From patchwork Fri Nov 29 05:36:19 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Alan Modra <amodra@gmail.com>
X-Patchwork-Id: 102071
Return-Path: <binutils-bounces~patchwork=sourceware.org@sourceware.org>
X-Original-To: patchwork@sourceware.org
Delivered-To: patchwork@sourceware.org
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id 430743858D28
	for <patchwork@sourceware.org>; Fri, 29 Nov 2024 05:37:09 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 430743858D28
Authentication-Results: sourceware.org;
	dkim=pass (2048-bit key,
 unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256
 header.s=20230601 header.b=AZsr8I7S
X-Original-To: binutils@sourceware.org
Delivered-To: binutils@sourceware.org
Received: from mail-pl1-x62d.google.com (mail-pl1-x62d.google.com
 [IPv6:2607:f8b0:4864:20::62d])
 by sourceware.org (Postfix) with ESMTPS id B7F533858D20
 for <binutils@sourceware.org>; Fri, 29 Nov 2024 05:36:23 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org B7F533858D20
Authentication-Results: sourceware.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org B7F533858D20
Authentication-Results: server2.sourceware.org;
 arc=none smtp.remote-ip=2607:f8b0:4864:20::62d
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1732858583; cv=none;
 b=WNyTL5V9AArYJNlgo8tMImAG7SEsA97mI2iCk1epw69QQDfJgZ6BFhC1dVKEATUAUVQYTgS6S66sePeKVNhDpk0bapr4VMfmIoOBjv+b2/sbDp6UHb1jUT/n6/9TU6Rf0tUuk28vqZTzDIn5iRnT52ossb5BnHKfQn+yH69R6k0=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
 t=1732858583; c=relaxed/simple;
 bh=IV3x23qvhQvQAIy2oLlXMjMze4StLaEKi+ibqNoyJEM=;
 h=DKIM-Signature:Date:From:To:Subject:Message-ID:MIME-Version;
 b=pSHYMp3/J4mE1SdGU551xac7cjnkw2np5J0QOdwx4vlIokZ6UTbzEIpF7k1pJ6zed4FeXfdByQKj8iAwoJ8muMIUKMPdnq2x1ZzA456nSxf0HlfVjbUlud+a47FPKwA67HPYZ+RPwe8fNjy0ukFWRU0FTN8IzY/ki1XfX38Pr7o=
ARC-Authentication-Results: i=1; server2.sourceware.org
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org B7F533858D20
Received: by mail-pl1-x62d.google.com with SMTP id
 d9443c01a7336-212884028a3so9160975ad.0
 for <binutils@sourceware.org>; Thu, 28 Nov 2024 21:36:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1732858582; x=1733463382; darn=sourceware.org;
 h=content-disposition:mime-version:message-id:subject:to:from:date
 :from:to:cc:subject:date:message-id:reply-to;
 bh=JdJ+1f2wEZeQr0Ow6VOQ0UeMATcClMorgb8ouuXobXg=;
 b=AZsr8I7SdIjP0/jGspyvh5tUSSgMShv4ZPR9lGXHWiwN8c/x2uA+YoWXwCsk1IVd2I
 UQQrcJV0nfbjOLg2uHtFP0atkDHhnujOeALdaTM2yAX6kbmyh2K/tlRoW+PCP7KKPSEX
 IaCe5zXCvNt7PiCaoPpoDN6IRoqKi1tU7h4fkOuY0vxTPoJb1ouGf4ThYFgW7AqvCl24
 szwgQaF/YDREsm1VN8qfqWTzjDCTrbiNdiY5Fkt5V70IUWGdyUPyp2AAf3tCs0OsG59w
 VXg+xWl5bZYQGfzbBO14lj7fps4dJ6l5zW+h9DtaSV/Qkk1S2ILDcTHB36QqxXu3ZS5a
 cWMg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1732858582; x=1733463382;
