diff options
| author |   tobias <tobias@openbsd.org> | 2018-03-30 09:25:06 +0000 |
|---|---|---|
| committer | tobias <tobias@openbsd.org> | 2018-03-30 09:25:06 +0000 |
| commit | 373714ea8a88271019a6f79c34412980b9257151 (patch) | |
| tree | 73df6fbef128382c28111b55505ff076366acec9 /regress/usr.bin/cut | |
| parent | fix MALLOC_STATS; spotted by and ok semarie@ (diff) | |
| download | wireguard-openbsd-373714ea8a88271019a6f79c34412980b9257151.tar.xz wireguard-openbsd-373714ea8a88271019a6f79c34412980b9257151.zip | |
Fix overflow in list value parsing.
On 64 bit systems an integer overflow between strtol and int casting
could occur, resulting in out of boundary writes. Using strtonum fixes
this issue and leads to better error messages.
ok schwarze
Diffstat (limited to 'regress/usr.bin/cut')
| -rw-r--r-- | regress/usr.bin/cut/cut.sh | 94 |
1 files changed, 60 insertions, 34 deletions
diff --git a/regress/usr.bin/cut/cut.sh b/regress/usr.bin/cut/cut.sh index e9e6369847c..19d1b29174f 100644 --- a/regress/usr.bin/cut/cut.sh +++ b/regress/usr.bin/cut/cut.sh @@ -16,15 +16,26 @@ unset LC_ALL +: ${CUT=cut} + test_cut() { - args=`echo "$1"` - stdin=$2 - expected=`echo "$3"` + expected_retval=$1 + args=`echo "$2"` + stdin=$3 + expected=`echo "$4"` export LC_CTYPE=en_US.UTF-8 - result=`echo -n "$stdin" | cut $args` + result=`echo -n "$stdin" | $CUT $args 2>/dev/null` + retval=$? + if [ "$retval" -ne "${expected_retval}" ]; then + echo "echo -n \"$stdin\" | $CUT $args" + echo -n "$stdin" | hexdump -C + echo "expected return value: \"${expected_retval}\"" + echo "actual return value: \"$retval\"" + exit 1; + fi if [ "$result" != "${expected}" ]; then - echo "echo -n \"$stdin\" | cut $args" + echo "echo -n \"$stdin\" | $CUT $args" echo -n "$stdin" | hexdump -C echo "expected: \"$expected\"" echo -n "$expected" | hexdump -C @@ -33,13 +44,20 @@ test_cut() exit 1; fi - if [ -n "$4" ]; then - expected=`echo "$4"` + if [ -n "$5" ]; then + expected=`echo "$5"` fi export LC_CTYPE=C - result=`echo -n "$stdin" | cut $args` + result=`echo -n "$stdin" | $CUT $args 2>/dev/null` + if [ "$retval" -ne "${expected_retval}" ]; then + echo "echo -n \"$stdin\" | $CUT $args" + echo -n "$stdin" | hexdump -C + echo "expected return value: \"${expected_retval}\"" + echo "actual return value: \"$retval\"" + exit 1; + fi if [ "$result" != "${expected}" ]; then - echo "[C] echo -n \"$stdin\" | cut $args" + echo "[C] echo -n \"$stdin\" | $CUT $args" echo -n "$stdin" | hexdump -C echo "expected: \"$expected\"" echo -n "$expected" | hexdump -C @@ -50,41 +68,49 @@ test_cut() } # single byte characters -test_cut "-b 4,2" "abcde" "bd" -test_cut "-b 2-4" "abcde" "bcd" -test_cut "-b 4-,-2" "abcde" "abde" -test_cut "-nb 