- fix buffer size checks

- define PKG_PATTEN_MAX and PKG_SUFFIX_MAX and
  use them instead of constants like 255.
- add asserts and buffer size checks.

usr.sbin/pkg_install/lib/file.c

@@ -1,11 +1,11 @@
-/*	$NetBSD: file.c,v 1.48 2001/09/26 13:48:28 hubertf Exp $	*/
+/*	$NetBSD: file.c,v 1.49 2002/06/09 03:50:13 yamt Exp $	*/
 
 #include <sys/cdefs.h>
 #ifndef lint
 #if 0
 static const char *rcsid = "from FreeBSD Id: file.c,v 1.29 1997/10/08 07:47:54 charnier Exp";
 #else
-__RCSID("$NetBSD: file.c,v 1.48 2001/09/26 13:48:28 hubertf Exp $");
+__RCSID("$NetBSD: file.c,v 1.49 2002/06/09 03:50:13 yamt Exp $");
 #endif
 #endif
 
@@ -180,13 +180,15 @@ fileURLHost(char *fname, char *where, int max)
 	char   *ret;
 	int     i;
 
+	assert(max > 0);
+
 	if ((i = URLlength(fname)) < 0) {	/* invalid URL? */
 		errx(1, "fileURLhost called with a bad URL: `%s'", fname);
 	}
 	fname += i;
 	/* Do we have a place to stick our work? */
 	if ((ret = where) != NULL) {
-		while (*fname && *fname != '/' && max--)
+		while (*fname && *fname != '/' && --max)
 			*where++ = *fname++;
 		*where = '\0';
 		return ret;
@@ -208,6 +210,8 @@ fileURLFilename(char *fname, char *where, int max)
 	char   *ret;
 	int     i;
 
+	assert(max > 0);
+
 	if ((i = URLlength(fname)) < 0) {	/* invalid URL? */
 		errx(1, "fileURLFilename called with a bad URL: `%s'", fname);
 	}
@@ -217,7 +221,7 @@ fileURLFilename(char *fname, char *where, int max)
 		while (*fname && *fname != '/')
 			++fname;
 		if (*fname == '/') {
-			while (*fname && max--)
+			while (*fname && --max)
 				*where++ = *fname++;
 		}
 		*where = '\0';

usr.sbin/pkg_install/lib/lib.h

@@ -1,4 +1,4 @@
-/* $NetBSD: lib.h,v 1.38 2002/05/10 13:17:57 agc Exp $ */
+/* $NetBSD: lib.h,v 1.39 2002/06/09 03:50:13 yamt Exp $ */
 
 /* from FreeBSD Id: lib.h,v 1.25 1997/10/08 07:48:03 charnier Exp */
 
@@ -94,6 +94,9 @@
 /* The name of the "prefix" environment variable given to scripts */
 #define PKG_PREFIX_VNAME	"PKG_PREFIX"
 
+#define	PKG_PATTERN_MAX	FILENAME_MAX	/* max length of pattern, including nul */
+#define	PKG_SUFFIX_MAX	10	/* max length of suffix, including nul */
+
 /* This should only happen on 1.3 and 1.3.1, not 1.3.2 and up */
 #ifndef TAILQ_FIRST
 #define TAILQ_FIRST(head)               ((head)->tqh_first)

usr.sbin/pkg_install/lib/str.c

@@ -1,11 +1,11 @@
-/*	$NetBSD: str.c,v 1.33 2002/02/02 15:30:18 yamt Exp $	*/
+/*	$NetBSD: str.c,v 1.34 2002/06/09 03:50:13 yamt Exp $	*/
 
 #include <sys/cdefs.h>
 #ifndef lint
 #if 0
 static const char *rcsid = "Id: str.c,v 1.5 1997/10/08 07:48:21 charnier Exp";
 #else
-__RCSID("$NetBSD: str.c,v 1.33 2002/02/02 15:30:18 yamt Exp $");
+__RCSID("$NetBSD: str.c,v 1.34 2002/06/09 03:50:13 yamt Exp $");
 #endif
 #endif
 
@@ -424,10 +424,13 @@ int
 findmatchingname(const char *dir, const char *pattern, matchfn match, char *data)
 {
 	struct dirent *dp;
-	char tmp_pattern[256];
+	char tmp_pattern[PKG_PATTERN_MAX];
 	DIR    *dirp;
 	int     found;
-	char pat_sfx[256], file_sfx[256];	/* suffixes */
+	char pat_sfx[PKG_SUFFIX_MAX], file_sfx[PKG_SUFFIX_MAX];	/* suffixes */
+
+	if (strlen(pattern) >= PKG_PATTERN_MAX)
+		errx(1, "too long pattern '%s'", pattern);
 
 	found = 0;
 	if ((dirp = opendir(dir)) == (DIR *) NULL) {
@@ -486,8 +489,8 @@ int
 findbestmatchingname_fn(const char *found, char *best)
 {
 	char *found_version, *best_version;
-	char found_no_sfx[255];
-	char best_no_sfx[255];
+	char found_no_sfx[PKG_PATTERN_MAX];
+	char best_no_sfx[PKG_PATTERN_MAX];
 
 	/* The same suffix-hack-off again, but we can't do it
 	 * otherwise without changing the function call interface
@@ -573,6 +576,8 @@ strip_txz(char *buf, char *sfx, const char *fname)
 {
 	char *s;
 
+	assert(strlen(fname) < PKG_PATTERN_MAX);
+
 	strcpy(buf, fname);
 	if (sfx) sfx[0] = '\0';
 	
@@ -591,6 +596,11 @@ strip_txz(char *buf, char *sfx, const char *fname)
 	s = strstr(buf, ".t[bg]z");
 	if (s) {
 		*s = '\0'; 		/* strip off any ".t[bg]z" */
-		if (sfx) strcpy(sfx, s - buf + fname);
+		if (sfx) {
+			const char *p = s - buf + fname;
+			if (strlen(p) >= PKG_SUFFIX_MAX)
+				errx(1, "too long suffix '%s'", fname);
+			strcpy(sfx, p);
+		}
 	}
 }