summaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
authorkris <kris@FreeBSD.org>2000-10-29 00:10:14 +0000
committerkris <kris@FreeBSD.org>2000-10-29 00:10:14 +0000
commitd2f83e4ec488ec62281318b26dad107e65d96d0c (patch)
tree9d9d3e0ed67203342e81346f7521372f76e8ab25 /crypto
parenta03de14c0e3b5048b0ff85871d680fa54c6b06db (diff)
downloadFreeBSD-src-d2f83e4ec488ec62281318b26dad107e65d96d0c.zip
FreeBSD-src-d2f83e4ec488ec62281318b26dad107e65d96d0c.tar.gz
Sync with usr.bin/telnet/telnet.c r1.9 - fix buffer overflow in DISPLAY
Diffstat (limited to 'crypto')
-rw-r--r--crypto/telnet/telnet/telnet.c11
1 files changed, 7 insertions, 4 deletions
diff --git a/crypto/telnet/telnet/telnet.c b/crypto/telnet/telnet/telnet.c
index 63fb9d7..36d1d21 100644
--- a/crypto/telnet/telnet/telnet.c
+++ b/crypto/telnet/telnet/telnet.c
@@ -29,6 +29,8 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
+ *
+ * $FreeBSD$
*/
#ifndef lint
@@ -970,16 +972,17 @@ suboption()
unsigned char temp[50], *dp;
int len;
- if ((dp = env_getvalue((unsigned char *)"DISPLAY")) == NULL) {
+ if ((dp = env_getvalue((unsigned char *)"DISPLAY")) == NULL ||
+ strlen(dp) > sizeof(temp) - 7) {
/*
* Something happened, we no longer have a DISPLAY
- * variable. So, turn off the option.
+ * variable. Or it is too long. So, turn off the option.
*/
send_wont(TELOPT_XDISPLOC, 1);
break;
}
- sprintf((char *)temp, "%c%c%c%c%s%c%c", IAC, SB, TELOPT_XDISPLOC,
- TELQUAL_IS, dp, IAC, SE);
+ snprintf((char *)temp, sizeof(temp), "%c%c%c%c%s%c%c", IAC, SB,
+ TELOPT_XDISPLOC, TELQUAL_IS, dp, IAC, SE);
len = strlen((char *)temp+4) + 4; /* temp[3] is 0 ... */
if (len < NETROOM()) {
OpenPOWER on IntegriCloud