 h=content-disposition:mime-version:message-id:subject:to:from:date
 :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
 bh=JdJ+1f2wEZeQr0Ow6VOQ0UeMATcClMorgb8ouuXobXg=;
 b=jhqT9dCElTKGozmhPJvIu2iLMtlOYt0GIBJNVzKKZ4h+hZ8YYxm2S/sl2eg+FB0fbz
 YzhBJlqY8Cl9LHI6n8AG2vULte6B0phXjc4U8RCgG/iIMvBccJDEzMD72c9NvICFL9pW
 ZsV3MhDjnEaORKNNLTL/ljFdLVGApMElRsPmmfQZcx367pQcyWfRc0nqPoCPOAM/ffiq
 QaOB+HVtN/AZaEgwa+1wD9r+dj33QOXNsOOwdLQDeGY6IYAqI0y+KXwXw3/OwTPjLwkE
 vfLs5qkRlfCkxCsKyHS3WXSo/DzgnmN31gMEotuKXJ/GwDK6c66cpNwpCHWZOW2bSbrb
 FtMA==
X-Gm-Message-State: AOJu0YystZlmvh8ZQFq/nDQHAabWxxqIJdBUPqENJZ1kqReg07kEJ//x
 MiQkiBOyFJXA95+8FDa2KSfLwUufMakGkDV+pFIdwhmeLiDUI1KNwMMLrw==
X-Gm-Gg: ASbGncsNqwxxRXDv/m7tp/xV20x9iFYy+H7uXwcrQb5eBW+YPY+A3/yv8JKH+ABDFfs
 uT+U9ARgXqI/R2/PYQfEHQ1neiZAnmQz1DRU6tSDaULH0Ca+4WQXX9bO9U8v7gD5MGULYjk17E5
 fC9bIiBSd9k2+L6RpJihJnz2bnQXAklrkFLbROQSam/au80PUA/0rVSL4Th4G+iv0bcK+Xmsf+Q
 7yH6+gImSGGbsPQR5QrSA6DHRLpLYHA+a9nmgGqhGzZAX0SYzPbqC5zX3VJyV/4neoXsi4CNkCh
 83bNENBF8qQ85Ek8oBTK
X-Google-Smtp-Source: 
 AGHT+IGa9rpjMlUqmrFcXZ/IONIWNloDCbtyGW5wv67hz41Gh0sUAiOKQH6aSxpn/gX23bqmDeUIvw==
X-Received: by 2002:a17:902:e809:b0:20c:62af:a0f0 with SMTP id
 d9443c01a7336-2151d3168f8mr89610005ad.7.1732858582377;
 Thu, 28 Nov 2024 21:36:22 -0800 (PST)
Received: from squeak.grove.modra.org (158.106.96.58.static.exetel.com.au.
 [58.96.106.158]) by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-725417fbfdesm2572027b3a.99.2024.11.28.21.36.21
 for <binutils@sourceware.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 28 Nov 2024 21:36:21 -0800 (PST)
Received: by squeak.grove.modra.org (Postfix, from userid 1000)
 id 56A7D11413EA; Fri, 29 Nov 2024 16:06:19 +1030 (ACDT)
Date: Fri, 29 Nov 2024 16:06:19 +1030
From: Alan Modra <amodra@gmail.com>
To: binutils@sourceware.org
Subject: PR32399, buffer overflow printing core_file_failing_command
Message-ID: <Z0lS0z7ElhTOZ_Q9@squeak.grove.modra.org>
MIME-Version: 1.0
Content-Disposition: inline
X-Spam-Status: No, score=-3033.0 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0,
 RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS,
 TXREP autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
 server2.sourceware.org
X-BeenThere: binutils@sourceware.org
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: Binutils mailing list <binutils.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/binutils>,
 <mailto:binutils-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/binutils/>
List-Post: <mailto:binutils@sourceware.org>
List-Help: <mailto:binutils-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/binutils>,
 <mailto:binutils-request@sourceware.org?subject=subscribe>
Errors-To: binutils-bounces~patchwork=sourceware.org@sourceware.org

