diff options
author | dillon <dillon@FreeBSD.org> | 1998-12-13 03:42:51 +0000 |
---|---|---|
committer | dillon <dillon@FreeBSD.org> | 1998-12-13 03:42:51 +0000 |
commit | 762deff9e18b9694dd8707b53ced7afb15885668 (patch) | |
tree | c8b5839df55533d18d083cf02afa98ff3f0f86d3 | |
parent | 776cf0ace3757ecb02cc09803538d8635b6cec81 (diff) | |
download | FreeBSD-src-762deff9e18b9694dd8707b53ced7afb15885668.zip FreeBSD-src-762deff9e18b9694dd8707b53ced7afb15885668.tar.gz |
PR: bin/8680
Increase the size of a number of buffers and replace strcpy/strcat/sprintf
with snprintf(). There was a minor and possibly not exploitable security
hole related to one sprintf().
-rw-r--r-- | usr.bin/wall/wall.c | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/usr.bin/wall/wall.c b/usr.bin/wall/wall.c index 04a4823..288bea3 100644 --- a/usr.bin/wall/wall.c +++ b/usr.bin/wall/wall.c @@ -42,7 +42,7 @@ static const char copyright[] = static char sccsid[] = "@(#)wall.c 8.2 (Berkeley) 11/16/93"; #endif static const char rcsid[] = - "$Id: wall.c,v 1.8 1997/08/25 06:43:22 charnier Exp $"; + "$Id: wall.c,v 1.9 1997/09/15 01:03:16 ache Exp $"; #endif /* not lint */ /* @@ -144,10 +144,10 @@ makemsg(fname) time_t now; FILE *fp; int fd; - char *p, *whom, hostname[MAXHOSTNAMELEN], lbuf[100], tmpname[15]; + char *p, *whom, hostname[MAXHOSTNAMELEN], lbuf[256], tmpname[64]; + + snprintf(tmpname, sizeof(tmpname), "%s/wall.XXXXXX", _PATH_TMP); - (void)strcpy(tmpname, _PATH_TMP); - (void)strcat(tmpname, "/wall.XXXXXX"); if (!(fd = mkstemp(tmpname)) || !(fp = fdopen(fd, "r+"))) errx(1, "can't open temporary file"); (void)unlink(tmpname); @@ -167,10 +167,12 @@ makemsg(fname) * in column 80, but that can't be helped. */ (void)fprintf(fp, "\r%79s\r\n", " "); - (void)sprintf(lbuf, "Broadcast Message from %s@%s", + (void)snprintf(lbuf, sizeof(lbuf), + "Broadcast Message from %s@%s", whom, hostname); (void)fprintf(fp, "%-79.79s\007\007\r\n", lbuf); - (void)sprintf(lbuf, " (%s) at %d:%02d ...", ttyname(2), + (void)snprintf(lbuf, sizeof(lbuf), + " (%s) at %d:%02d ...", ttyname(2), lt->tm_hour, lt->tm_min); (void)fprintf(fp, "%-79.79s\r\n", lbuf); } |