Revert r286144 leaving the original fix to the buffer overflow.

Some developers consider the new code unnecessarily obfuscated. There was also a benign off-by-one. Discussed with: bde, vangyzen, jmallett
author: pfg <pfg@FreeBSD.org> 2015-08-04 02:56:31 +0000
committer: pfg <pfg@FreeBSD.org> 2015-08-04 02:56:31 +0000
commit: 87f3e906c04461255cdcd793121eedecfcfb5cae (patch)
tree: 4f57b1da577cca10fe8ad2d1dbd95b98bd68a8bb
parent: 99f1775e8a629b5abd8a6bd575f0dd0fddf9fc8b (diff)
download: FreeBSD-src-87f3e906c04461255cdcd793121eedecfcfb5cae.zip
FreeBSD-src-87f3e906c04461255cdcd793121eedecfcfb5cae.tar.gz
1 files changed, 2 insertions, 3 deletions
diff --git a/usr.bin/wall/ttymsg.c b/usr.bin/wall/ttymsg.c
index afa3d26..1317a4b 100644
--- a/usr.bin/wall/ttymsg.c
+++ b/usr.bin/wall/ttymsg.c
@@ -62,7 +62,7 @@ ttymsg(struct iovec *iov, int iovcnt, const char *line, int tmout)
 	struct iovec localiov[7];
 	ssize_t left, wret;
 	int cnt, fd;
-	char device[MAXNAMLEN];
+	char device[MAXNAMLEN] = _PATH_DEV;
 	static char errbuf[1024];
 	char *p;
 	int forked;
@@ -71,9 +71,8 @@ ttymsg(struct iovec *iov, int iovcnt, const char *line, int tmout)
 	if (iovcnt > (int)(sizeof(localiov) / sizeof(localiov[0])))
 		return ("too many iov's (change code in wall/ttymsg.c)");
 
-	strlcpy(device, _PATH_DEV, sizeof(device));
+	strlcat(device, line, sizeof(device));
 	p = device + sizeof(_PATH_DEV) - 1;
-	strlcpy(p, line, sizeof(device) - sizeof(_PATH_DEV));
 	if (strncmp(p, "pts/", 4) == 0)
 		p += 4;
 	if (strchr(p, '/') != NULL) {
author	pfg <pfg@FreeBSD.org>	2015-08-04 02:56:31 +0000
committer	pfg <pfg@FreeBSD.org>	2015-08-04 02:56:31 +0000
commit	87f3e906c04461255cdcd793121eedecfcfb5cae (patch)
tree	4f57b1da577cca10fe8ad2d1dbd95b98bd68a8bb
parent	99f1775e8a629b5abd8a6bd575f0dd0fddf9fc8b (diff)
download	FreeBSD-src-87f3e906c04461255cdcd793121eedecfcfb5cae.zip FreeBSD-src-87f3e906c04461255cdcd793121eedecfcfb5cae.tar.gz