summaryrefslogtreecommitdiffstats
path: root/usr.bin/tip
diff options
context:
space:
mode:
authorimp <imp@FreeBSD.org>1997-08-22 22:14:16 +0000
committerimp <imp@FreeBSD.org>1997-08-22 22:14:16 +0000
commit7623afeb407513ee6db66b683e27014043ee3715 (patch)
treed5b0f2bcc99641e05aca5d9dfa0ed1ea3531c5c4 /usr.bin/tip
parent83ccdf4bace0902c682af93b9fe449638d1182db (diff)
downloadFreeBSD-src-7623afeb407513ee6db66b683e27014043ee3715.zip
FreeBSD-src-7623afeb407513ee6db66b683e27014043ee3715.tar.gz
Fix buffer overflow. prompt didn't get a size for its buffer,
so it could overflow it. Also made some filenames MAXPATHLEN long rather than 80 long.
Diffstat (limited to 'usr.bin/tip')
-rw-r--r--usr.bin/tip/tip/cmds.c26
-rw-r--r--usr.bin/tip/tip/tip.c9
-rw-r--r--usr.bin/tip/tip/tip.h10
3 files changed, 25 insertions, 20 deletions
diff --git a/usr.bin/tip/tip/cmds.c b/usr.bin/tip/tip/cmds.c
index aecd0ba..335763e 100644
--- a/usr.bin/tip/tip/cmds.c
+++ b/usr.bin/tip/tip/cmds.c
@@ -36,7 +36,7 @@
static char sccsid[] = "@(#)cmds.c 8.1 (Berkeley) 6/6/93";
#endif
static const char rcsid[] =
- "$Id$";
+ "$Id: cmds.c,v 1.3 1997/08/18 07:16:00 charnier Exp $";
#endif /* not lint */
#include "tipconf.h"
@@ -137,7 +137,7 @@ getfl(c)
/*
* get the UNIX receiving file's name
*/
- if (prompt("Local file name? ", copyname))
+ if (prompt("Local file name? ", copyname, sizeof(copyname)))
return;
cp = expand(copyname);
if ((sfd = creat(cp, 0666)) < 0) {
@@ -148,7 +148,7 @@ getfl(c)
/*
* collect parameters
*/
- if (prompt("List command for remote system? ", buf)) {
+ if (prompt("List command for remote system? ", buf, sizeof(buf))) {
unlink(copyname);
return;
}
@@ -165,7 +165,7 @@ cu_take(cc)
int fd, argc;
char line[BUFSIZ], *expand(), *cp;
- if (prompt("[take] ", copyname))
+ if (prompt("[take] ", copyname, sizeof(copyname)))
return;
if ((argc = args(copyname, argv)) < 1 || argc > 2) {
printf("usage: <take> from [to]\r\n");
@@ -348,7 +348,7 @@ pipefile()
int status, p;
extern int errno;
- if (prompt("Local command? ", buf))
+ if (prompt("Local command? ", buf, sizeof(buf)))
return;
if (pipe(pdes)) {
@@ -360,7 +360,7 @@ pipefile()
printf("can't fork!\r\n");
return;
} else if (cpid) {
- if (prompt("List command for remote system? ", buf)) {
+ if (prompt("List command for remote system? ", buf, sizeof(buf))) {
close(pdes[0]), close(pdes[1]);
kill (cpid, SIGKILL);
} else {
@@ -412,7 +412,7 @@ sendfile(cc)
/*
* get file name
*/
- if (prompt("Local file name? ", fname))
+ if (prompt("Local file name? ", fname, sizeof(fname)))
return;
/*
@@ -539,7 +539,7 @@ cu_put(cc)
char *expand();
char *copynamex;
- if (prompt("[put] ", copyname))
+ if (prompt("[put] ", copyname, sizeof(copyname)))
return;
if ((argc = args(copyname, argv)) < 1 || argc > 2) {
printf("usage: <put> from [to]\r\n");
@@ -616,7 +616,7 @@ pipeout(c)
time_t start;
putchar(c);
- if (prompt("Local command? ", buf))
+ if (prompt("Local command? ", buf, sizeof(buf)))
return;
kill(pid, SIGIOT); /* put TIPOUT into a wait state */
signal(SIGINT, SIG_IGN);
@@ -717,7 +717,7 @@ consh(c)
{
char buf[256];
putchar(c);
