tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

rpcgen(1), issues with System XVI



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I was playing with System XVI [1] and I have found two bugs in rpcgen(1)
:
- - NULL pointer dereference in rpc_hout.c:pargdef(),
- - generating invalid symbol names for header guards.

The patches are attached to this mail.

OK to commit?

[1] https://github.com/ServiceManager/ServiceManager
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJV/pSLAAoJEEuzCOmwLnZs8NgQALgsYUrYHbpqg6kdGbPhOMc+
Gb3SFacpcYNaLZunEYr86T1UXXkYsqirq95R/iB/EJE69OJaBX5YOpOCGOUAQJNl
73Fd/eN1/iImBReXB3YmLcg3T9makP+dcAq7qSFdk+ssXyasQvS9K8poNUvhKrfh
FCNnmVHjCJXfQ+tlBLXK2Cxsszyj2ojnx/BhfmVT6dXWZFZtxlTh4fU1xZOWS0QZ
00njGPi20pprQpIOB4yxBtMGN1WY0uqunJd/fQKRzcc8Dwf7wtJsRe0gM4gxVOhI
n2d5AcEkpFaG+33MZH/1OzeWcBbuEkN/Ujj1Kmg57p4z/qeOVcPqTNgCOU2p3AIh
o3Bj9w/kuKOSRc6kbn9Nha0FZDZPXsqPI37VYbZ4KfBBOfm2f28bP0kuek++2gmz
IBKZhW8IDveBgXsqLFIWg7n1Ce52DPqvrDiy59YKA62DUTwQxdzxO7QIKtuMQ0YL
b4VgPUd4PAHGqs1heRRHgYjciKUyE3zIDwP6wFF1gdQ6hLDE2SiEP1pWERdpmjh4
nqWHxsmC2/RtvzGQZuqvOgAG4PMWc326JGUUoVt3I8O0J0gs3eEGHj7rN2eQbMgp
uSOa5yv6wEWnS6+OCnY4j8qtaBfE9SfvgpnHXlvw+upZsnzVhx3YZ1/BiIuDtqqY
cfmhEg65d3nrpniQkLsj
=lpm0
-----END PGP SIGNATURE-----
Index: rpc_hout.c
===================================================================
RCS file: /cvsroot/src/usr.bin/rpcgen/rpc_hout.c,v
retrieving revision 1.23
diff -u -r1.23 rpc_hout.c
--- rpc_hout.c	9 May 2015 23:12:57 -0000	1.23
+++ rpc_hout.c	20 Sep 2015 11:12:46 -0000
@@ -193,10 +193,11 @@
 	}
 	did = 0;
 	for (vers = def->def.pr.versions; vers != NULL; vers = vers->next) {
-		if (!newstyle || plist->arg_num < 2) {
-			continue;	/* old style or single args */
-		}
 		for (plist = vers->procs; plist != NULL; plist = plist->next) {
+			if (!newstyle || plist->arg_num < 2) {
+				continue;	/* old style or single args */
+			}
+
 			if (!did) {
 				cplusplusstart();
 				did = 1;
Index: rpc_main.c
===================================================================
RCS file: /cvsroot/src/usr.bin/rpcgen/rpc_main.c,v
retrieving revision 1.42
diff -u -r1.42 rpc_main.c
--- rpc_main.c	9 May 2015 23:12:57 -0000	1.42
+++ rpc_main.c	20 Sep 2015 11:12:07 -0000
@@ -495,21 +495,56 @@
 generate_guard(const char *pathname)
 {
 	const char *filename;
-	char *guard, *tmp, *tmp2;
+	char *guard, *tmp, *tmp2, *extdot;
 
 	filename = strrchr(pathname, '/');	/* find last component */
 	filename = ((filename == 0) ? pathname : filename + 1);
 	guard = strdup(filename);
-	/* convert to upper case */
-	tmp = guard;
-	while (*tmp) {
-		*tmp = toupper((unsigned char)*tmp);
-		tmp++;
+	if (guard == NULL) {
+		errx(1, "Out of memory");
 	}
+	extdot = strrchr(guard, '.');
 
+	/*
+	 * Convert to valid C symbol name and make it upper case.
+	 * Map non alphanumerical characters to '_'.
+	 *
+	 * Leave extension dot as it is. It will be handled in extendfile().
+	 */
+	for (tmp = guard; *tmp; tmp++) {
+		if (islower((unsigned char)*tmp))
+			*tmp = toupper((unsigned char)*tmp);
+		else if (isupper((unsigned char)*tmp))
+			continue;
+		else if (isdigit((unsigned char)*tmp))
+			continue;
+		else if (*tmp == '_')
+			continue;
+		else if (tmp == extdot)
+			continue;
+		else
+			*tmp = '_';
+	}
+
+	/*
+	 * Can't have a '_' or '.' at the front of a symbol name, beacuse it
+	 * will end up as "__".
+	 *
+	 * Prefix it with "RPCGEN_".
+	 */
+	if (guard[0] == '_' || guard[0] == '.') {
+		if (asprintf(&tmp2, "RPCGEN_%s", guard) == -1) {
+			errx(1, "Out of memory");
+		}
+		free(guard);
+		guard = tmp2;
+	}
+
+	/* Replace the file extension */
 	tmp2 = extendfile(guard, "_H_RPCGEN");
 	free(guard);
 	guard = tmp2;
+
 	return (guard);
 }
 


Home | Main Index | Thread Index | Old Index