diff options
| author | kris <kris@FreeBSD.org> | 2000-10-09 06:08:00 +0000 |
|---|---|---|
| committer | kris <kris@FreeBSD.org> | 2000-10-09 06:08:00 +0000 |
| commit | aec252afaba2df6fe3697bd1ea4b22e73c2a1baf (patch) | |
| tree | f55818063ce7ef3bc58d44211f8219b0e829e90d | |
| parent | fa43aea9dc832ed13b413a962469fc8df6909208 (diff) | |
| download | FreeBSD-src-aec252afaba2df6fe3697bd1ea4b22e73c2a1baf.zip FreeBSD-src-aec252afaba2df6fe3697bd1ea4b22e73c2a1baf.tar.gz | |
String buffer safety cleanup. I don't think any of these were exploitable
remotely, but they would be if e.g. it happened to call the logging
function using a DNS hostname.
Also replace random() by arc4random() - only one of these is arguably
required since it's directly used in the protocol, but we might as
well replace both to avoid using two different PRNGs.
Reviewed by: green, alex
| -rw-r--r-- | usr.sbin/mrouted/cfparse.y | 8 | ||||
| -rw-r--r-- | usr.sbin/mrouted/main.c | 6 | ||||
| -rw-r--r-- | usr.sbin/mrouted/mtrace.c | 4 | ||||
| -rw-r--r-- | usr.sbin/mrouted/prune.c | 2 |
4 files changed, 8 insertions, 12 deletions
diff --git a/usr.sbin/mrouted/cfparse.y b/usr.sbin/mrouted/cfparse.y index f244d9c..2f74399 100644 --- a/usr.sbin/mrouted/cfparse.y +++ b/usr.sbin/mrouted/cfparse.y @@ -658,7 +658,7 @@ static void fatal(char *fmt, ...) { va_list ap; - char buf[200]; + char buf[MAXHOSTNAMELEN + 100]; va_start(ap, fmt); #else @@ -669,11 +669,11 @@ char *fmt; va_dcl { va_list ap; - char buf[200]; + char buf[MAXHOSTNAMELEN + 100]; va_start(ap); #endif - vsprintf(buf, fmt, ap); + vsnprintf(buf, sizeof(buf), fmt, ap); va_end(ap); log(LOG_ERR,0,"%s: %s near line %d", configfilename, buf, lineno); @@ -699,7 +699,7 @@ va_dcl va_start(ap); #endif - vsprintf(buf, fmt, ap); + vsnprintf(buf, sizeof(buf), fmt, ap); va_end(ap); log(LOG_WARNING,0,"%s: %s near line %d", configfilename, buf, lineno); diff --git a/usr.sbin/mrouted/main.c b/usr.sbin/mrouted/main.c index b3526d5..f3fc676 100644 --- a/usr.sbin/mrouted/main.c +++ b/usr.sbin/mrouted/main.c @@ -266,8 +266,6 @@ main(argc, argv) #ifdef SYSV srand48(time(NULL)); -#else - srandom(gethostid()); #endif /* @@ -966,7 +964,7 @@ log(severity, syserr, format, va_alist) va_start(ap); #endif - vsprintf(&fmt[10], format, ap); + vsnprintf(&fmt[10], sizeof(fmt) - 10, format, ap); va_end(ap); msg = (severity == LOG_WARNING) ? fmt : &fmt[10]; @@ -987,7 +985,7 @@ log(severity, syserr, format, va_alist) gettimeofday(&now,NULL); now_sec = now.tv_sec; thyme = localtime(&now_sec); - sprintf(logmsg[logmsgno++], "%02d:%02d:%02d.%03ld %s err %d", + snprintf(logmsg[logmsgno++], LOGMSGSIZE, "%02d:%02d:%02d.%03ld %s err %d", thyme->tm_hour, thyme->tm_min, thyme->tm_sec, now.tv_usec / 1000, msg, syserr); logmsgno %= NLOGMSGS; diff --git a/usr.sbin/mrouted/mtrace.c b/usr.sbin/mrouted/mtrace.c index 66df8e28..86655af 100644 --- a/usr.sbin/mrouted/mtrace.c +++ b/usr.sbin/mrouted/mtrace.c @@ -1263,7 +1263,7 @@ send_recv(dst, type, code, tries, save, callback) #ifdef SYSV TR_SETQID(query->tr_rttlqid, ((u_int32)lrand48() >> 8)); #else - TR_SETQID(query->tr_rttlqid, ((u_int32)random() >> 8)); + TR_SETQID(query->tr_rttlqid, ((u_int32)arc4random() >> 8)); #endif /* @@ -2745,8 +2745,6 @@ char *argv[]; seed = tv.tv_usec ^ lcl_addr; #ifdef SYSV srand48(seed); -#else - srandom(seed); #endif /* diff --git a/usr.sbin/mrouted/prune.c b/usr.sbin/mrouted/prune.c index 7ffb34b..acefaf9 100644 --- a/usr.sbin/mrouted/prune.c +++ b/usr.sbin/mrouted/prune.c @@ -32,7 +32,7 @@ extern int allow_black_holes; #ifdef SYSV #define JITTERED_VALUE(x) ((x)/2 + (lrand48() % (x))) #else -#define JITTERED_VALUE(x) ((x)/2 + (random() % (x))) +#define JITTERED_VALUE(x) ((x)/2 + (arc4random() % (x))) #endif #define CACHE_LIFETIME(x) JITTERED_VALUE(x) /* XXX */ |
