Fix buffer overflows in filenames. If you had a path > 80 characters

for your /usr/obj/path/to/my/files path to the kernel, then weird
things happened.  make buildkernel would fail because config was
dumping core or generating bad file names (depending on the lenght of
the path).

While I was here, also use strlcpy, strlcat and snprintf (or asprintf)
as necessary.  Minor format policing for the snprintf calls as well.

4 files changed, 31 insertions, 28 deletions

diff --git a/usr.sbin/config/main.c b/usr.sbin/config/main.c
index d803325..638ac90 100644
--- a/usr.sbin/config/main.c
+++ b/usr.sbin/config/main.c
@@ -96,7 +96,7 @@ main(int argc, char **argv)
 		switch (ch) {
 		case 'd':
 			if (*destdir == '\0')
-				strcpy(destdir, optarg);
+				strlcpy(destdir, optarg, sizeof(destdir));
 			else
 				errx(2, "directory already set");
 			break;
@@ -133,8 +133,8 @@ main(int argc, char **argv)
 			destdir[--len] = '\0';
 		get_srcdir();
 	} else {
-		strcpy(destdir, CDIR);
-		strcat(destdir, PREFIX);
+		strlcpy(destdir, CDIR, sizeof(destdir));
+		strlcat(destdir, PREFIX, sizeof(destdir));
 	}
 
 	p = path((char *)NULL);
@@ -181,7 +181,7 @@ main(int argc, char **argv)
 	 * and similarly for "machine".
 	 */
 	{
-	char xxx[80];
+	char xxx[MAXPATHLEN];
 	if (*srcdir == '\0')
 		(void)snprintf(xxx, sizeof(xxx), "../../%s/include",
 		    machinename);
@@ -343,14 +343,12 @@ begin:
 char *
 path(char *file)
 {
-	char *cp;
+	char *cp = NULL;
 
-	cp = malloc((size_t)(strlen(destdir) + (file ? strlen(file) : 0) + 2));
-	(void) strcpy(cp, destdir);
-	if (file) {
-		(void) strcat(cp, "/");
-		(void) strcat(cp, file);
-	}
+	if (file)
+		asprintf(&cp, "%s/%s", destdir, file);
+	else
+		cp = strdup(destdir);
 	return (cp);
 }
 
diff --git a/usr.sbin/config/mkheaders.c b/usr.sbin/config/mkheaders.c
index c2d477d..7210491 100644
--- a/usr.sbin/config/mkheaders.c
+++ b/usr.sbin/config/mkheaders.c
@@ -47,6 +47,7 @@ static const char rcsid[] =
 #include <err.h>
 #include <stdio.h>
 #include <string.h>
+#include <sys/param.h>
 #include "config.h"
 #include "y.tab.h"
 
@@ -189,10 +190,9 @@ do_header(char *dev, int count)
 static char *
 toheader(char *dev)
 {
-	static char hbuf[80];
+	static char hbuf[MAXPATHLEN];
 
-	(void) strcpy(hbuf, path(dev));
-	(void) strcat(hbuf, ".h");
+	snprintf(hbuf, sizeof(hbuf), "%s.h", path(dev));
 	return (hbuf);
 }
 
