diff options
| author | imp <imp@FreeBSD.org> | 1998-12-16 04:48:00 +0000 |
|---|---|---|
| committer | imp <imp@FreeBSD.org> | 1998-12-16 04:48:00 +0000 |
| commit | a25b16eb03db268d43195f74278a7b7e91ccc062 (patch) | |
| tree | 339c705b63dd3fc0094a63bd5cdef3326ef7ac20 | |
| parent | 3b3da1d9ef22c1f360fc8bfa9f53238726c270d7 (diff) | |
| download | FreeBSD-src-a25b16eb03db268d43195f74278a7b7e91ccc062.zip FreeBSD-src-a25b16eb03db268d43195f74278a7b7e91ccc062.tar.gz | |
Fix two possible non-exploitable buffer overflows.
Thanks to: A friend at Sun auditing dump/restore for Solaris.
| -rw-r--r-- | sbin/restore/interactive.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/sbin/restore/interactive.c b/sbin/restore/interactive.c index 763ca13..1d6424d 100644 --- a/sbin/restore/interactive.c +++ b/sbin/restore/interactive.c @@ -36,7 +36,7 @@ static char sccsid[] = "@(#)interactive.c 8.5 (Berkeley) 5/1/95"; #endif static const char rcsid[] = - "$Id: interactive.c,v 1.5 1998/07/28 06:20:08 charnier Exp $"; + "$Id: interactive.c,v 1.6 1998/09/17 20:18:11 imp Exp $"; #endif /* not lint */ #include <sys/param.h> @@ -343,7 +343,8 @@ getcmd(curdir, cmd, name, size, ap) * If no argument, use curdir as the default. */ if (*cp == '\0') { - (void) strcpy(name, curdir); + (void) strncpy(name, curdir, size); + name[size - 1] = '\0'; return; } nextarg = cp; @@ -377,7 +378,8 @@ getnext: ap->argcnt = ap->glob.gl_pathc; retnext: - strcpy(name, ap->glob.gl_pathv[ap->glob.gl_pathc - ap->argcnt]); + strncpy(name, ap->glob.gl_pathv[ap->glob.gl_pathc - ap->argcnt], size); + name[size - 1] = '\0'; if (--ap->argcnt == 0) { ap->freeglob = 0; globfree(&ap->glob); |
