Modify behaviour of `xargs -I` in order to:

1. Conform to IEEE Std 1003.1-2004, which state that "Constructed
arguments cannot grow larger than 255 bytes", and
2. Avoid a buffer overflow.

Unfortunately the standard doesn't indicate how xargs is supposed to
handle arguments which (with the appropriate substitutions) would grow
larger than 255 bytes; this solution handles those by making as many
substitutions as possible without overflowing the buffer.

OpenBSD's xargs resolves this in a different direction, by making
all the substitutions and then silently truncating the resulting string.

Since this change may break existing scripts which rely upon the buffer
overflow (255 bytes isn't really all that long...) it will not be MFCed.

1 files changed, 2 insertions, 2 deletions

diff --git a/usr.bin/xargs/strnsubst.c b/usr.bin/xargs/strnsubst.c
index fc00ea0..82868ff 100644
--- a/usr.bin/xargs/strnsubst.c
+++ b/usr.bin/xargs/strnsubst.c
@@ -52,8 +52,8 @@ strnsubst(char **str, const char *match, const char *replstr, size_t maxsize)
 		this = strstr(s1, match);
 		if (this == NULL)
 			break;
-		if ((strlen(s2) + ((uintptr_t)this - (uintptr_t)s1) +
-		    (strlen(replstr) - 1)) > maxsize && *replstr != '\0') {
+		if ((strlen(s2) + strlen(s1) + strlen(replstr) -
+		    strlen(match) + 1) > maxsize) {
 			strlcat(s2, s1, maxsize);
 			goto done;
 		}