From nobody@FreeBSD.org  Sat Oct 31 20:41:06 2009
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 11FCD1065670
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 31 Oct 2009 20:41:06 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 01FB48FC0A
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 31 Oct 2009 20:41:06 +0000 (UTC)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id n9VKf5YR029002
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 31 Oct 2009 20:41:05 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id n9VKf5e0028972;
	Sat, 31 Oct 2009 20:41:05 GMT
	(envelope-from nobody)
Message-Id: <200910312041.n9VKf5e0028972@www.freebsd.org>
Date: Sat, 31 Oct 2009 20:41:05 GMT
From: Garrett Cooper <yaneurabeya@gmail.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: Fix potential setlocale(3) in hexdump / od
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         140151
>Category:       bin
>Synopsis:       [patch] hexdump(1): Fix potential setlocale(3) in hexdump / od
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Oct 31 20:50:00 UTC 2009
>Closed-Date:    
>Last-Modified:  Sun Feb 03 22:27:57 UTC 2013
>Originator:     Garrett Cooper
>Release:        9-CURRENT
>Organization:
n/a
>Environment:
FreeBSD optimus.zenmetsuhitotuyaneshita.net 9.0-CURRENT FreeBSD 9.0-CURRENT #0: Sun Oct 25 16:15:22 PDT 2009     gcooper@optimus.zenmetsuhitotuyaneshita.net:/usr/obj/usr/src/sys/OPTIMUS  amd64
>Description:
Spotted a coding issue with setlocale(3) not being checked for error when going back and reviewing the hexdump sourcecode to fix the issues that are assigned to me.

Please see the attached source for the fix, as well as an improvement on determing the application in use.

Execution example:

[gcooper@optimus /scratch/src/head/usr.bin/hexdump]$ ln -sf ./hexdump od
[gcooper@optimus /scratch/src/head/usr.bin/hexdump]$ echo "" | ./hexdump -e '"%06.6_ao "  12/1 "%3_u "'
000000  lf
[gcooper@optimus /scratch/src/head/usr.bin/hexdump]$ echo "" | ./od 
0000000    000012                                                        
0000001
>How-To-Repeat:

>Fix:


Patch attached with submission follows:

Index: hexdump.c
===================================================================
--- hexdump.c	(revision 198534)
+++ hexdump.c	(working copy)
@@ -50,6 +50,9 @@
 #include <stdlib.h>
 #include <stdio.h>
 #include <string.h>
+#include <libgen.h>
+#include <err.h>
+#include <errno.h>
 #include "hexdump.h"
 
 FS *fshead;				/* head of format strings */
@@ -61,11 +64,12 @@
 main(int argc, char *argv[])
 {
 	FS *tfs;
-	char *p;
 
-	(void)setlocale(LC_ALL, "");
+	if (setlocale(LC_ALL, "") == NULL) {
+		errx(1, "Failed to set the locale to LC_ALL");
+	}
 
-	if (!(p = rindex(argv[0], 'o')) || strcmp(p, "od"))
+	if (strncmp(basename(argv[0]), "od", strlen("od")))
 		newsyntax(argc, &argv);
 	else
 		oldsyntax(argc, &argv);


>Release-Note:
>Audit-Trail:

From: Jilles Tjoelker <jilles@stack.nl>
To: bug-followup@FreeBSD.org, gcooper@FreeBSD.org
Cc:  
Subject: Re: bin/140151: Fix potential setlocale(3) in hexdump / od
Date: Sat, 31 Oct 2009 23:55:44 +0100

 General policy across /bin and /usr/bin seems to ignore setlocale()
 failures (usually caused by invalid/unsupported language settings).
 I guess that's sensible, and in any case changing it for hexdump/od only
 seems wrong.
 
 There seems little wrong with the current way of determining hexdump vs
 od either, which is to treat anything ending in 'od' as od.
 
