Fixes a potential buffer overflow with the command line arguments.

Submitted by: Mike Heffner <spock@techfour.net> Submitted on: audit@freebsd.org
author: joe <joe@FreeBSD.org> 2000-04-30 20:53:54 +0000
committer: joe <joe@FreeBSD.org> 2000-04-30 20:53:54 +0000
commit: 98328065bf61d1e2406cd4eb27154dfb2743fd9b (patch)
tree: 927a4bcd40cb22ea4df16aae8b5dbc4e562330da /sbin/natd
parent: 215033019c4785edcd775420cedf5040893a48b8 (diff)
download: FreeBSD-src-98328065bf61d1e2406cd4eb27154dfb2743fd9b.zip
FreeBSD-src-98328065bf61d1e2406cd4eb27154dfb2743fd9b.tar.gz
1 files changed, 11 insertions, 7 deletions
diff --git a/sbin/natd/natd.c b/sbin/natd/natd.c
index 2714a15..c03a7ae 100644
--- a/sbin/natd/natd.c
+++ b/sbin/natd/natd.c
@@ -421,9 +421,9 @@ static void DaemonMode ()
 static void ParseArgs (int argc, char** argv)
 {
 	int		arg;
-	char*		parm;
 	char*		opt;
 	char		parmBuf[256];
+	int		len; /* bounds checking */
 
 	for (arg = 1; arg < argc; arg++) {
 
@@ -434,23 +434,27 @@ static void ParseArgs (int argc, char** argv)
 			Usage ();
 		}
 
-		parm = NULL;
 		parmBuf[0] = '\0';
+		len = 0;
 
 		while (arg < argc - 1) {
 
 			if (argv[arg + 1][0] == '-')
 				break;
 
-			if (parm)
-				strcat (parmBuf, " ");
+		if (len) {
+				strncat (parmBuf, " ", sizeof(parmBuf) - (len + 1));
+				len += strlen(parmBuf + len);
+			}
 
 			++arg;
-			parm = parmBuf;
-			strcat (parmBuf, argv[arg]);
+			strncat (parmBuf, argv[arg], sizeof(parmBuf) - (len + 1));
+			len += strlen(parmBuf + len);
+
 		}
 
-		ParseOption (opt + 1, parm, 1);
+		ParseOption (opt + 1, (len ? parmBuf : NULL), 1);
+
 	}
 }
author	joe <joe@FreeBSD.org>	2000-04-30 20:53:54 +0000
committer	joe <joe@FreeBSD.org>	2000-04-30 20:53:54 +0000
commit	98328065bf61d1e2406cd4eb27154dfb2743fd9b (patch)
tree	927a4bcd40cb22ea4df16aae8b5dbc4e562330da /sbin/natd
parent	215033019c4785edcd775420cedf5040893a48b8 (diff)
download	FreeBSD-src-98328065bf61d1e2406cd4eb27154dfb2743fd9b.zip FreeBSD-src-98328065bf61d1e2406cd4eb27154dfb2743fd9b.tar.gz