diff options
author | imp <imp@FreeBSD.org> | 1999-08-22 17:24:25 +0000 |
---|---|---|
committer | imp <imp@FreeBSD.org> | 1999-08-22 17:24:25 +0000 |
commit | b78c77d7be4f11b400f76b6663c5f14566ac2f16 (patch) | |
tree | 83ed5a1b1bdb9f3e0cb8a068c146c235ed96329d /usr.bin/finger | |
parent | 545b4031fcf7a84e33e2c2e2fad8e13d80a3395c (diff) | |
download | FreeBSD-src-b78c77d7be4f11b400f76b6663c5f14566ac2f16.zip FreeBSD-src-b78c77d7be4f11b400f76b6663c5f14566ac2f16.tar.gz |
Use the final version of the patch for the overflow, not the next to
final.
Noticed by: eivind
Diffstat (limited to 'usr.bin/finger')
-rw-r--r-- | usr.bin/finger/util.c | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/usr.bin/finger/util.c b/usr.bin/finger/util.c index 8e58ed2..e391840 100644 --- a/usr.bin/finger/util.c +++ b/usr.bin/finger/util.c @@ -39,7 +39,7 @@ static char sccsid[] = "@(#)util.c 8.3 (Berkeley) 4/28/95"; #else static const char rcsid[] = - "$Id: util.c,v 1.5 1997/07/02 06:34:51 charnier Exp $"; + "$Id: util.c,v 1.6 1999/08/21 18:25:38 imp Exp $"; #endif #endif /* not lint */ @@ -80,7 +80,7 @@ match(pw, user) * Why do we skip asterisks!?!? */ (void)strncpy(p = tbuf, pw->pw_gecos, sizeof(tbuf)); - p[sizeof(tbuf) - 1] = '\0'; + tbuf[sizeof(tbuf) - 1] = '\0'; if (*p == '*') ++p; @@ -88,12 +88,13 @@ match(pw, user) if ((p = strtok(p, ",")) == NULL) return(0); - for (t = name; (*t = *p) != '\0' && t - name > sizeof(name); ++p) { + for (t = name; t < &name[sizeof(name) - 1] && (*t = *p) != '\0'; ++p) { if (*t == '&') { (void)strncpy(t, pw->pw_name, sizeof(name) - (t - name)); name[sizeof(name) - 1] = '\0'; - while (*++t); + while (t < &name[sizeof(name) - 1] && *++t) + continue; } else { ++t; } @@ -352,21 +353,22 @@ userinfo(pn, pw) /* why do we skip asterisks!?!? */ (void)strncpy(bp = tbuf, pw->pw_gecos, sizeof(tbuf)); - bp[sizeof(tbuf) - 1] = '\0'; + tbuf[sizeof(tbuf) - 1] = '\0'; if (*bp == '*') ++bp; /* ampersands get replaced by the login name */ if (!(p = strsep(&bp, ","))) return; - for (t = name; (*t = *p) != '\0' && t < name + sizeof(name); ++p) { + for (t = name; t < &name[sizeof(name) - 1] && (*t = *p) != '\0'; ++p) { if (*t == '&') { (void)strncpy(t, pw->pw_name, sizeof(name) - (t - name)); name[sizeof(name) - 1] = '\0'; if (islower(*t)) *t = toupper(*t); - while (*++t); + while (t < &name[sizeof(name) - 1] && *++t) + continue; } else { ++t; } |