 -- 
 Jilles Tjoelker

From: Garrett Cooper <yaneurabeya@gmail.com>
To: Jilles Tjoelker <jilles@stack.nl>
Cc: bug-followup@freebsd.org
Subject: Re: bin/140151: Fix potential setlocale(3) in hexdump / od
Date: Sun, 1 Nov 2009 17:39:05 -0700

 Hi Jilles!
     We discussed this earlier over IRC, but just to reiterate some points...
 
 On Sat, Oct 31, 2009 at 3:55 PM, Jilles Tjoelker <jilles@stack.nl> wrote:
 > General policy across /bin and /usr/bin seems to ignore setlocale()
 > failures (usually caused by invalid/unsupported language settings).
 > I guess that's sensible, and in any case changing it for hexdump/od only
 > seems wrong.
 
     It's fine if hexdump is a start's this trend and core agrees,
 because it's been widely ported to other packages outside of FreeBSD,
 like util-linux-ng, etc. So, I'm just taking all of the issues and
 resolving them so that hexdump, et all has higher quality than it
 currently does, because QA in hexdump has been neglected in the past
 and it's a handy tool that should be more robust. Plus, it looks like
 a bad mark on the project when a piece of software has so many issues
 with segfaults, et all.
     If warnx(3) is appropriate for now until the rest of the commands
 in /bin and /usr/bin conform to the new standard (if that's the way we
 want to go longterm), I'll gladly change the patch to warnx(3).
 
 > There seems little wrong with the current way of determining hexdump vs
 > od either, which is to treat anything ending in 'od' as od.
 
     This is done because hd / od are hardlinks created when make
 install is run for hexdump, and they share a TON of common code (only
 the values set by the different usages differ -- the rest of the logic
 is equivalent).
 Thanks!
 -Garrett

From: Garrett Cooper <yaneurabeya@gmail.com>
To: Garrett Cooper <yaneurabeya@gmail.com>
Cc: Jilles Tjoelker <jilles@stack.nl>, bug-followup@freebsd.org
Subject: Re: bin/140151: Fix potential setlocale(3) in hexdump / od
Date: Sun, 1 Nov 2009 17:39:49 -0700

 On Sun, Nov 1, 2009 at 5:39 PM, Garrett Cooper <yaneurabeya@gmail.com> wrote:
 > Hi Jilles!
 > =A0 =A0We discussed this earlier over IRC, but just to reiterate some poi=
 nts...
 >
 > On Sat, Oct 31, 2009 at 3:55 PM, Jilles Tjoelker <jilles@stack.nl> wrote:
 >> General policy across /bin and /usr/bin seems to ignore setlocale()
 >> failures (usually caused by invalid/unsupported language settings).
 >> I guess that's sensible, and in any case changing it for hexdump/od only
 >> seems wrong.
 >
 > =A0 =A0It's fine if hexdump is a start's this trend and core agrees,
 
 I meant to say `It's fine if hexdump starts this trend and core agrees'
 
 > because it's been widely ported to other packages outside of FreeBSD,
 > like util-linux-ng, etc. So, I'm just taking all of the issues and
 > resolving them so that hexdump, et all has higher quality than it
 > currently does, because QA in hexdump has been neglected in the past
 > and it's a handy tool that should be more robust. Plus, it looks like
 > a bad mark on the project when a piece of software has so many issues
 > with segfaults, et all.
 > =A0 =A0If warnx(3) is appropriate for now until the rest of the commands
 > in /bin and /usr/bin conform to the new standard (if that's the way we
 > want to go longterm), I'll gladly change the patch to warnx(3).
 >
 >> There seems little wrong with the current way of determining hexdump vs
 >> od either, which is to treat anything ending in 'od' as od.
 >
 > =A0 =A0This is done because hd / od are hardlinks created when make
 > install is run for hexdump, and they share a TON of common code (only
 > the values set by the different usages differ -- the rest of the logic
 > is equivalent).
>Unformatted:
