diff options
| author | brian <brian@FreeBSD.org> | 1997-12-17 00:19:25 +0000 |
|---|---|---|
| committer | brian <brian@FreeBSD.org> | 1997-12-17 00:19:25 +0000 |
| commit | 7328b8cd51418a040e797d192d46f98defddfa26 (patch) | |
| tree | 0a18bc03a9a62362ca04408048ac58b1e0b45589 | |
| parent | 8c80194b9d8bf000af9cdff865b70d73125186e3 (diff) | |
| download | FreeBSD-src-7328b8cd51418a040e797d192d46f98defddfa26.zip FreeBSD-src-7328b8cd51418a040e797d192d46f98defddfa26.tar.gz | |
Fix a potential overflow where, if the label passed on the command
line is > LINE_LEN (512 bytes), we scribble (*blush*).
Hinted at by: Theo de Raadt <deraadt@cvs.openbsd.org>
Change sprintf(buf, "fixedstring") to strcpy(buf, "fixedstring").
| -rw-r--r-- | usr.sbin/ppp/command.c | 5 | ||||
| -rw-r--r-- | usr.sbin/ppp/route.c | 6 |
2 files changed, 6 insertions, 5 deletions
diff --git a/usr.sbin/ppp/command.c b/usr.sbin/ppp/command.c index 2ea309a..d29d5e2 100644 --- a/usr.sbin/ppp/command.c +++ b/usr.sbin/ppp/command.c @@ -17,7 +17,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: command.c,v 1.109 1997/12/13 02:37:21 brian Exp $ + * $Id: command.c,v 1.110 1997/12/15 20:21:46 brian Exp $ * */ #include <sys/param.h> @@ -746,7 +746,8 @@ RunCommand(int argc, char const *const *argv, const char *label) *buf = '\0'; if (label) { - strcpy(buf, label); + strncpy(buf, label, sizeof buf); + buf[sizeof(buf)-3] = '\0'; strcat(buf, ": "); } n = strlen(buf); diff --git a/usr.sbin/ppp/route.c b/usr.sbin/ppp/route.c index 8a05b0e..df8f1f7 100644 --- a/usr.sbin/ppp/route.c +++ b/usr.sbin/ppp/route.c @@ -17,7 +17,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: route.c,v 1.31 1997/12/13 02:37:32 brian Exp $ + * $Id: route.c,v 1.32 1997/12/15 20:21:15 brian Exp $ * */ @@ -202,7 +202,7 @@ p_sockaddr(struct sockaddr *phost, struct sockaddr *pmask, int width) break; net.sin_addr.s_addr = ihost->sin_addr.s_addr & mask->sin_addr.s_addr; - sprintf(buf, "%s", inet_ntoa(net.sin_addr)); + strcpy(buf, inet_ntoa(net.sin_addr)); for (len = strlen(buf); len > 3; buf[len-=2] = '\0') if (strcmp(buf+len-2, ".0")) break; @@ -228,7 +228,7 @@ p_sockaddr(struct sockaddr *phost, struct sockaddr *pmask, int width) sprintf(buf+f*3, "%02x:", MAC[f]); buf[f*3-1] = '\0'; } else - sprintf(buf, "??:??:??:??:??:??"); + strcpy(buf, "??:??:??:??:??:??"); else sprintf(buf, "<IFT type %d>", dl->sdl_type); else if (dl->sdl_slen) |