diff --git a/usr.sbin/config/mkmakefile.c b/usr.sbin/config/mkmakefile.c
index bd110ec..e52c78a 100644
--- a/usr.sbin/config/mkmakefile.c
+++ b/usr.sbin/config/mkmakefile.c
@@ -49,6 +49,7 @@ static const char rcsid[] =
 #include <err.h>
 #include <stdio.h>
 #include <string.h>
+#include <sys/param.h>
 #include "y.tab.h"
 #include "config.h"
 #include "configvers.h"
@@ -286,7 +287,7 @@ read_files(void)
 	struct device *save_dp;
 	struct opt *op;
 	char *wd, *this, *needs, *special, *depends, *clean, *warn;
-	char fname[80];
+	char fname[MAXPATHLEN];
 	int ddwarned = 0;
 	int nreqs, first = 1, configdep, isdup, std, filetype,
 	    imp_rule, no_obj, needcount, before_depend, mandatory;
@@ -297,7 +298,7 @@ read_files(void)
 		printf("no ident line specified\n");
 		exit(1);
 	}
-	(void) snprintf(fname, sizeof fname, "../../conf/files");
+	(void) snprintf(fname, sizeof(fname), "../../conf/files");
 openit:
 	fp = fopen(fname, "r");
 	if (fp == 0)
@@ -316,16 +317,19 @@ next:
 		(void) fclose(fp);
 		if (first == 1) {
 			first++;
-			(void) snprintf(fname, sizeof fname, "../../conf/files.%s", machinename);
+			(void) snprintf(fname, sizeof(fname),
+			    "../../conf/files.%s", machinename);
 			fp = fopen(fname, "r");
 			if (fp != 0)
 				goto next;
-			(void) snprintf(fname, sizeof fname, "files.%s", machinename);
+			(void) snprintf(fname, sizeof(fname),
+			    "files.%s", machinename);
 			goto openit;
 		}
 		if (first == 2) {
 			first++;
-			(void) snprintf(fname, sizeof fname, "files.%s", raisestr(ident));
+			(void) snprintf(fname, sizeof(fname),
+			    "files.%s", raisestr(ident));
 			fp = fopen(fname, "r");
 			if (fp != 0)
 				goto next;
diff --git a/usr.sbin/config/mkoptions.c b/usr.sbin/config/mkoptions.c
index da0fba4..9496ca4 100644
--- a/usr.sbin/config/mkoptions.c
+++ b/usr.sbin/config/mkoptions.c
@@ -48,6 +48,7 @@ static const char rcsid[] =
 #include <err.h>
 #include <stdio.h>
 #include <string.h>
+#include <sys/param.h>
 #include "config.h"
 #include "y.tab.h"
 
@@ -274,21 +275,21 @@ do_option(char *name)
 static char *
 tooption(char *name)
 {
-	static char hbuf[80];
-	char nbuf[80];
+	static char hbuf[MAXPATHLEN];
+	char nbuf[MAXPATHLEN];
 	struct opt_list *po;
 
 	/* "cannot happen"?  the otab list should be complete.. */
-	(void) strcpy(nbuf, "options.h");
+	(void) strlcpy(nbuf, "options.h", sizeof(nbuf));
 
 	for (po = otab ; po != 0; po = po->o_next) {
 		if (eq(po->o_name, name)) {
-			strcpy(nbuf, po->o_file);
+			strlcpy(nbuf, po->o_file, sizeof(nbuf));
 			break;
 		}
 	}
 
-	(void) strcpy(hbuf, path(nbuf));
+	(void) strlcpy(hbuf, path(nbuf), sizeof(hbuf));
 	return (hbuf);
 }
 
@@ -299,18 +300,18 @@ static void
 read_options(void)
 {
 	FILE *fp;
-	char fname[80];
+	char fname[MAXPATHLEN];
 	char *wd, *this, *val;
 	struct opt_list *po;
 	int first = 1;
-	char genopt[80];
+	char genopt[MAXPATHLEN];
 
 	otab = 0;
 	if (ident == NULL) {
 		printf("no ident line specified\n");
 		exit(1);
 	}
-	(void) snprintf(fname, sizeof fname, "../../conf/options");
+	(void) snprintf(fname, sizeof(fname), "../../conf/options");
 openit:
 	fp = fopen(fname, "r");
 	if (fp == 0) {
@@ -352,7 +353,7 @@ next:
 		return;
 	if (val == 0) {
 		char *s = ns(this);
-		(void) snprintf(genopt, sizeof genopt, "opt_%s.h", lower(s));
+		(void) snprintf(genopt, sizeof(genopt), "opt_%s.h", lower(s));
 		val = genopt;
 		free(s);
 	}