diff options
| author | ken <ken@FreeBSD.org> | 1998-10-14 23:28:26 +0000 |
|---|---|---|
| committer | ken <ken@FreeBSD.org> | 1998-10-14 23:28:26 +0000 |
| commit | 68b03ab551368c9e52815b2d9c98a47bb6f7a264 (patch) | |
| tree | 2ba66031598ce09f9ab5d0f25c06a0e93e874d7c | |
| parent | 65106e9e36cd7a54af9cd409d1942a3a2b58170e (diff) | |
| download | FreeBSD-src-68b03ab551368c9e52815b2d9c98a47bb6f7a264.zip FreeBSD-src-68b03ab551368c9e52815b2d9c98a47bb6f7a264.tar.gz | |
Fix a couple of potential buffer overrun cases.
Submitted by: imp
| -rw-r--r-- | lib/libdevstat/devstat.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/lib/libdevstat/devstat.c b/lib/libdevstat/devstat.c index 6211909..ec86c78 100644 --- a/lib/libdevstat/devstat.c +++ b/lib/libdevstat/devstat.c @@ -25,7 +25,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: devstat.c,v 1.2 1998/09/18 02:35:25 ken Exp $ + * $Id: devstat.c,v 1.3 1998/09/20 00:11:09 ken Exp $ */ #include <sys/types.h> @@ -193,8 +193,10 @@ checkversion(void) strncat(devstat_errbuf, tmpstr, DEVSTAT_ERRBUF_SIZE - buflen - 1); buflen += errlen; - } else + } else { strncpy(devstat_errbuf, tmpstr, DEVSTAT_ERRBUF_SIZE); + devstat_errbuf[DEVSTAT_ERRBUF_SIZE - 1] = '\0'; + } if (version < DEVSTAT_VERSION) snprintf(tmpstr, sizeof(tmpstr), @@ -510,6 +512,7 @@ selectdevs(struct device_selection **dev_select, int *num_selected, strncpy((*dev_select)[i].device_name, devices[i].device_name, DEVSTAT_NAME_LEN); + (*dev_select)[i].device_name[DEVSTAT_NAME_LEN - 1]='\0'; (*dev_select)[i].unit_number = devices[i].unit_number; (*dev_select)[i].position = i; } @@ -531,7 +534,8 @@ selectdevs(struct device_selection **dev_select, int *num_selected, for (i = 0; (i < *num_selections) && (num_dev_selections > 0); i++) { char tmpstr[80]; - sprintf(tmpstr, "%s%d", (*dev_select)[i].device_name, + snprintf(tmpstr, sizeof(tmpstr), "%s%d", + (*dev_select)[i].device_name, (*dev_select)[i].unit_number); for (j = 0; j < num_dev_selections; j++) { if (strcmp(tmpstr, dev_selections[j]) == 0) { @@ -998,7 +1002,7 @@ buildmatch(char *match_str, struct devstat_match **matches, int *num_matches) * or interface. */ if ((*matches)[*num_matches].num_match_categories != (i + 1)) { - sprintf(devstat_errbuf, + snprintf(devstat_errbuf, sizeof(devstat_errbuf), "%s: unknown match item \"%s\"", func_name, tstr[i]); return(-1); |
