plumber: fail on buffer exhaustion or runaway quotes in string expansion

2025-01-12 11:10:07 +00:00 · 2022-08-16 20:25:27 +08:00 · 2022-08-16 20:25:27 +08:00 · e4b913866b
commit e4b913866b
parent a4af25bc0d
1 changed files with 25 additions and 11 deletions
--- a/src/cmd/plumb/rules.c
+++ b/src/cmd/plumb/rules.c
@ -289,22 +289,35 @@ dollar(Exec *e, char *s, int *namelen)
 	return variable(s, n);
 }
 static void
 ruleerror(char *msg)
 {
 	if(parsing){
 		parsing = 0;
 		parseerror("%s", msg);
 	}
 	error("%s", msg);
 }
 /* expand one blank-terminated string, processing quotes and $ signs */
 char*
 expand(Exec *e, char *s, char **ends)
 {
 	char *p, *ep, *val;
-	int namelen, quoting;
+	int namelen, vallen, quoting, inputleft;
 	p = ebuf;
 	ep = ebuf+sizeof ebuf-1;
 	quoting = 0;
-	while(p<ep && *s!='\0' && (quoting || (*s!=' ' && *s!='\t'))){
+	for(;;){
 		inputleft = (*s!='\0' && (quoting || (*s!=' ' && *s!='\t')));
 		if(!inputleft || p==ep)
 			break;
 		if(*s == '\''){
 			s++;
 			if(!quoting)
 				quoting = 1;
-			else  if(*s == '\''){
+			else if(*s == '\''){
 				*p++ = '\'';
 				s++;
 			}else
@ -321,12 +334,17 @@ expand(Exec *e, char *s, char **ends)
 			*p++ = '$';
 			continue;
 		}
-		if(ep-p < strlen(val))
+		vallen = strlen(val);
-			return "string-too-long";
+		if(ep-p < vallen)
 			break;
 		strcpy(p, val);
-		p += strlen(val);
+		p += vallen;
 		s += namelen;
 	}
 	if(inputleft)
 		ruleerror("expanded string too long");
 	else if(quoting)
 		ruleerror("runaway quoted string literal");
 	if(ends)
 		*ends = s;
 	*p = '\0';
@ -336,11 +354,7 @@ expand(Exec *e, char *s, char **ends)
 void
 regerror(char *msg)
 {
-	if(parsing){
+	ruleerror(msg);
 		parsing = 0;
 		parseerror("%s", msg);
 	}
 	error("%s", msg);
 }
 void