Fixed a potential buffer overflow problem, in the device name handling.

PR: bin/15101
author: joe <joe@FreeBSD.org> 1999-12-05 20:05:45 +0000
committer: joe <joe@FreeBSD.org> 1999-12-05 20:05:45 +0000
commit: 3955613d85a90688ef42ca8405fa4ea6d09fb5d4 (patch)
tree: 87789b1ada3c43b9964657fa52d53aa7b423c0e6 /usr.sbin/cdcontrol
parent: 59ba729c30037661a58da4f4dc7092d339395a31 (diff)
download: FreeBSD-src-3955613d85a90688ef42ca8405fa4ea6d09fb5d4.zip
FreeBSD-src-3955613d85a90688ef42ca8405fa4ea6d09fb5d4.tar.gz
1 files changed, 9 insertions, 7 deletions
diff --git a/usr.sbin/cdcontrol/cdcontrol.c b/usr.sbin/cdcontrol/cdcontrol.c
index 7fad22e..c38fdb2 100644
--- a/usr.sbin/cdcontrol/cdcontrol.c
+++ b/usr.sbin/cdcontrol/cdcontrol.c
@@ -33,6 +33,7 @@ static const char rcsid[] =
 #include <sys/file.h>
 #include <sys/cdio.h>
 #include <sys/ioctl.h>
+#include <sys/param.h>
 #include <histedit.h>
 
 #define VERSION "2.0"
@@ -1036,17 +1037,18 @@ char *parse (char *buf, int *cmd)
 
 int open_cd ()
 {
-	char devbuf[80];
+	char devbuf[MAXPATHLEN];
 
 	if (fd > -1)
 		return (1);
 
-	if (*cdname == '/')
-		strcpy (devbuf, cdname);
-	else if (*cdname == 'r')
-		sprintf (devbuf, "/dev/%s", cdname);
-	else
-		sprintf (devbuf, "/dev/r%s", cdname);
+	if (*cdname == '/') {
+		snprintf (devbuf, MAXPATHLEN, "%s", cdname);
+	} else if (*cdname == 'r') {
+		snprintf (devbuf, MAXPATHLEN, "/dev/%s", cdname);
+	} else {
+		snprintf (devbuf, MAXPATHLEN, "/dev/r%s", cdname);
+	}
 
 	fd = open (devbuf, O_RDONLY);
author	joe <joe@FreeBSD.org>	1999-12-05 20:05:45 +0000
committer	joe <joe@FreeBSD.org>	1999-12-05 20:05:45 +0000
commit	3955613d85a90688ef42ca8405fa4ea6d09fb5d4 (patch)
tree	87789b1ada3c43b9964657fa52d53aa7b423c0e6 /usr.sbin/cdcontrol
parent	59ba729c30037661a58da4f4dc7092d339395a31 (diff)
download	FreeBSD-src-3955613d85a90688ef42ca8405fa4ea6d09fb5d4.zip FreeBSD-src-3955613d85a90688ef42ca8405fa4ea6d09fb5d4.tar.gz