diff options
| author | tjr <tjr@FreeBSD.org> | 2002-11-01 12:48:28 +0000 |
|---|---|---|
| committer | tjr <tjr@FreeBSD.org> | 2002-11-01 12:48:28 +0000 |
| commit | 5e6cfbf3a7a005c31725f4a7d9e701856a7cb846 (patch) | |
| tree | cc9ebb438afa1e2996713f74e46a86a034055b17 /usr.bin/xstr | |
| parent | ff3a30e7232293bc81d395d191ff1e36df486ca3 (diff) | |
| download | FreeBSD-src-5e6cfbf3a7a005c31725f4a7d9e701856a7cb846.zip FreeBSD-src-5e6cfbf3a7a005c31725f4a7d9e701856a7cb846.tar.gz | |
Another buffer overflow similar to the recent one in mkstr(1).
Diffstat (limited to 'usr.bin/xstr')
| -rw-r--r-- | usr.bin/xstr/xstr.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/usr.bin/xstr/xstr.c b/usr.bin/xstr/xstr.c index 2ffbc72..6195ff2 100644 --- a/usr.bin/xstr/xstr.c +++ b/usr.bin/xstr/xstr.c @@ -231,6 +231,8 @@ yankstr(char **cpp) static char tmp[] = "b\bt\tr\rn\nf\f\\\\\"\""; while ((c = *cp++)) { + if (dp == dbuf + sizeof(dbuf) - 3) + errx(1, "message too long"); switch (c) { case '"': |
