summaryrefslogtreecommitdiffstats
path: root/libexec/talkd
diff options
context:
space:
mode:
authorpst <pst@FreeBSD.org>1997-01-18 08:30:01 +0000
committerpst <pst@FreeBSD.org>1997-01-18 08:30:01 +0000
commit729071c96e1b26cb702a76ce25556ca58d253815 (patch)
tree14d2380818cc302922727509c87a7319f8fd6fa9 /libexec/talkd
parent6343eb8b06179a898d3726250383f26d8b8d89f6 (diff)
downloadFreeBSD-src-729071c96e1b26cb702a76ce25556ca58d253815.zip
FreeBSD-src-729071c96e1b26cb702a76ce25556ca58d253815.tar.gz
Fix buffer overrun problem.
Cannidate for: 2.2 [must] Obtained from: Lite/2 and BSDI's published patch
Diffstat (limited to 'libexec/talkd')
-rw-r--r--libexec/talkd/announce.c36
-rw-r--r--libexec/talkd/talkd.c3
2 files changed, 24 insertions, 15 deletions
diff --git a/libexec/talkd/announce.c b/libexec/talkd/announce.c
index 6c11680..55f3ca9 100644
--- a/libexec/talkd/announce.c
+++ b/libexec/talkd/announce.c
@@ -34,7 +34,7 @@
*/
#ifndef lint
-static char sccsid[] = "@(#)announce.c 8.2 (Berkeley) 1/7/94";
+static char sccsid[] = "@(#)announce.c 8.3 (Berkeley) 4/28/95";
#endif /* not lint */
#include <sys/types.h>
@@ -43,13 +43,17 @@ static char sccsid[] = "@(#)announce.c 8.2 (Berkeley) 1/7/94";
#include <sys/time.h>
#include <sys/wait.h>
#include <sys/socket.h>
+
#include <protocols/talkd.h>
+
#include <errno.h>
-#include <syslog.h>
-#include <unistd.h>
+#include <paths.h>
#include <stdio.h>
+#include <stdlib.h>
#include <string.h>
-#include <paths.h>
+#include <syslog.h>
+#include <unistd.h>
+#include <vis.h>
extern char hostname[];
@@ -78,7 +82,7 @@ announce(request, remote_machine)
#define max(a,b) ( (a) > (b) ? (a) : (b) )
#define N_LINES 5
-#define N_CHARS 120
+#define N_CHARS 256
/*
* Build a block of characters containing the message.
@@ -100,33 +104,37 @@ print_mesg(tty, tf, request, remote_machine)
char line_buf[N_LINES][N_CHARS];
int sizes[N_LINES];
char big_buf[N_LINES*N_CHARS];
- char *bptr, *lptr, *ttymsg();
+ char *bptr, *lptr, *vis_user;
int i, j, max_size;
i = 0;
max_size = 0;
gettimeofday(&clock, &zone);
localclock = localtime( &clock.tv_sec );
- (void)sprintf(line_buf[i], " ");
+ (void)snprintf(line_buf[i], N_CHARS, " ");
sizes[i] = strlen(line_buf[i]);
max_size = max(max_size, sizes[i]);
i++;
- (void)sprintf(line_buf[i], "Message from Talk_Daemon@%s at %d:%02d ...",
- hostname, localclock->tm_hour , localclock->tm_min );
+ (void)snprintf(line_buf[i], N_CHARS,
+ "Message from Talk_Daemon@%s at %d:%02d ...",
+ hostname, localclock->tm_hour , localclock->tm_min );
sizes[i] = strlen(line_buf[i]);
max_size = max(max_size, sizes[i]);
i++;
- (void)sprintf(line_buf[i], "talk: connection requested by %s@%s",
- request->l_name, remote_machine);
+
+ vis_user = malloc(strlen(request->l_name) * 4 + 1);
+ strvis(vis_user, request->l_name, VIS_CSTYLE);
+ (void)snprintf(line_buf[i], N_CHARS,
+ "talk: connection requested by %s@%s", vis_user, remote_machine);
sizes[i] = strlen(line_buf[i]);
max_size = max(max_size, sizes[i]);
i++;
- (void)sprintf(line_buf[i], "talk: respond with: talk %s@%s",
- request->l_name, remote_machine);
+ (void)snprintf(line_buf[i], N_CHARS, "talk: respond with: talk %s@%s",
+ vis_user, remote_machine);
sizes[i] = strlen(line_buf[i]);
max_size = max(max_size, sizes[i]);
i++;
- (void)sprintf(line_buf[i], " ");
+ (void)snprintf(line_buf[i], N_CHARS, " ");
sizes[i] = strlen(line_buf[i]);
max_size = max(max_size, sizes[i]);
i++;
diff --git a/libexec/talkd/talkd.c b/libexec/talkd/talkd.c
index d2d5a2c..c049230 100644
--- a/libexec/talkd/talkd.c
+++ b/libexec/talkd/talkd.c
@@ -71,7 +71,7 @@ int debug = 0;
void timeout();
long lastmsgtime;
-char hostname[MAXHOSTNAMELEN];
+char hostname[MAXHOSTNAMELEN + 1];
#define TIMEOUT 30
#define MAXIDLE 120
@@ -112,6 +112,7 @@ main(argc, argv)
lastmsgtime = time(0);
process_request(mp, &response);
/* can block here, is this what I want? */
+ mp->ctl_addr.sa_family = htons(mp->ctl_addr.sa_family);
cc = sendto(sockt, (char *)&response,
sizeof (response), 0, (struct sockaddr *)&mp->ctl_addr,
sizeof (mp->ctl_addr));
OpenPOWER on IntegriCloud