Promote nrules/maxrules to size_t and make sure they can't overflow. reallocarray(3) will fail if nmemb * size would overflow. OK tb@ martijn@

2021-01-27 17:02:50 +00:00 · 2021-01-27 17:02:50 +00:00 · 2d7431ca9e
parent e8e8713b26
commit 2d7431ca9e
3 changed files with 10 additions and 10 deletions
--- a/doas.c
+++ b/doas.c
@ -139,7 +139,7 @@ static int
 permit(uid_t uid, gid_t *groups, int ngroups, const struct rule **lastr,
    uid_t target, const char *cmd, const char **cmdargs)
 {
-	int i;
+	size_t i;

 	*lastr = NULL;
 	for (i = 0; i < nrules; i++) {
--- a/doas.h
+++ b/doas.h
@ -26,7 +26,7 @@ struct rule {
 };

 extern struct rule **rules;
-extern int nrules;
+extern size_t nrules;
 extern int parse_errors;

 extern const char *formerpath;
--- a/parse.y
+++ b/parse.y
@ -52,8 +52,8 @@ typedef struct {
 FILE *yyfp;

 struct rule **rules;
-int nrules;
-static int maxrules;
+size_t nrules;
+static size_t maxrules;

 int parse_errors = 0;

@ -100,12 +100,12 @@ rule:		action ident target cmd {
 			r->cmdargs = $4.cmdargs;
 			if (nrules == maxrules) {
 				if (maxrules == 0)
-					maxrules = 63;
-				else
-					maxrules *= 2;
-				if (!(rules = reallocarray(rules, maxrules,
-				    sizeof(*rules))))
+					maxrules = 32;
+				rules = reallocarray(rules, maxrules,
+				    2 * sizeof(*rules));
+				if (!rules)
 					errx(1, "can't allocate rules");
+				maxrules *= 2;
 			}
 			rules[nrules++] = r;
 		} ;
@ -228,6 +228,7 @@ yylex(void)
 {
 	char buf[1024], *ebuf, *p, *str;
 	int c, quotes = 0, escape = 0, qpos = -1, nonkw = 0;
+	size_t i;

 	p = buf;
 	ebuf = buf + sizeof(buf);
@ -334,7 +335,6 @@ eow:
 			goto repeat;
 	}
 	if (!nonkw) {
-		size_t i;
 		for (i = 0; i < sizeof(keywords) / sizeof(keywords[0]); i++) {
 			if (strcmp(buf, keywords[i].word) == 0)
 				return keywords[i].token;