diff options
author | pst <pst@FreeBSD.org> | 1997-01-18 08:30:01 +0000 |
---|---|---|
committer | pst <pst@FreeBSD.org> | 1997-01-18 08:30:01 +0000 |
commit | 729071c96e1b26cb702a76ce25556ca58d253815 (patch) | |
tree | 14d2380818cc302922727509c87a7319f8fd6fa9 /libexec/talkd | |
parent | 6343eb8b06179a898d3726250383f26d8b8d89f6 (diff) | |
download | FreeBSD-src-729071c96e1b26cb702a76ce25556ca58d253815.zip FreeBSD-src-729071c96e1b26cb702a76ce25556ca58d253815.tar.gz |
Fix buffer overrun problem.
Cannidate for: 2.2 [must]
Obtained from: Lite/2 and BSDI's published patch
Diffstat (limited to 'libexec/talkd')
-rw-r--r-- | libexec/talkd/announce.c | 36 | ||||
-rw-r--r-- | libexec/talkd/talkd.c | 3 |
2 files changed, 24 insertions, 15 deletions
diff --git a/libexec/talkd/announce.c b/libexec/talkd/announce.c index 6c11680..55f3ca9 100644 --- a/libexec/talkd/announce.c +++ b/libexec/talkd/announce.c @@ -34,7 +34,7 @@ */ #ifndef lint -static char sccsid[] = "@(#)announce.c 8.2 (Berkeley) 1/7/94"; +static char sccsid[] = "@(#)announce.c 8.3 (Berkeley) 4/28/95"; #endif /* not lint */ #include <sys/types.h> @@ -43,13 +43,17 @@ static char sccsid[] = "@(#)announce.c 8.2 (Berkeley) 1/7/94"; #include <sys/time.h> #include <sys/wait.h> #include <sys/socket.h> + #include <protocols/talkd.h> + #include <errno.h> -#include <syslog.h> -#include <unistd.h> +#include <paths.h> #include <stdio.h> +#include <stdlib.h> #include <string.h> -#include <paths.h> +#include <syslog.h> +#include <unistd.h> +#include <vis.h> extern char hostname[]; @@ -78,7 +82,7 @@ announce(request, remote_machine) #define max(a,b) ( (a) > (b) ? (a) : (b) ) #define N_LINES 5 -#define N_CHARS 120 +#define N_CHARS 256 /* * Build a block of characters containing the message. @@ -100,33 +104,37 @@ print_mesg(tty, tf, request, remote_machine) char line_buf[N_LINES][N_CHARS]; int sizes[N_LINES]; char big_buf[N_LINES*N_CHARS]; - char *bptr, *lptr, *ttymsg(); + char *bptr, *lptr, *vis_user; int i, j, max_size; i = 0; max_size = 0; gettimeofday(&clock, &zone); localclock = localtime( &clock.tv_sec ); - (void)sprintf(line_buf[i], " "); + (void)snprintf(line_buf[i], N_CHARS, " "); sizes[i] = strlen(line_buf[i]); max_size = max(max_size, sizes[i]); i++; - (void)sprintf(line_buf[i], "Message from Talk_Daemon@%s at %d:%02d ...", - hostname, localclock->tm_hour , localclock->tm_min ); + (void)snprintf(line_buf[i], N_CHARS, + "Message from Talk_Daemon@%s at %d:%02d ...", + hostname, localclock->tm_hour , localclock->tm_min ); sizes[i] = strlen(line_buf[i]); max_size = max(max_size, sizes[i]); i++; - (void)sprintf(line_buf[i], "talk: connection requested by %s@%s", - request->l_name, remote_machine); + + vis_user = malloc(strlen(request->l_name) * 4 + 1); + strvis(vis_user, request->l_name, VIS_CSTYLE); + (void)snprintf(line_buf[i], N_CHARS, + "talk: connection requested by %s@%s", vis_user, remote_machine); sizes[i] = strlen(line_buf[i]); max_size = max(max_size, sizes[i]); i++; - (void)sprintf(line_buf[i], "talk: respond with: talk %s@%s", - request->l_name, remote_machine); + (void)snprintf(line_buf[i], N_CHARS, "talk: respond with: talk %s@%s", + vis_user, remote_machine); sizes[i] = strlen(line_buf[i]); max_size = max(max_size, sizes[i]); i++; - (void)sprintf(line_buf[i], " "); + (void)snprintf(line_buf[i], N_CHARS, " "); sizes[i] = strlen(line_buf[i]); max_size = max(max_size, sizes[i]); i++; diff --git a/libexec/talkd/talkd.c b/libexec/talkd/talkd.c index d2d5a2c..c049230 100644 --- a/libexec/talkd/talkd.c +++ b/libexec/talkd/talkd.c @@ -71,7 +71,7 @@ int debug = 0; void timeout(); long lastmsgtime; -char hostname[MAXHOSTNAMELEN]; +char hostname[MAXHOSTNAMELEN + 1]; #define TIMEOUT 30 #define MAXIDLE 120 @@ -112,6 +112,7 @@ main(argc, argv) lastmsgtime = time(0); process_request(mp, &response); /* can block here, is this what I want? */ + mp->ctl_addr.sa_family = htons(mp->ctl_addr.sa_family); cc = sendto(sockt, (char *)&response, sizeof (response), 0, (struct sockaddr *)&mp->ctl_addr, sizeof (mp->ctl_addr)); |