diff options
| author | pfg <pfg@FreeBSD.org> | 2015-08-04 03:06:23 +0000 |
|---|---|---|
| committer | pfg <pfg@FreeBSD.org> | 2015-08-04 03:06:23 +0000 |
| commit | d396e4d3738af768e05a856ed5da4e1af908f1f4 (patch) | |
| tree | 71705879805c24343fecd6b4e1974856419157a5 /usr.bin/wall | |
| parent | 0d33ce41f504ff7fea3ad78ea24b6bc9fa9e08e6 (diff) | |
| download | FreeBSD-src-d396e4d3738af768e05a856ed5da4e1af908f1f4.zip FreeBSD-src-d396e4d3738af768e05a856ed5da4e1af908f1f4.tar.gz | |
MFC r286102:
Buffer overflow in wall(1).
This affected syslogd, wall and talkd.
Detected by FORTIFY_SOURCE GSoC (with clang).
Submitted by: Oliver Pinter
Differential Revision: https://reviews.freebsd.org/D3254
Reviewed by: delphij, jmg
Diffstat (limited to 'usr.bin/wall')
| -rw-r--r-- | usr.bin/wall/ttymsg.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/usr.bin/wall/ttymsg.c b/usr.bin/wall/ttymsg.c index 37b09e9..1317a4b 100644 --- a/usr.bin/wall/ttymsg.c +++ b/usr.bin/wall/ttymsg.c @@ -62,7 +62,7 @@ ttymsg(struct iovec *iov, int iovcnt, const char *line, int tmout) struct iovec localiov[7]; ssize_t left, wret; int cnt, fd; - static char device[MAXNAMLEN] = _PATH_DEV; + char device[MAXNAMLEN] = _PATH_DEV; static char errbuf[1024]; char *p; int forked; @@ -71,8 +71,8 @@ ttymsg(struct iovec *iov, int iovcnt, const char *line, int tmout) if (iovcnt > (int)(sizeof(localiov) / sizeof(localiov[0]))) return ("too many iov's (change code in wall/ttymsg.c)"); + strlcat(device, line, sizeof(device)); p = device + sizeof(_PATH_DEV) - 1; - strlcpy(p, line, sizeof(device)); if (strncmp(p, "pts/", 4) == 0) p += 4; if (strchr(p, '/') != NULL) { |
