Re: Check fgets return value

#1 (**permalink**) 02-18-2008, 09:31 AM

Hi,

Here's the updated version against -current of my patches about missing
fgets return value check. Thanks to ray@ for hints and advises.

Best regards,

Charles Longeau

Index: games/banner/banner.c
================================================== =================
RCS file: /cvs/src/games/banner/banner.c,v
retrieving revision 1.13
diff -u -p -r1.13 banner.c
--- games/banner/banner.c 22 Nov 2006 19:31:39 -0000 1.13
+++ games/banner/banner.c 5 Mar 2007 20:49:53 -0000
@@ -1064,14 +1064,18 @@ main(int argc, char *argv[])
strlcat(message, " ", sizeof message);
strlcat(message, *argv, sizeof message);
}
- nchars = strlen(message);
} else {
+ char *p;
+
if (isatty(fileno(stdin)))
fprintf(stderr,"Message: ");
- (void)fgets(message, sizeof(message), stdin);
- nchars = strlen(message);
- message[nchars--] = '\0'; /* get rid of newline */
+ if (fgets(message, sizeof(message), stdin) == NULL)
+ err(1, NULL);
+ /* get rid of newline */
+ if ((p = strchr(message, '\n')))
+ *p = '\0';
}
+ nchars = strlen(message);

/* some debugging print statements */
if (debug) {
Index: games/battlestar/cypher.c
================================================== =================
RCS file: /cvs/src/games/battlestar/cypher.c,v
retrieving revision 1.15
diff -u -p -r1.15 cypher.c
--- games/battlestar/cypher.c 10 Jul 2004 07:26:22 -0000 1.15
+++ games/battlestar/cypher.c 25 Apr 2007 12:57:25 -0000
@@ -43,6 +43,23 @@ static char rcsid[] = "$OpenBSD: cypher.

static void verb_with_all(unsigned int *, int, int (*)(void), const char *);

+int
+get_new_value(int *value)
+{
+ char buffer[10];
+
+ if (fgets(buffer, sizeof(buffer), stdin) == NULL) {
+ if (feof(stdin))
+ return(0);
+ err(1, NULL);
+ }
+ if (*buffer != '\n') {
+ sscanf(buffer, "%d", value);
+ return(1);
+ }
+ return (0);
+}
+
/* returns 0 if error or no more commands to do,
* 1 if there are more commands remaining on the current input line
*/
@@ -52,7 +69,6 @@ cypher(void)
int n;
int junk;
int lflag = -1;
- char buffer[10];
char *filename, *rfilename;
size_t filename_len;

