From patchwork Fri Mar  6 13:52:29 2026
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Christian Colonna <c.colonna@itdoctor.it>
X-Patchwork-Id: 131228
Return-Path: <libc-alpha-bounces~patchwork=sourceware.org@sourceware.org>
X-Original-To: patchwork@sourceware.org
Delivered-To: patchwork@sourceware.org
Received: from vm01.sourceware.org (localhost [127.0.0.1])
	by sourceware.org (Postfix) with ESMTP id 979944BA2E0D
	for <patchwork@sourceware.org>; Fri,  6 Mar 2026 13:54:16 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 979944BA2E0D
Authentication-Results: sourceware.org;
	dkim=pass (2048-bit key,
 unprotected) header.d=itdoctor.it header.i=@itdoctor.it header.a=rsa-sha256
 header.s=a1 header.b=en/Fx72j
X-Original-To: libc-alpha@sourceware.org
Delivered-To: libc-alpha@sourceware.org
Received: from smtpcmd01-g.aruba.it (smtpcmd01-g.aruba.it [62.149.158.217])
 by sourceware.org (Postfix) with ESMTPS id C526E4BA2E0D
 for <libc-alpha@sourceware.org>; Fri,  6 Mar 2026 13:53:42 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org C526E4BA2E0D
Authentication-Results: sourceware.org;
 dmarc=pass (p=none dis=none) header.from=itdoctor.it
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=itdoctor.it
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org C526E4BA2E0D
Authentication-Results: server2.sourceware.org;
 arc=none smtp.remote-ip=62.149.158.217
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1772805223; cv=none;
 b=QfeFZziC07EtuIPHv8un6gvWicUWF4o58FrpaaVjuETm8JpGnKcHscBx8qUsOvLk29lQInRi+ggBIWcytqgeFacT+bJwOy+XjGGoZZRI2GCGxDP0xPHTWv6W9XQowIzxSf6YMahLBcaZC4wi4/fT1XEf+ylCOLI2Nj7baUNOnpU=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
 t=1772805223; c=relaxed/simple;
 bh=AL7UVmaPX+kjnhv+pCKt+yp14jXAu5aIb61bIaTn7zs=;
 h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version;
 b=oq7Fj+XqaF7i7TRcfXbZw8ueek0MhVUI0BerKxzYnrIL80zRBetkzsV9OHtW1Uhwavt6FfJYVfXdtEg4PAPdKMnwfym2z2zDVdUH/SOcUDvEX5+0+ek3BLBR8vaurUDpT2a2eU+RCkbDUVoSa/gpfxGDHodClaazI9/hNI/69yU=
ARC-Authentication-Results: i=1; server2.sourceware.org
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org C526E4BA2E0D
Received: from localhost ([188.8.103.10]) by Aruba SMTP with ESMTPSA
 id yVcHvN12MnDG4yVcXvWMQx; Fri, 06 Mar 2026 14:53:41 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=itdoctor.it; s=a1;
 t=1772805221; bh=AL7UVmaPX+kjnhv+pCKt+yp14jXAu5aIb61bIaTn7zs=;
 h=From:To:Subject:Date:MIME-Version;
 b=en/Fx72jKy62DIyd/0GF4/Bix/2HjnSdXsqZHqKIaG/dh07jWjqXfye1DbL9gyCxZ
 fe0u4Z3wU0leLJEWOYuAp86hngPNGW7ybIVTbYDFHB4XZAWe1bo0KgozVrIOAdCios
 26Oc2G6bABX6Q2eVcdPr5xLRQa6LV+pqW06raM6IJ0iHCyaCnWXBHDCvyiT/CVEa5j
 oE3QT6Nq6Lko+iATC0hLlYjYlgNunyfUG1WTXu8dRY2KbYkfj8t2oN2V+Wl81GwCNa
 ei53fxEthdqV9OXiwFHBysCEArwu0mbXqQ5RTovNHaROfJ79GQnkwvgkVVH4WH+X+s
 i1XZ5uswTDoIQ==
From: Christian Colonna <c.colonna@itdoctor.it>
To: libc-alpha@sourceware.org
Cc: Christian Colonna <c.colonna@itdoctor.it>
Subject: [PATCH] inet: add boundary check to prevent bof and
 inet/tst-ruserpass [BZ #33881]
Date: Fri,  6 Mar 2026 14:52:29 +0100
Message-Id: <20260306135229.2082046-1-c.colonna@itdoctor.it>
X-Mailer: git-send-email 2.39.5
MIME-Version: 1.0
X-CMAE-Envelope: 
 MS4xfBa8LaILjRE7o6ogywNOCnoa3xhIxmEU65ohVdfJ4sYX68BmYwHzVx5DnM5tU+OX+ny9wJjPn5+j5pmvfKwsHn6ldbGU1vwrDLiLnsAhjnYFn60KzYKT
 GB3c8G6Iu18kETRQ+a4Xe9ahpiR9yfM6gvHI6rmS7ZzYddCb1sVgKnDxVIvuJc1Yub3kgNoVFBcgOA3xW4pR4a6lNXcDfoKmTK1/b8FIkVTcg4FEsJQDhZlF
X-Spam-Status: No, score=-12.7 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, KAM_SHORT,
 RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, RCVD_IN_VALIDITY_RPBL_BLOCKED,
 RCVD_IN_VALIDITY_SAFE_BLOCKED, SPF_HELO_NONE, SPF_PASS,
 TXREP autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on sourceware.org
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=subscribe>
Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org

Add boundary checks in the token function parsing .netrc config file.
If token was too long, the buffer storing token could overflow.

