diff options
author | roberto <roberto@FreeBSD.org> | 2000-06-18 23:10:20 +0000 |
---|---|---|
committer | roberto <roberto@FreeBSD.org> | 2000-06-18 23:10:20 +0000 |
commit | 645dbbcce1d2b937a1a41018bf6b6a854813e4d6 (patch) | |
tree | 33ae264d0af203dc86ecbf4a986596fae91c9c8f /usr.sbin/ancontrol | |
parent | 52bc7db3a0ceaee4389cf1aa5a5721b7bf2ee5c1 (diff) | |
download | FreeBSD-src-645dbbcce1d2b937a1a41018bf6b6a854813e4d6.zip FreeBSD-src-645dbbcce1d2b937a1a41018bf6b6a854813e4d6.tar.gz |
Fix potential buffer overflows (even if ancontrol is not setuid).
Submitted by: Aaron Campbell <aaron@cs.dal.ca> from OpenBSD
Diffstat (limited to 'usr.sbin/ancontrol')
-rw-r--r-- | usr.sbin/ancontrol/ancontrol.c | 23 |
1 files changed, 10 insertions, 13 deletions
diff --git a/usr.sbin/ancontrol/ancontrol.c b/usr.sbin/ancontrol/ancontrol.c index 4eac074..5e84606 100644 --- a/usr.sbin/ancontrol/ancontrol.c +++ b/usr.sbin/ancontrol/ancontrol.c @@ -1,4 +1,4 @@ -/* +/* $OpenBSD: ancontrol.c,v 1.4 2000/06/18 22:27:41 aaron Exp $ */ * Copyright 1997, 1998, 1999 * Bill Paul <wpaul@ee.columbia.edu>. All rights reserved. * @@ -127,7 +127,7 @@ static void an_getval(iface, areq) bzero((char *)&ifr, sizeof(ifr)); - strcpy(ifr.ifr_name, iface); + strlcpy(ifr.ifr_name, iface, sizeof(ifr.ifr_name)); ifr.ifr_data = (caddr_t)areq; s = socket(AF_INET, SOCK_DGRAM, 0); @@ -152,7 +152,7 @@ static void an_setval(iface, areq) bzero((char *)&ifr, sizeof(ifr)); - strcpy(ifr.ifr_name, iface); + strlcpy(ifr.ifr_name, iface, sizeof(ifr.ifr_name)); ifr.ifr_data = (caddr_t)areq; s = socket(AF_INET, SOCK_DGRAM, 0); @@ -1035,24 +1035,21 @@ static void an_setssid(iface, act, arg) an_getval(iface, &areq); ssid = (struct an_ltv_ssidlist *)&areq; - switch(act) { + switch (act) { case ACT_SET_SSID1: bzero(ssid->an_ssid1, sizeof(ssid->an_ssid1)); - bcopy((char *)arg, (char *)&ssid->an_ssid1, - strlen((char *)arg)); - ssid->an_ssid1_len = strlen((char *)arg); + strlcpy(ssid->an_ssid1, (char *)arg, sizeof(ssid->an_ssid1)); + ssid->an_ssid1_len = strlen(ssid->an_ssid1); break; case ACT_SET_SSID2: bzero(ssid->an_ssid2, sizeof(ssid->an_ssid2)); - bcopy((char *)arg, (char *)&ssid->an_ssid2, - strlen((char *)arg)); - ssid->an_ssid2_len = strlen((char *)arg); + strlcpy(ssid->an_ssid2, (char *)arg, sizeof(ssid->an_ssid2)); + ssid->an_ssid2_len = strlen(ssid->an_ssid2); break; case ACT_SET_SSID3: bzero(ssid->an_ssid3, sizeof(ssid->an_ssid3)); - bcopy((char *)arg, (char *)&ssid->an_ssid3, - strlen((char *)arg)); - ssid->an_ssid3_len = strlen((char *)arg); + strlcpy(ssid->an_ssid3, (char *)arg, sizeof(ssid->an_ssid3)); + ssid->an_ssid3_len = strlen(ssid->an_ssid3); break; default: errx(1, "unknown action"); |