@@ -289,40 +305,23 @@ cypher(void)
case SU:
if (wiz || tempwiz) {
printf("\nRoom (was %d) = ", position);
- fgets(buffer, 10, stdin);
- if (*buffer != '\n')
- sscanf(buffer, "%d", &position);
+ get_new_value(&position);
printf("Time (was %d) = ", ourtime);
- fgets(buffer, 10, stdin);
- if (*buffer != '\n')
- sscanf(buffer, "%d", &ourtime);
+ get_new_value(&ourtime);
printf("Fuel (was %d) = ", fuel);
- fgets(buffer, 10, stdin);
- if (*buffer != '\n')
- sscanf(buffer, "%d", &fuel);
+ get_new_value(&fuel);
printf("Torps (was %d) = ", torps);
- fgets(buffer, 10, stdin);
- if (*buffer != '\n')
- sscanf(buffer, "%d", &torps);
+ get_new_value(&torps);
printf("CUMBER (was %d) = ", CUMBER);
- fgets(buffer, 10, stdin);
- if (*buffer != '\n')
- sscanf(buffer, "%d", &CUMBER);
+ get_new_value(&CUMBER);
printf("WEIGHT (was %d) = ", WEIGHT);
- fgets(buffer, 10, stdin);
- if (*buffer != '\n')
- sscanf(buffer, "%d", &WEIGHT);
+ get_new_value(&WEIGHT);
printf("Clock (was %d) = ", ourclock);
- fgets(buffer, 10, stdin);
- if (*buffer != '\n')
- sscanf(buffer, "%d", &ourclock);
+ get_new_value(&ourclock);
printf("Wizard (was %d, %d) = ", wiz, tempwiz);
- fgets(buffer, 10, stdin);
- if (*buffer != '\n') {
- sscanf(buffer, "%d", &junk);
+ if (get_new_value(&junk))
if (!junk)
tempwiz = wiz = 0;
- }
printf("\nDONE.\n");
return (0); /* No commands after a SU */
} else
Index: lib/libssl/src/apps/ca.c
================================================== =================
RCS file: /cvs/src/lib/libssl/src/apps/ca.c,v
retrieving revision 1.20
diff -u -p -r1.20 ca.c
--- lib/libssl/src/apps/ca.c 25 Sep 2006 18:32:07 -0000 1.20
+++ lib/libssl/src/apps/ca.c 3 Nov 2006 15:41:28 -0000
@@ -1223,7 +1223,12 @@ bad:
BIO_printf(bio_err,"\n%d out of %d certificate requests certified, commit? [y/n]",total_done,total);
(void)BIO_flush(bio_err);
buf[0][0]='\0';
- fgets(buf[0],10,stdin);
+ if (fgets(buf[0],10,stdin) == NULL)
+ {
+ BIO_printf(bio_err,"fgets error\n");
+ ret=1;
+ goto err;
+ }
if ((buf[0][0] != 'y') && (buf[0][0] != 'Y'))
{
BIO_printf(bio_err,"CERTIFICATION CANCELED\n");
@@ -2048,7 +2053,12 @@ again2:
BIO_printf(bio_err,"Sign the certificate? [y/n]:");
(void)BIO_flush(bio_err);
buf[0]='\0';
- fgets(buf,sizeof(buf)-1,stdin);
+ if (fgets(buf,sizeof(buf),stdin) == NULL)
+ {
+ BIO_printf(bio_err,"fgets error\n");
+ ok=0;
+ goto err;
+ }
if (!((buf[0] == 'y') || (buf[0] == 'Y')))
{
BIO_printf(bio_err,"CERTIFICATE WILL NOT BE CERTIFIED\n");
Index: lib/libssl/src/apps/enc.c
================================================== =================
RCS file: /cvs/src/lib/libssl/src/apps/enc.c,v
retrieving revision 1.11
diff -u -p -r1.11 enc.c
--- lib/libssl/src/apps/enc.c 29 Apr 2005 05:39:15 -0000 1.11
+++ lib/libssl/src/apps/enc.c 6 Mar 2007 02:35:26 -0000
@@ -226,7 +226,11 @@ int MAIN(int argc, char **argv)
goto bad;
}
buf[0]='\0';
- fgets(buf,sizeof buf,infile);
+ if (fgets(buf,sizeof buf,infile) == NULL)
+ {
+ BIO_printf(bio_err,"fgets\n");
+ goto end;
+ }
fclose(infile);
i=strlen(buf);
if ((i > 0) &&
Index: lib/libssl/src/apps/openssl.c
================================================== =================
RCS file: /cvs/src/lib/libssl/src/apps/openssl.c,v
retrieving revision 1.11
diff -u -p -r1.11 openssl.c
--- lib/libssl/src/apps/openssl.c 27 Jun 2006 05:06:54 -0000 1.11
+++ lib/libssl/src/apps/openssl.c 3 Nov 2006 15:43:24 -0000
@@ -332,7 +332,11 @@ int main(int Argc, char *Argv[])
else prompt="OpenSSL> ";
fputs(prompt,stdout);
fflush(stdout);
- fgets(p,n,stdin);
+ if (fgets(p,n,stdin) == NULL)
+ {
+ ret=1;
+ goto end;
+ }
if (p[0] == '\0') goto end;
i=strlen(p);
if (i <= 1) break;
Index: lib/libssl/src/apps/req.c
================================================== =================
RCS file: /cvs/src/lib/libssl/src/apps/req.c,v
retrieving revision 1.13
diff -u -p -r1.13 req.c
--- lib/libssl/src/apps/req.c 29 Apr 2005 05:39:16 -0000 1.13
+++ lib/libssl/src/apps/req.c 3 Nov 2006 16:15:12 -0000
@@ -1418,7 +1418,11 @@ start:
buf[0]='\0';
if (!batch)
{
- fgets(buf,sizeof buf,stdin);
+ if (fgets(buf,sizeof buf,stdin) == NULL)
+ {
+ BIO_printf(bio_err,"fgets\n");
+ return(0);
+ }
}
else
{
@@ -1476,7 +1480,11 @@ start:
buf[0]='\0';
if (!batch)
{
- fgets(buf,sizeof buf,stdin);
+ if (fgets(buf,sizeof buf,stdin) == NULL)
+ {
+ BIO_printf(bio_err,"fgets\n");
+ return(0);
+ }
}
else
{
Index: lib/libssl/src/crypto/bio/bss_file.c
================================================== =================
RCS file: /cvs/src/lib/libssl/src/crypto/bio/bss_file.c,v
retrieving revision 1.11
diff -u -p -r1.11 bss_file.c
--- lib/libssl/src/crypto/bio/bss_file.c 29 Apr 2005 05:39:18 -0000 1.11
+++ lib/libssl/src/crypto/bio/bss_file.c 6 Mar 2007 02:46:13 -0000
@@ -321,7 +321,8 @@ static int MS_CALLBACK file_gets(BIO *bp
int ret=0;

