diff options
| author | eivind <eivind@FreeBSD.org> | 1997-03-18 16:09:27 +0000 |
|---|---|---|
| committer | eivind <eivind@FreeBSD.org> | 1997-03-18 16:09:27 +0000 |
| commit | 020e7483d93a6058852c584454a5d8313681d3d0 (patch) | |
| tree | cc1cb212ea6cef7152002c1f1ae8b9ff0674f08c /lib/libtermcap | |
| parent | 2efc53e73756a04f02f069ad810e2e8f66fd7aee (diff) | |
| download | FreeBSD-src-020e7483d93a6058852c584454a5d8313681d3d0.zip FreeBSD-src-020e7483d93a6058852c584454a5d8313681d3d0.tar.gz | |
Re-order terms to avoid potential pointer overflow, and remove one
more potential buffer overflow.
Submitted by: bde
Diffstat (limited to 'lib/libtermcap')
| -rw-r--r-- | lib/libtermcap/tgoto.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/lib/libtermcap/tgoto.c b/lib/libtermcap/tgoto.c index ca49302..4088fa5 100644 --- a/lib/libtermcap/tgoto.c +++ b/lib/libtermcap/tgoto.c @@ -174,7 +174,12 @@ casedot: * to be the successor of tab. */ do { - strcat(added, oncol ? (BC ? BC : "\b") : UP); + const char *extra; + + extra = oncol ? (BC ? BC : "\b") : UP; + if (strlen(added) + strlen(extra) >= 10) + return ("OVERFLOW"); + strcat(added, extra); which++; } while (which == '\n'); } @@ -215,7 +220,7 @@ casedot: goto toohard; } } - if (dp+strlen(added)+1 > &result[MAXRETURNSIZE]) + if (strlen(added) >= &result[MAXRETURNSIZE] - dp) return ("OVERFLOW"); strcpy(dp, added); return (result); |
