summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authordillon <dillon@FreeBSD.org>1998-12-13 03:42:51 +0000
committerdillon <dillon@FreeBSD.org>1998-12-13 03:42:51 +0000
commit762deff9e18b9694dd8707b53ced7afb15885668 (patch)
treec8b5839df55533d18d083cf02afa98ff3f0f86d3
parent776cf0ace3757ecb02cc09803538d8635b6cec81 (diff)
downloadFreeBSD-src-762deff9e18b9694dd8707b53ced7afb15885668.zip
FreeBSD-src-762deff9e18b9694dd8707b53ced7afb15885668.tar.gz
PR: bin/8680
Increase the size of a number of buffers and replace strcpy/strcat/sprintf with snprintf(). There was a minor and possibly not exploitable security hole related to one sprintf().
-rw-r--r--usr.bin/wall/wall.c14
1 files changed, 8 insertions, 6 deletions
diff --git a/usr.bin/wall/wall.c b/usr.bin/wall/wall.c
index 04a4823..288bea3 100644
--- a/usr.bin/wall/wall.c
+++ b/usr.bin/wall/wall.c
@@ -42,7 +42,7 @@ static const char copyright[] =
static char sccsid[] = "@(#)wall.c 8.2 (Berkeley) 11/16/93";
#endif
static const char rcsid[] =
- "$Id: wall.c,v 1.8 1997/08/25 06:43:22 charnier Exp $";
+ "$Id: wall.c,v 1.9 1997/09/15 01:03:16 ache Exp $";
#endif /* not lint */
/*
@@ -144,10 +144,10 @@ makemsg(fname)
time_t now;
FILE *fp;
int fd;
- char *p, *whom, hostname[MAXHOSTNAMELEN], lbuf[100], tmpname[15];
+ char *p, *whom, hostname[MAXHOSTNAMELEN], lbuf[256], tmpname[64];
+
+ snprintf(tmpname, sizeof(tmpname), "%s/wall.XXXXXX", _PATH_TMP);
- (void)strcpy(tmpname, _PATH_TMP);
- (void)strcat(tmpname, "/wall.XXXXXX");
if (!(fd = mkstemp(tmpname)) || !(fp = fdopen(fd, "r+")))
errx(1, "can't open temporary file");
(void)unlink(tmpname);
@@ -167,10 +167,12 @@ makemsg(fname)
* in column 80, but that can't be helped.
*/
(void)fprintf(fp, "\r%79s\r\n", " ");
- (void)sprintf(lbuf, "Broadcast Message from %s@%s",
+ (void)snprintf(lbuf, sizeof(lbuf),
+ "Broadcast Message from %s@%s",
whom, hostname);
(void)fprintf(fp, "%-79.79s\007\007\r\n", lbuf);
- (void)sprintf(lbuf, " (%s) at %d:%02d ...", ttyname(2),
+ (void)snprintf(lbuf, sizeof(lbuf),
+ " (%s) at %d:%02d ...", ttyname(2),
lt->tm_hour, lt->tm_min);
(void)fprintf(fp, "%-79.79s\r\n", lbuf);
}
OpenPOWER on IntegriCloud