buf[0]='\0';
- fgets(buf,size,(FILE *)bp->ptr);
+ if (fgets(buf,size,(FILE *)bp->ptr) == NULL)
+ return(0);
if (buf[0] != '\0')
ret=strlen(buf);
return(ret);
Index: lib/libssl/src/crypto/des/des.c
================================================== =================
RCS file: /cvs/src/lib/libssl/src/crypto/des/des.c,v
retrieving revision 1.7
diff -u -p -r1.7 des.c
--- lib/libssl/src/crypto/des/des.c 12 May 2003 02:18:36 -0000 1.7
+++ lib/libssl/src/crypto/des/des.c 6 Mar 2007 02:50:29 -0000
@@ -764,7 +764,11 @@ int uufread(unsigned char *out, int size
for (;

{
b[0]='\0';
- fgets((char *)b,300,fp);
+ if (fgets((char *)b,300,fp) == NULL)
+ {
+ fprintf(stderr,"fgets\n");
+ return(-1);
+ }
if (b[0] == '\0')
{
fprintf(stderr,"no 'begin' found in uuencoded input\n");
@@ -785,7 +789,11 @@ int uufread(unsigned char *out, int size
for (;

{
b[0]='\0';
- fgets((char *)b,300,fp);
+ if (fgets((char *)b,300,fp) == NULL)
+ {
+ fprintf(stderr,"fgets\n");
+ return(-1);
+ }
if (b[0] == '\0') break;
i=strlen((char *)b);
if ((b[0] == 'e') && (b[1] == 'n') && (b[2] == 'd'))
@@ -793,7 +801,11 @@ int uufread(unsigned char *out, int size
done=1;
while (!feof(fp))
{
- fgets((char *)b,300,fp);
+ if (fgets((char *)b,300,fp) == NULL)
+ {
+ fprintf(stderr,"fgets\n");
+ return(-1);
+ }
}
break;
}
Index: sbin/restore/tape.c
================================================== =================
RCS file: /cvs/src/sbin/restore/tape.c,v
retrieving revision 1.32
diff -u -p -r1.32 tape.c
--- sbin/restore/tape.c 3 Jun 2007 20:16:08 -0000 1.32
+++ sbin/restore/tape.c 25 Jun 2007 13:15:12 -0000
@@ -334,10 +334,9 @@ again:
do {
fprintf(stderr, "Specify next volume #: ");
(void)fflush(stderr);
- (void)fgets(buf, TP_BSIZE, terminal);
- } while (!feof(terminal) && buf[0] == '\n');
- if (feof(terminal))
- exit(1);
+ if (fgets(buf, TP_BSIZE, terminal) == NULL || feof(terminal))
+ exit(1);
+ } while (buf[0] == '\n');
newvol = atoi(buf);
if (newvol <= 0) {
fprintf(stderr,
Index: usr.bin/learn/src/learn.c
================================================== =================
RCS file: /cvs/src/usr.bin/learn/src/learn.c,v
retrieving revision 1.10
diff -u -p -r1.10 learn.c
--- usr.bin/learn/src/learn.c 9 Nov 2003 20:13:57 -0000 1.10
+++ usr.bin/learn/src/learn.c 6 Mar 2007 03:10:18 -0000
@@ -298,10 +298,8 @@ pgets(char *s, int len, int prompt, FILE
void
trim(char *s)
{
- while (*s)
- s++;
- if (*--s == '\n')
- *s=0;
+ if ((s = strchr(s, '\n')))
+ *s = '\0';
}

scopy(fi, fo) /* copy fi to fo until a line with # */
@@ -409,7 +407,8 @@ retry:
wrong > 1 ? "still " : "");
fflush(stdout);
for(;

