diff options
| author | archie <archie@FreeBSD.org> | 1998-12-04 22:54:57 +0000 |
|---|---|---|
| committer | archie <archie@FreeBSD.org> | 1998-12-04 22:54:57 +0000 |
| commit | 982e80577dd08945aa2345ebe35e3f50eef9eb48 (patch) | |
| tree | e21ff4cbfbcb4097c6cc444d68ddd9a3fd37837f /sys/dev/hea | |
| parent | 707b8f68aa118c7396f2a2633751e32477d9ed08 (diff) | |
| download | FreeBSD-src-982e80577dd08945aa2345ebe35e3f50eef9eb48.zip FreeBSD-src-982e80577dd08945aa2345ebe35e3f50eef9eb48.tar.gz | |
Examine all occurrences of sprintf(), strcat(), and str[n]cpy()
for possible buffer overflow problems. Replaced most sprintf()'s
with snprintf(); for others cases, added terminating NUL bytes where
appropriate, replaced constants like "16" with sizeof(), etc.
These changes include several bug fixes, but most changes are for
maintainability's sake. Any instance where it wasn't "immediately
obvious" that a buffer overflow could not occur was made safer.
Reviewed by: Bruce Evans <bde@zeta.org.au>
Reviewed by: Matthew Dillon <dillon@apollo.backplane.com>
Reviewed by: Mike Spengler <mks@networkcs.com>
Diffstat (limited to 'sys/dev/hea')
| -rw-r--r-- | sys/dev/hea/eni.c | 12 | ||||
| -rw-r--r-- | sys/dev/hea/eni_if.c | 7 |
2 files changed, 11 insertions, 8 deletions
diff --git a/sys/dev/hea/eni.c b/sys/dev/hea/eni.c index 17427e9..c3e63b9a 100644 --- a/sys/dev/hea/eni.c +++ b/sys/dev/hea/eni.c @@ -23,7 +23,7 @@ * Copies of this Software may be made, however, the above copyright * notice must be reproduced on all copies. * - * @(#) $Id: eni.c,v 1.2 1998/09/17 09:34:58 phk Exp $ + * @(#) $Id: eni.c,v 1.3 1998/10/31 20:06:45 phk Exp $ * */ @@ -42,7 +42,7 @@ #include <dev/hea/eni_var.h> #ifndef lint -__RCSID("@(#) $Id: eni.c,v 1.2 1998/09/17 09:34:58 phk Exp $"); +__RCSID("@(#) $Id: eni.c,v 1.3 1998/10/31 20:06:45 phk Exp $"); #endif /* @@ -496,10 +496,12 @@ eni_pci_attach ( pcici_t config_id, int unit ) * Make a hw version number from the ID register values. * Format: {Midway ID}.{Mother board ID}.{Daughter board ID} */ - sprintf ( eup->eu_config.ac_hard_vers, "%ld/%ld/%ld", - (val >> ID_SHIFT) & ID_MASK, + snprintf ( eup->eu_config.ac_hard_vers, + sizeof ( eup->eu_config.ac_hard_vers ), + "%ld/%ld/%ld", + (val >> ID_SHIFT) & ID_MASK, (val >> MID_SHIFT) & MID_MASK, - (val >> DID_SHIFT) & DID_MASK ); + (val >> DID_SHIFT) & DID_MASK ); /* * There is no software version number diff --git a/sys/dev/hea/eni_if.c b/sys/dev/hea/eni_if.c index d2c9ad6..49f5e09 100644 --- a/sys/dev/hea/eni_if.c +++ b/sys/dev/hea/eni_if.c @@ -23,7 +23,7 @@ * Copies of this Software may be made, however, the above copyright * notice must be reproduced on all copies. * - * @(#) $Id: eni_if.c,v 1.1 1998/09/15 08:22:53 phk Exp $ + * @(#) $Id: eni_if.c,v 1.2 1998/10/31 20:06:45 phk Exp $ * */ @@ -43,7 +43,7 @@ #include <dev/hea/eni_var.h> #ifndef lint -__RCSID("@(#) $Id: eni_if.c,v 1.1 1998/09/15 08:22:53 phk Exp $"); +__RCSID("@(#) $Id: eni_if.c,v 1.2 1998/10/31 20:06:45 phk Exp $"); #endif static void eni_get_stats __P((Eni_unit *)); @@ -194,7 +194,8 @@ eni_atm_ioctl ( code, data, arg ) */ if ( eup == NULL ) return ( ENXIO ); - sprintf ( ifname, "%s%d", pip->pif_name, pip->pif_unit ); + snprintf ( ifname, sizeof(ifname), + "%s%d", pip->pif_name, pip->pif_unit ); /* * Cast response structure onto user's buffer |