- if (prompt("Local command? ", buf))
+ if (prompt("Local command? ", buf, sizeof(buf)))
return;
tiplink (buf, TL_SIGNAL_TIPOUT | TL_VERBOSE);
}
@@ -787,10 +787,10 @@ setscript()
void
chdirectory()
{
- char dirname[80];
+ char dirname[MAXPATHLEN];
register char *cp = dirname;
- if (prompt("[cd] ", dirname)) {
+ if (prompt("[cd] ", dirname, sizeof(dirname))) {
if (stoprompt)
return;
cp = value(HOME);
@@ -904,7 +904,7 @@ variable()
{
char buf[256];
- if (prompt("[set] ", buf))
+ if (prompt("[set] ", buf, sizeof(buf)))
return;
vlex(buf);
if (vtable[BEAUTIFY].v_access&CHANGED) {
diff --git a/usr.bin/tip/tip/tip.c b/usr.bin/tip/tip/tip.c
index 5f59763..1ddaa64 100644
--- a/usr.bin/tip/tip/tip.c
+++ b/usr.bin/tip/tip/tip.c
@@ -42,7 +42,7 @@ static const char copyright[] =
static char sccsid[] = "@(#)tip.c 8.1 (Berkeley) 6/6/93";
#endif
static const char rcsid[] =
- "$Id$";
+ "$Id: tip.c,v 1.3 1997/08/18 07:16:06 charnier Exp $";
#endif /* not lint */
/*
@@ -88,7 +88,7 @@ void setparity __P((char *));
void pwrite __P((int, char *, int));
char escape __P((void));
void tipin __P((void));
-int prompt __P((char *, char *));
+int prompt __P((char *, char *, int));
void unraw __P((void));
void shell_uid __P((void));
void daemon_uid __P((void));
@@ -377,9 +377,10 @@ static jmp_buf promptbuf;
* normal erase and kill characters.
*/
int
-prompt(s, p)
+prompt(s, p, sz)
char *s;
register char *p;
+ int sz;
{
register char *b = p;
sig_t oint, oquit;
@@ -390,7 +391,7 @@ prompt(s, p)
unraw();
printf("%s", s);
if (setjmp(promptbuf) == 0)
- while ((*p = getchar()) != EOF && *p != '\n')
+ while ((*p = getchar()) != EOF && *p != '\n' && --sz > 0)
p++;
*p = '\0';
diff --git a/usr.bin/tip/tip/tip.h b/usr.bin/tip/tip/tip.h
index 18ec692..fb7e6db 100644
--- a/usr.bin/tip/tip/tip.h
+++ b/usr.bin/tip/tip/tip.h
@@ -42,6 +42,7 @@
#include <machine/endian.h>
#include <sys/file.h>
#include <sys/time.h>
+#include <sys/param.h>
#if HAVE_TERMIOS
#include <sys/ioctl.h> /* for TIOCHPCL */
@@ -253,6 +254,9 @@ void logent __P((char *, char *, char *, char*));
#define NOVAL ((value_t *)NULL)
#define NOACU ((acu_t *)NULL)
#define NOSTR ((char *)NULL)
+#ifdef NOFILE
+#undef NOFILE
+#endif
#define NOFILE ((FILE *)NULL)
#define NOPWD ((struct passwd *)0)
@@ -286,8 +290,8 @@ int stoprompt; /* for interrupting a prompt session */
int timedout; /* ~> transfer timedout */
int cumode; /* simulating the "cu" program */
-char fname[80]; /* file name buffer for ~< */
-char copyname[80]; /* file name buffer for ~> */
+char fname[MAXPATHLEN]; /* file name buffer for ~< */
+char copyname[MAXPATHLEN]; /* file name buffer for ~> */
char ccc; /* synchronization character */
char ch; /* for tipout */
char *uucplock; /* name of lock file for uucp's */
@@ -313,7 +317,7 @@ extern void disconnect __P((char *));
extern void shell_uid __P((void));
extern void unraw __P((void));
extern void pwrite __P((int, char *, int));
-extern int prompt __P((char *, char *));
+extern int prompt __P((char *, char *, int));
extern void consh __P((int));
extern void tipabort __P((char *));
OpenPOWER on IntegriCloud