[src/trunk]: src/usr.bin/make make: prevent out-of-bounds read for debug log ...

[rillig <rillig%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/d672308d81e7
branches:  trunk
changeset: 1029218:d672308d81e7
user:      rillig <rillig%NetBSD.org@localhost>
date:      Mon Dec 27 22:57:26 2021 +0000

description:
make: prevent out-of-bounds read for debug log file name

Even though the name of the debug log file currently only occurs in
strings of the form '-dFname' or '-dF+name', the code for replacing '%d'
with the PID accesses the passed string out of bounds.  That's not a
problem in practice but looks suspicious anyway.

diffstat:

 usr.bin/make/main.c |  8 ++++----
 1 files changed, 4 insertions(+), 4 deletions(-)

diffs (29 lines):

diff -r 2dd9be31ba4e -r d672308d81e7 usr.bin/make/main.c
--- a/usr.bin/make/main.c       Mon Dec 27 22:57:19 2021 +0000
+++ b/usr.bin/make/main.c       Mon Dec 27 22:57:26 2021 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: main.c,v 1.554 2021/12/27 22:22:48 rillig Exp $        */
+/*     $NetBSD: main.c,v 1.555 2021/12/27 22:57:26 rillig Exp $        */
 
 /*
  * Copyright (c) 1988, 1989, 1990, 1993
@@ -111,7 +111,7 @@
 #include "trace.h"
 
 /*     "@(#)main.c     8.3 (Berkeley) 3/19/94" */
-MAKE_RCSID("$NetBSD: main.c,v 1.554 2021/12/27 22:22:48 rillig Exp $");
+MAKE_RCSID("$NetBSD: main.c,v 1.555 2021/12/27 22:57:26 rillig Exp $");
 #if defined(MAKE_NATIVE) && !defined(lint)
 __COPYRIGHT("@(#) Copyright (c) 1988, 1989, 1990, 1993 "
            "The Regents of the University of California.  "
@@ -216,8 +216,8 @@
        fname = bmake_malloc(len + 20);
        memcpy(fname, arg, len + 1);
 
-       /* Let the filename be modified by the pid */
-       if (strcmp(fname + len - 3, ".%d") == 0)
+       /* Replace the trailing '%d' after '.%d' with the pid. */
+       if (len >= 3 && memcmp(fname + len - 3, ".%d", 3) == 0)
                snprintf(fname + len - 2, 20, "%d", getpid());
 
        opts.debug_file = fopen(fname, mode);