Add test creating .netrc file with a long token and verify that ruserpass doesn't cause SEGFAULT.
Add additional test to verify that when permission of .netrc are not 0600 ruserpass returns -1.

Signed-off-by: Christian Colonna <c.colonna@itdoctor.it>
---
 inet/Makefile        |  1 +
 inet/ruserpass.c     | 12 ++++--
 inet/tst-ruserpass.c | 87 ++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 96 insertions(+), 4 deletions(-)
 create mode 100644 inet/tst-ruserpass.c

diff --git a/inet/Makefile b/inet/Makefile
index 613f61d290..caeb1b0801 100644
--- a/inet/Makefile
+++ b/inet/Makefile
@@ -98,6 +98,7 @@ tests := \
   tst-network \
   tst-ntoa \
   tst-sockaddr \
+  tst-ruserpass \
   # tests
 
 # tst-deadline must be linked statically so that we can access
diff --git a/inet/ruserpass.c b/inet/ruserpass.c
index be4e024203..22d835a0c1 100644
--- a/inet/ruserpass.c
+++ b/inet/ruserpass.c
@@ -54,7 +54,9 @@ static	FILE *cfile;
 #define	ID	10
 #define	MACHINE	11
 
-static char tokval[100];
+#define TOKVAL_SIZE 100
+
+static char tokval[TOKVAL_SIZE];
 
 static const char tokstr[] =
 {
@@ -229,7 +231,8 @@ token (void)
 		while ((c = getc_unlocked(cfile)) != EOF && c != '"') {
 			if (c == '\\')
 				c = getc_unlocked(cfile);
-			*cp++ = c;
+			if (cp-tokval < TOKVAL_SIZE)
+				*cp++ = c;
 		}
 	} else {
 		*cp++ = c;
@@ -237,7 +240,8 @@ token (void)
 		    && c != '\n' && c != '\t' && c != ' ' && c != ',') {
 			if (c == '\\')
 				c = getc_unlocked(cfile);
-			*cp++ = c;
+			if (cp-tokval < TOKVAL_SIZE)
+				*cp++ = c;
 		}
 	}
 	*cp = 0;
@@ -247,4 +251,4 @@ token (void)
 		if (!strcmp(&tokstr[toktab[i].tokstr_off], tokval))
 			return toktab[i].tval;
 	return (ID);
-}
+}
\ No newline at end of file
diff --git a/inet/tst-ruserpass.c b/inet/tst-ruserpass.c
new file mode 100644
index 0000000000..7edcf56434
--- /dev/null
+++ b/inet/tst-ruserpass.c
@@ -0,0 +1,87 @@
+/* Test for ruserpass.
+   Copyright (C) 2026-2026 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+#include <unistd.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <support/check.h>
+#include <support/support.h>
+#include <support/temp_file.h>
+
+
+static char *temp_home_dir;
+static char *temp_netrc;
+
+extern int ruserpass (const char *host, const char **aname, const char **apass);
+
+static void
+generate_string_a (char * str, size_t len)
+{
+  memset (str, 'a', len);
+  str[len] = '\0';
+}
+
+static void
+do_prepare (int argc, char **argv)
+{
+  char temp_password[200];
+
+  // creating a .netrc file for testing. In ruserpass the file is accessed relative to $HOME env, we will tweak $HOME to use our test file
+  temp_home_dir = support_create_temp_directory ("tst-ruserpass-");
+  temp_netrc = xasprintf ("%s/.netrc", temp_home_dir);
+  add_temp_file (temp_netrc);
+
+  generate_string_a(temp_password, sizeof(temp_password) - 1);
+
+  char * netrc_content = xasprintf ("machine foo.gnu login foo password %s\n", temp_password);
+
+  support_write_file_string (temp_netrc, netrc_content);
+
+  free (netrc_content);
+}
+
+#define PREPARE do_prepare
+
+static int
+do_test (void)
+{
+  const char *orig_name = NULL;
+  const char *orig_pass = NULL;
+
+  if (access (temp_netrc, R_OK) != 0)
+    FAIL_EXIT1 ("File .netrc is not readable");
+  setenv ("HOME", temp_home_dir, 1);  
+
+  // function should returns -1 if .netrc file permission is readable by others
+  TEST_COMPARE (ruserpass ("foo.gnu", &orig_name, &orig_pass), -1);
+
+
+  if (chmod (temp_netrc, S_IRUSR | S_IWUSR) != 0)
+    FAIL_EXIT1 ("Impossible to set .netrc permissions. We need it to be 0600 else ruserpass will exit -1.");
+
+  // ruserpass should not segfault if password is longer than password tokval buffer
+  TEST_COMPARE (ruserpass ("foo.gnu", &orig_name, &orig_pass), EXIT_SUCCESS);
+
+  free (temp_home_dir);
+  free (temp_netrc);
+
+  return EXIT_SUCCESS;
+}
+
+#include <support/test-driver.c>
\ No newline at end of file