diff options
| author | ache <ache@FreeBSD.org> | 1996-12-19 10:45:16 +0000 |
|---|---|---|
| committer | ache <ache@FreeBSD.org> | 1996-12-19 10:45:16 +0000 |
| commit | 650249d0adf8df7ad0076ffc5a35036701bd4c0f (patch) | |
| tree | 1643547edaf0b924b72cab4bf85aa5ee605cbdaf /gnu | |
| parent | 710349287df799a0cf98fe5b1b8ed3d378663334 (diff) | |
| download | FreeBSD-src-650249d0adf8df7ad0076ffc5a35036701bd4c0f.zip FreeBSD-src-650249d0adf8df7ad0076ffc5a35036701bd4c0f.tar.gz | |
Even more buffer overflow fixes
Change CATMODE to 0644, because group man not used
Add immutable sbit to man binary, so if user even got man uid,
he can't replace man binary with fake one
Should go to 2.2
Submitted by: Marc Slemko <marcs@znep.com> with small editing by me
Diffstat (limited to 'gnu')
| -rw-r--r-- | gnu/usr.bin/man/man/Makefile | 3 | ||||
| -rw-r--r-- | gnu/usr.bin/man/man/man.c | 100 |
2 files changed, 52 insertions, 51 deletions
diff --git a/gnu/usr.bin/man/man/Makefile b/gnu/usr.bin/man/man/Makefile index 9aff737..f0b5bb3 100644 --- a/gnu/usr.bin/man/man/Makefile +++ b/gnu/usr.bin/man/man/Makefile @@ -2,6 +2,7 @@ PROG= man SRCS= man.c manpath.c glob.c BINOWN= man BINMODE=4555 +INSTALLFLAGS+= -fschg .if exists(${.OBJDIR}/../lib) LIBDESTDIR= ${.OBJDIR}/../lib @@ -19,7 +20,7 @@ MAN1= ${.CURDIR}/man.1 .endif CFLAGS+= -I${.CURDIR}/../lib -DSTDC_HEADERS -DPOSIX -DHAS_TROFF -CFLAGS+= -DDO_COMPRESS -DALT_SYSTEMS -DSETREUID -DCATMODE=0664 +CFLAGS+= -DDO_COMPRESS -DALT_SYSTEMS -DSETREUID -DCATMODE=0644 CLEANFILES+= ${MAN1} MANDEPEND+= ${MAN1} diff --git a/gnu/usr.bin/man/man/man.c b/gnu/usr.bin/man/man/man.c index d9a9c70..fdfab5a 100644 --- a/gnu/usr.bin/man/man/man.c +++ b/gnu/usr.bin/man/man/man.c @@ -435,9 +435,7 @@ man_getopt (argc, argv) fprintf (stderr, "Alternate system `%s' specified\n", alt_system_name); - strcpy (buf, p); - strcat (buf, "/"); - strcat (buf, alt_system_name); + snprintf(buf, sizeof(buf), "%s/%s", p, alt_system_name); mp = add_dir_to_mpath_list (mp, buf); } @@ -537,15 +535,17 @@ convert_name (name, to_cat) #ifdef DO_COMPRESS if (to_cat) { - int len = strlen (name) + 3; + int olen = strlen(name); int cextlen = strlen(COMPRESS_EXT); + int len = olen + cextlen; - to_name = (char *) malloc (len); + to_name = malloc (len+1); if (to_name == NULL) - gripe_alloc (len, "to_name"); + gripe_alloc (len+1, "to_name"); strcpy (to_name, name); + olen -= cextlen; /* Avoid tacking it on twice */ - if (strcmp(name + (len - (3 + cextlen)), COMPRESS_EXT)) + if (olen >= 1 && strcmp(name + olen, COMPRESS_EXT) != 0) strcat (to_name, COMPRESS_EXT); } else @@ -749,8 +749,10 @@ ultimate_source (name, path) char *beg; char *end; - strcpy (ult, name); - strcpy (buf, name); + strncpy (ult, name, sizeof(ult)-1); + ult[sizeof(ult)-1] = '\0'; + strncpy (buf, name, sizeof(buf)-1); + ult[sizeof(buf)-1] = '\0'; next: @@ -775,11 +777,8 @@ ultimate_source (name, path) *end = '\0'; - strcpy (ult, path); - strcat (ult, "/"); - strcat (ult, beg); - - strcpy (buf, ult); + snprintf(ult, sizeof(ult), "%s/%s", path, beg); + snprintf(buf, sizeof(buf), "%s", ult); goto next; } @@ -791,34 +790,34 @@ ultimate_source (name, path) } void -add_directive (first, d, file, buf) +add_directive (first, d, file, buf, bufsize) int *first; char *d; char *file; char *buf; + int bufsize; { if (strcmp (d, "") != 0) { if (*first) { *first = 0; - strcpy (buf, d); - strcat (buf, " "); - strcat (buf, file); + snprintf(buf, bufsize, "%s %s", d, file); } else { - strcat (buf, " | "); - strcat (buf, d); + strncat (buf, " | ", bufsize-strlen(buf)-1); + strncat (buf, d, bufsize-strlen(buf)-1); } } } int -parse_roff_directive (cp, file, buf) +parse_roff_directive (cp, file, buf, bufsize) char *cp; char *file; char *buf; + int bufsize; { char c; int first = 1; @@ -834,9 +833,9 @@ parse_roff_directive (cp, file, buf) fprintf (stderr, "found eqn(1) directive\n"); if (troff) - add_directive (&first, EQN, file, buf); + add_directive (&first, EQN, file, buf, bufsize); else - add_directive (&first, NEQN, file, buf); + add_directive (&first, NEQN, file, buf, bufsize); break; @@ -845,7 +844,7 @@ parse_roff_directive (cp, file, buf) if (debug) fprintf (stderr, "found grap(1) directive\n"); - add_directive (&first, GRAP, file, buf); + add_directive (&first, GRAP, file, buf, bufsize); break; @@ -854,7 +853,7 @@ parse_roff_directive (cp, file, buf) if (debug) fprintf (stderr, "found pic(1) directive\n"); - add_directive (&first, PIC, file, buf); + add_directive (&first, PIC, file, buf, bufsize); break; @@ -864,7 +863,7 @@ parse_roff_directive (cp, file, buf) fprintf (stderr, "found tbl(1) directive\n"); tbl_found++; - add_directive (&first, TBL, file, buf); + add_directive (&first, TBL, file, buf, bufsize); break; case 'v': @@ -872,7 +871,7 @@ parse_roff_directive (cp, file, buf) if (debug) fprintf (stderr, "found vgrind(1) directive\n"); - add_directive (&first, VGRIND, file, buf); + add_directive (&first, VGRIND, file, buf, bufsize); break; case 'r': @@ -880,7 +879,7 @@ parse_roff_directive (cp, file, buf) if (debug) fprintf (stderr, "found refer(1) directive\n"); - add_directive (&first, REFER, file, buf); + add_directive (&first, REFER, file, buf, bufsize); break; case ' ': @@ -903,19 +902,19 @@ parse_roff_directive (cp, file, buf) #ifdef HAS_TROFF if (troff) { - strcat (buf, " | "); - strcat (buf, TROFF); + strncat (buf, " | ", bufsize-strlen(buf)-1); + strncat (buf, TROFF, bufsize-strlen(buf)-1); } else #endif { - strcat (buf, " | "); - strcat (buf, NROFF); + strncat (buf, " | ", bufsize-strlen(buf)-1); + strncat (buf, NROFF, bufsize-strlen(buf)-1); } if (tbl_found && !troff && strcmp (COL, "") != 0) { - strcat (buf, " | "); - strcat (buf, COL); + strncat (buf, " | ", bufsize-strlen(buf)-1); + strncat (buf, COL, bufsize-strlen(buf)-1); } return 0; @@ -936,7 +935,7 @@ make_roff_command (file) if (debug) fprintf (stderr, "parsing directive from command line\n"); - status = parse_roff_directive (roff_directive, file, buf); + status = parse_roff_directive (roff_directive, file, buf, sizeof(buf)); if (status == 0) return buf; @@ -948,13 +947,13 @@ make_roff_command (file) if ((fp = fopen (file, "r")) != NULL) { cp = line; - fgets (line, 100, fp); + fgets (line, BUFSIZ, fp); if (*cp++ == '\'' && *cp++ == '\\' && *cp++ == '"' && *cp++ == ' ') { if (debug) fprintf (stderr, "parsing directive from file\n"); - status = parse_roff_directive (cp, file, buf); + status = parse_roff_directive (cp, file, buf, sizeof(buf)); fclose (fp); @@ -980,7 +979,7 @@ make_roff_command (file) if (debug) fprintf (stderr, "parsing directive from environment\n"); - status = parse_roff_directive (cp, file, buf); + status = parse_roff_directive (cp, file, buf, sizeof(buf)); if (status == 0) return buf; @@ -1000,13 +999,13 @@ make_roff_command (file) { if (strcmp (TBL, "") != 0) { - strcat (buf, TBL); - strcat (buf, " | "); - strcat (buf, TROFF); + strncat(buf, TBL, sizeof(buf)-strlen(buf)-1); + strncat(buf, " | ", sizeof(buf)-strlen(buf)-1); + strncat(buf, TROFF, sizeof(buf)-strlen(buf)-1); } else { - strcat (buf, TROFF); + strncat(buf, TROFF, sizeof(buf)-strlen(buf)-1); } } else @@ -1014,19 +1013,19 @@ make_roff_command (file) { if (strcmp (TBL, "") != 0) { - strcat (buf, TBL); - strcat (buf, " | "); - strcat (buf, NROFF); + strncat(buf, TBL, sizeof(buf)-strlen(buf)-1); + strncat(buf, " | ", sizeof(buf)-strlen(buf)-1); + strncat(buf, NROFF, sizeof(buf)-strlen(buf)-1); } else { - strcpy (buf, NROFF); + strncpy (buf, NROFF, sizeof(buf)); } if (strcmp (COL, "") != 0) { - strcat (buf, " | "); - strcat (buf, COL); + strncat (buf, " | ", sizeof(buf)-strlen(buf)-1); + strncat (buf, COL, sizeof(buf)-strlen(buf)-1); } } return buf; @@ -1514,7 +1513,8 @@ get_section_list () int i; char *p; char *end; - static char *tmp_section_list[100]; +#define TMP_SECTION_LIST_SIZE 100 + static char *tmp_section_list[TMP_SECTION_LIST_SIZE]; if (colon_sep_section_list == NULL) { @@ -1529,7 +1529,7 @@ get_section_list () } i = 0; - for (p = colon_sep_section_list; ; p = end+1) + for (p = colon_sep_section_list; i < TMP_SECTION_LIST_SIZE ; p = end+1) { if ((end = strchr (p, ':')) != NULL) *end = '\0'; |
