diff options
| author | bde <bde@FreeBSD.org> | 1996-11-12 20:00:24 +0000 |
|---|---|---|
| committer | bde <bde@FreeBSD.org> | 1996-11-12 20:00:24 +0000 |
| commit | a81549782df942af453c4fc58169a57de424af37 (patch) | |
| tree | 7270874395ab4620e03ac97244beaf2d8f0c0b7b | |
| parent | 1de9e4195702239ca46aded1d090d4ea5eaac546 (diff) | |
| download | FreeBSD-src-a81549782df942af453c4fc58169a57de424af37.zip FreeBSD-src-a81549782df942af453c4fc58169a57de424af37.tar.gz | |
Fixed buffer overflow for large values in editval(). The buffers were
one too small for (hex) 12345678 and 4 too small for -1234567890. Large
values can be created by config and userconfig although not (previously)
by visual userconfig.
Fixed a sign extension bug for backspacing on "negative" hex values in
editval().
Increased field width and range for `flags' so that all possible values
can be displayed and edited.
| -rw-r--r-- | sys/i386/i386/userconfig.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/sys/i386/i386/userconfig.c b/sys/i386/i386/userconfig.c index 1b4e63d..3eaacde 100644 --- a/sys/i386/i386/userconfig.c +++ b/sys/i386/i386/userconfig.c @@ -46,7 +46,7 @@ ** (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF ** THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ** - ** $Id: userconfig.c,v 1.66 1996/11/11 09:09:37 msmith Exp $ + ** $Id: userconfig.c,v 1.67 1996/11/12 09:51:16 bde Exp $ **/ /** @@ -1484,7 +1484,7 @@ static int editval(int x, int y, int width, int hex, int min, int max, int *val, int ro) { int i = *val; /* work with copy of the value */ - char buf[10],tc[8]; /* display buffer, text copy */ + char buf[2+11+1],tc[11+1]; /* display buffer, text copy */ int xp = 0; /* cursor offset into text copy */ int delta = 1; /* force redraw first time in */ int c; @@ -1573,7 +1573,7 @@ editval(int x, int y, int width, int hex, int min, int max, int *val, int ro) } if (xp) /* still something left to delete */ { - i = i / (hex?0x10:10); /* strip last digit */ + i = (hex ? i/0x10u : i/10); /* strip last digit */ delta = 1; /* force update */ } break; @@ -1720,7 +1720,7 @@ editparams(DEV_LIST *dev) } ep_flags: puthelp(" Device-specific flag values."); - ret = editval(18,20,5,1,0x0,0xffff,&(dev->flags),0); + ret = editval(18,20,8,1,INT_MIN,INT_MAX,&(dev->flags),0); switch(ret) { case KEY_EXIT: @@ -2223,7 +2223,7 @@ visuserconfig(void) * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: userconfig.c,v 1.66 1996/11/11 09:09:37 msmith Exp $ + * $Id: userconfig.c,v 1.67 1996/11/12 09:51:16 bde Exp $ */ #include "scbus.h" |