Assorted targets do not check, as the ELF targets do, that the program
name in a core file is NUL terminated.  Fix some of them.  I haven't
attempted to fix all targets because editing host specific code can
easily result in build bugs, which aren't discovered until someone
build binutils for that host.  (Of the files edited here, I can't
easily compile hpux-core.c and osf-core.c on a linux system.)

	PR 32399
	* hppabsd-core.c (hppabsd_core_core_file_p): Ensure core_command
	string is terminated.
	* hpux-core.c (hpux_core_core_file_p): Likewise.
	* irix-core.c (irix_core_core_file_p): Likewise.
	* lynx-core.c (lynx_core_file_p): Likewise.
	* osf-core.c (osf_core_core_file_p): Likewise.
	* mach-o.c (bfd_mach_o_core_file_failing_command): Likewise.

diff --git a/bfd/hppabsd-core.c b/bfd/hppabsd-core.c
index ae5d1f8f1e5..1c24e641b3a 100644
--- a/bfd/hppabsd-core.c
+++ b/bfd/hppabsd-core.c
@@ -179,7 +179,8 @@ hppabsd_core_core_file_p (bfd *abfd)
     goto fail;
   core_regsec (abfd)->vma = 0;
 
-  strncpy (core_command (abfd), u.u_comm, MAXCOMLEN + 1);
+  strncpy (core_command (abfd), u.u_comm, MAXCOMLEN);
+  core_command (abfd)[MAXCOMLEN] = 0;
   core_signal (abfd) = u.u_code;
   return _bfd_no_cleanup;
 
diff --git a/bfd/hpux-core.c b/bfd/hpux-core.c
index 1e2ea926f02..18516e3a897 100644
--- a/bfd/hpux-core.c
+++ b/bfd/hpux-core.c
@@ -177,7 +177,8 @@ hpux_core_core_file_p (bfd *abfd)
 	    struct proc_exec proc_exec;
 	    if (bfd_read (&proc_exec, core_header.len, abfd) != core_header.len)
 	      break;
-	    strncpy (core_command (abfd), proc_exec.cmd, MAXCOMLEN + 1);
+	    strncpy (core_command (abfd), proc_exec.cmd, MAXCOMLEN);
+	    core_command (abfd)[MAXCOMLEN] = 0;
 	    good_sections++;
 	  }
 	  break;
diff --git a/bfd/irix-core.c b/bfd/irix-core.c
index 80cb82d0fa3..7a486841d35 100644
--- a/bfd/irix-core.c
+++ b/bfd/irix-core.c
@@ -203,7 +203,8 @@ irix_core_core_file_p (bfd *abfd)
   if (!core_hdr (abfd))
     return NULL;
 
-  strncpy (core_command (abfd), coreout.c_name, CORE_NAMESIZE);
+  strncpy (core_command (abfd), coreout.c_name, CORE_NAMESIZE - 1);
+  core_command (abfd)[CORE_NAMESIZE - 1] = 0;
   core_signal (abfd) = coreout.c_sigcause;
 
   if (bfd_seek (abfd, coreout.c_vmapoffset, SEEK_SET) != 0)
diff --git a/bfd/lynx-core.c b/bfd/lynx-core.c
index 44d94ad8745..7870dc62866 100644
--- a/bfd/lynx-core.c
+++ b/bfd/lynx-core.c
@@ -120,7 +120,8 @@ lynx_core_file_p (bfd *abfd)
   if (!core_hdr (abfd))
     return NULL;
 
-  strncpy (core_command (abfd), pss.pname, PNMLEN + 1);
+  strncpy (core_command (abfd), pss.pname, PNMLEN);
+  core_command (abfd)[PNMLEN] = 0;
 
   /* Compute the size of the thread contexts */
 
diff --git a/bfd/mach-o.c b/bfd/mach-o.c
index 974747caadd..037718fb22c 100644
--- a/bfd/mach-o.c
+++ b/bfd/mach-o.c
@@ -6019,9 +6019,9 @@ bfd_mach_o_core_file_failing_command (bfd *abfd)
   int ret;
 
   ret = bfd_mach_o_core_fetch_environment (abfd, &buf, &len);
-  if (ret < 0)
+  if (ret < 0 || len == 0)
     return NULL;
-
+  buf[len - 1] = 0;
   return (char *) buf;
 }
 
diff --git a/bfd/osf-core.c b/bfd/osf-core.c
index 55b127d48b3..6869dfa23ea 100644
--- a/bfd/osf-core.c
+++ b/bfd/osf-core.c
@@ -92,7 +92,8 @@ osf_core_core_file_p (bfd *abfd)
   if (!core_hdr (abfd))
     return NULL;
 
-  strncpy (core_command (abfd), core_header.name, MAXCOMLEN + 1);
+  strncpy (core_command (abfd), core_header.name, MAXCOMLEN);
+  core_command (abfd)[MAXCOMLEN] = 0;
   core_signal (abfd) = core_header.signo;
 
   for (i = 0; i < core_header.nscns; i++)