use strtonum() to reject negative sizes instead of core dumping.
  
  PR:		232206
  Submitted by:	David Carlier <devnexen@gmail.com>
  MFC after:	2 weeks
  Differential Revision:	https://reviews.freebsd.org/D17537

Modified:
  head/usr.bin/truss/main.c

Modified: head/usr.bin/truss/main.c
==============================================================================
--- head/usr.bin/truss/main.c	Mon Dec 10 21:33:01 2018	(r341801)
+++ head/usr.bin/truss/main.c	Mon Dec 10 21:47:19 2018	(r341802)
@@ -71,6 +71,7 @@ main(int ac, char **av)
 	struct trussinfo *trussinfo;
 	char *fname;
 	char **command;
+	const char *errstr;
 	pid_t pid;
 	int c;
 
@@ -118,7 +119,9 @@ main(int ac, char **av)
 			fname = optarg;
 			break;
 		case 's':	/* Specified string size */
-			trussinfo->strsize = atoi(optarg);
+			trussinfo->strsize = strtonum(optarg, 0, INT_MAX, &errstr);
+			if (errstr)
+				errx(1, "maximum string size is %s: %s", errstr, optarg);
 			break;
 		case 'S':	/* Don't trace signals */
 			trussinfo->flags |= NOSIGS;

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201812102147.wBALlJHg085283>