4,2" "abcde" "bd" -test_cut "-nb 2-4" "abcde" "bcd" -test_cut "-nb 4-,-2" "abcde" "abde" -test_cut "-c 4,2" "abcde" "bd" -test_cut "-c 2-4" "abcde" "bcd" -test_cut "-c 4-,-2" "abcde" "abde" +test_cut 0 "-b 4,2" "abcde" "bd" +test_cut 0 "-b 2-4" "abcde" "bcd" +test_cut 0 "-b 4-,-2" "abcde" "abde" +test_cut 0 "-nb 4,2" "abcde" "bd" +test_cut 0 "-nb 2-4" "abcde" "bcd" +test_cut 0 "-nb 4-,-2" "abcde" "abde" +test_cut 0 "-c 4,2" "abcde" "bd" +test_cut 0 "-c 2-4" "abcde" "bcd" +test_cut 0 "-c 4-,-2" "abcde" "abde" # multibyte characters -test_cut "-b 2-3" "ax\0314\0200b" "x\0314" -test_cut "-b 1,3" "ax\0314\0200b" "a\0314" -test_cut "-nb 2-3" "ax\0314\0200b" "x" "x\0314" -test_cut "-nb 1,3" "ax\0314\0200b" "a" "a\0314" -test_cut "-nb 2,4" "ax\0314\0200b" "x\0314\0200" "x\0200" -test_cut "-c 2-3" "ax\0314\0200b" "x\0314\0200" "x\0314" -test_cut "-c 1,3" "ax\0314\0200b" "a\0314\0200" "a\0314" +test_cut 0 "-b 2-3" "ax\0314\0200b" "x\0314" +test_cut 0 "-b 1,3" "ax\0314\0200b" "a\0314" +test_cut 0 "-nb 2-3" "ax\0314\0200b" "x" "x\0314" +test_cut 0 "-nb 1,3" "ax\0314\0200b" "a" "a\0314" +test_cut 0 "-nb 2,4" "ax\0314\0200b" "x\0314\0200" "x\0200" +test_cut 0 "-c 2-3" "ax\0314\0200b" "x\0314\0200" "x\0314" +test_cut 0 "-c 1,3" "ax\0314\0200b" "a\0314\0200" "a\0314" # double width multibyte characters -test_cut "-b -3" "a\0354\0277\0277b" "a\0354\0277" -test_cut "-nb 4-" "a\0354\0277\0277b" "\0354\0277\0277b" "\0277b" -test_cut "-c 2" "a\0354\0277\0277b" "\0354\0277\0277" "\0354" +test_cut 0 "-b -3" "a\0354\0277\0277b" "a\0354\0277" +test_cut 0 "-nb 4-" "a\0354\0277\0277b" "\0354\0277\0277b" "\0277b" +test_cut 0 "-c 2" "a\0354\0277\0277b" "\0354\0277\0277" "\0354" # invalid bytes -test_cut "-b -2" "a\0377\0277b" "a\0377" -test_cut "-b 3-" "a\0377\0277b" "\0277b" -test_cut "-nb 2-5" "\0303\0251\0377\0277\0303\0251" "\0303\0251\0377\0277" \ +test_cut 0 "-b -2" "a\0377\0277b" "a\0377" +test_cut 0 "-b 3-" "a\0377\0277b" "\0277b" +test_cut 0 "-nb 2-5" "\0303\0251\0377\0277\0303\0251" "\0303\0251\0377\0277" \ "\0251\0377\0277\0303" -test_cut "-c 4,1" "\0303\0251\0377\0277\0303\0250" "\0303\0251\0303\0250" \ +test_cut 0 "-c 4,1" "\0303\0251\0377\0277\0303\0250" "\0303\0251\0303\0250" \ "\0303\0277" # multibyte delimiter -test_cut "-d \0302\0267 -f 2" "a\0302\0267b\0302\0267c" "b" "\0267b" -test_cut "-d \0302\0267 -f 3,2" "a\0302\0267b\0302\0267c" "b\0302\0267c" \ +test_cut 0 "-d \0302\0267 -f 2" "a\0302\0267b\0302\0267c" "b" "\0267b" +test_cut 0 "-d \0302\0267 -f 3,2" "a\0302\0267b\0302\0267c" "b\0302\0267c" \ "\0267b\0302\0267c" +# invalid list values +test_cut 1 "-b 2,-,4" +test_cut 1 "-c 2,--,4" +test_cut 1 "-f 2,---,4" +test_cut 1 "-b 0-1" +test_cut 1 "-c 2147483648" +test_cut 1 "-f not,a-number" + exit 0 |