rgbasm: Fix TOCTOU and reduce buffering.

2025-11-20 10:12:06 +00:00 · 2014-09-24 00:23:40 -06:00
parent 056109652d
commit 45b6872e2a
8 changed files with 282 additions and 156 deletions
--- a/src/asm/fstack.c
+++ b/src/asm/fstack.c
@@ -5,10 +5,19 @@
 *
 */

+#include <errno.h>
+#include <limits.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>

+#ifndef STRL_IN_LIBC
+#define strlcpy rgbds_strlcpy
+#define strlcat rgbds_strlcat
+size_t strlcpy(char *, const char *, size_t);
+size_t strlcat(char *, const char *, size_t);
+#endif
+
 #include "asm/symbol.h"
 #include "asm/fstack.h"
 #include "asm/types.h"
@@ -195,28 +204,33 @@ fstk_AddIncludePath(char *s)
 	strcpy(IncludePaths[NextIncPath++], s);
 }

-void 
-fstk_FindFile(char *s)
+FILE *
+fstk_FindFile(char *fname)
 {
-	char t[_MAX_PATH + 1];
-	SLONG i = -1;
+	char path[PATH_MAX];
+	int i;
+	FILE *f;

-	strcpy(t, s);
+	if ((f = fopen(fname, "rb")) != NULL || errno != ENOENT) {
+		return f;
+	}

-	while (i < NextIncPath) {
-		FILE *f;
-
-		if ((f = fopen(t, "rb")) != NULL) {
-			fclose(f);
-			strcpy(s, t);
-			return;
+	for (i = 0; i < NextIncPath; ++i) {
+		if (strlcpy(path, IncludePaths[i], sizeof path) >= 
+		    sizeof path) {
+			continue;
 		}
-		i += 1;
-		if (i < NextIncPath) {
-			strcpy(t, IncludePaths[i]);
-			strcat(t, s);
+		if (strlcat(path, fname, sizeof path) >= sizeof path) {
+			continue;
+		}
+
+		if ((f = fopen(path, "rb")) != NULL || errno != ENOENT) {
+			return f;
 		}
 	}
+
+	errno = ENOENT;
+	return NULL;
 }
 /*
 * RGBAsm - FSTACK.C (FileStack routines)
@@ -225,33 +239,32 @@ fstk_FindFile(char *s)
 *
 */

-ULONG 
+void
 fstk_RunInclude(char *tzFileName)
 {
 	FILE *f;

-	//printf("INCLUDE: %s\n", s);
+	f = fstk_FindFile(tzFileName);

-	fstk_FindFile(tzFileName);
-	//printf("INCLUDING: %s\n", tzFileName);
+	if (f == NULL) {
+		fprintf(stderr, "Unable to open included file '%s': ",
+		    tzFileName);
+		perror(NULL);
+		exit(1);
+	}

-	if ((f = fopen(tzFileName, "r")) != NULL) {
-		pushcontext();
-		nLineNo = 1;
-		nCurrentStatus = STAT_isInclude;
-		strcpy(tzCurrentFileName, tzFileName);
-		pCurrentFile = f;
-		CurrentFlexHandle = yy_create_buffer(pCurrentFile);
-		yy_switch_to_buffer(CurrentFlexHandle);
+	pushcontext();
+	nLineNo = 1;
+	nCurrentStatus = STAT_isInclude;
+	strcpy(tzCurrentFileName, tzFileName);
+	pCurrentFile = f;
+	CurrentFlexHandle = yy_create_buffer(pCurrentFile);
+	yy_switch_to_buffer(CurrentFlexHandle);

-		//Dirty hack to give the INCLUDE directive a linefeed
+	//Dirty hack to give the INCLUDE directive a linefeed

-		    yyunput('\n');
-		nLineNo -= 1;
-
-		return (1);
-	} else
-		return (0);
+	yyunput('\n');
+	nLineNo -= 1;
 }
 /*
 * RGBAsm - FSTACK.C (FileStack routines)
@@ -360,7 +373,7 @@ fstk_RunRept(ULONG count)
 *
 */

-ULONG 
+void
 fstk_Init(char *s)
 {
 	char tzFileName[_MAX_PATH + 1];
@@ -368,17 +381,19 @@ fstk_Init(char *s)
 	sym_AddString("__FILE__", s);

 	strcpy(tzFileName, s);
-	fstk_FindFile(tzFileName);
-
 	pFileStack = NULL;
-	if ((pCurrentFile = fopen(tzFileName, "r")) != NULL) {
-		nMacroCount = 0;
-		nCurrentStatus = STAT_isInclude;
-		strcpy(tzCurrentFileName, tzFileName);
-		CurrentFlexHandle = yy_create_buffer(pCurrentFile);
-		yy_switch_to_buffer(CurrentFlexHandle);
-		nLineNo = 1;
-		return (1);
-	} else
-		return (0);
+	pCurrentFile = fopen(tzFileName, "rb");
+	if (pCurrentFile == NULL) {
+		fprintf(stderr, "Unable to open file '%s': ",
+		    tzFileName);
+		perror(NULL);
+		exit(1);
+	}
+
+	nMacroCount = 0;
+	nCurrentStatus = STAT_isInclude;
+	strcpy(tzCurrentFileName, tzFileName);
+	CurrentFlexHandle = yy_create_buffer(pCurrentFile);
+	yy_switch_to_buffer(CurrentFlexHandle);
+	nLineNo = 1;
 }