{
- fgets(tbuff, sizeof tbuff, stdin);
+ if (fgets(tbuff, sizeof tbuff, stdin) == NULL)
+ err(1, NULL);
trim(tbuff);
if (tbuff[0] == 'y') {
printf("Try the problem again.\n");
@@ -767,14 +766,16 @@ char *argv[];
printf("type 'return'; otherwise type the name of\n");
printf("the course you want, followed by 'return'.\n");
fflush(stdout);
- fgets(sname=subname, sizeof subname, stdin);
+ if (fgets(sname=subname, sizeof subname, stdin) == NULL)
+ err(1, NULL);
trim(sname);
if (sname[0] == '\0') {
list("Xinfo");
do {
printf("\nWhich subject? ");
fflush(stdout);
- fgets(sname=subname, sizeof subname, stdin);
+ if (fgets(sname=subname, sizeof subname, stdin) == NULL)
+ err(1, NULL);
trim(sname);
} while (sname[0] == '\0');
}
@@ -786,7 +787,8 @@ char *argv[];
printf("the last lesson number the computer printed.\n");
printf("To start at the beginning, just hit return.\n");
fflush(stdout);
- fgets(ans2, sizeof ans2, stdin);
+ if (fgets(ans2, sizeof ans2, stdin) == NULL)
+ err(1, NULL);
trim(ans2);
if (ans2[0]==0)
strlcpy(ans2,"0", sizeof ans2);
@@ -844,7 +846,8 @@ selunit()
while (ask) {
printf("What lesson? ");
fflush(stdout);
- fgets(dobuff, sizeof dobuff, stdin);
+ if (fgets(dobuff, sizeof dobuff, stdin) == NULL)
+ err(1, NULL);
trim(dobuff);
if (strcmp(dobuff, "bye") == 0)
wrapup(0);
@@ -865,7 +868,7 @@ retry:
err(1, "%s", fnam);
wrapup(1);
}
- while (fgets(zb, 200, f)) {
+ while (fgets(zb, sizeof zb, f)) {
trim(zb);
if (strcmp(zb, "#next")==0)
break;
Index: usr.bin/msgs/msgs.c
================================================== =================
RCS file: /cvs/src/usr.bin/msgs/msgs.c,v
retrieving revision 1.31
diff -u -p -r1.31 msgs.c
--- usr.bin/msgs/msgs.c 17 May 2007 10:59:26 -0000 1.31
+++ usr.bin/msgs/msgs.c 25 Jun 2007 13:18:29 -0000
@@ -371,7 +371,8 @@ main(int argc, char *argv[])
printf("Message %d:\nFrom %s %sSubject: ",
nextmsg, pw->pw_name, ctime(&t));
fflush(stdout);
- fgets(inbuf, sizeof inbuf, stdin);
+ if (fgets(inbuf, sizeof inbuf, stdin) == NULL)
+ exit(ferror(stdin));
putchar('\n');
fflush(stdout);
fprintf(newmsg, "From %s %sSubject: %s\n",
@@ -380,8 +381,7 @@ main(int argc, char *argv[])
} else
blankline = seensubj = NO;
for (;

{
- fgets(inbuf, sizeof inbuf, stdin);
- if (feof(stdin) || ferror(stdin))
+ if (fgets(inbuf, sizeof inbuf, stdin) == NULL)
break;
blankline = (blankline || (inbuf[0] == '\n'));
seensubj = (seensubj ||
@@ -752,11 +752,10 @@ ask(char *prompt)
printf("%s ", prompt);
fflush(stdout);
intrpflg = NO;
- (void) fgets(inbuf, sizeof inbuf, stdin);
+ if (fgets(inbuf, sizeof inbuf, stdin) == NULL)
+ err(1, NULL);
if ((n = strlen(inbuf)) > 0 && inbuf[n - 1] == '\n')
inbuf[n - 1] = '\0';
- if (intrpflg)
- inbuf[0] = 'x';

/*
* Handle 'mail' and 'save' here.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode