diff options
| author | imp <imp@FreeBSD.org> | 1996-10-25 18:14:48 +0000 |
|---|---|---|
| committer | imp <imp@FreeBSD.org> | 1996-10-25 18:14:48 +0000 |
| commit | 96b7b01c6486264bc544e40746f952c2e2e9ad2f (patch) | |
| tree | 3394ac53df6a27692e8f33f299d8a44faeca28dd /usr.sbin/lpr | |
| parent | aa424264765815c0b549bb0ef4fb82799a34c350 (diff) | |
| download | FreeBSD-src-96b7b01c6486264bc544e40746f952c2e2e9ad2f.zip FreeBSD-src-96b7b01c6486264bc544e40746f952c2e2e9ad2f.tar.gz | |
Fix a problem where the command line could be used to overflow a stack
buffer which could be made to lead to a root shell. This patch is
OpenBSD's solution to the problem, and will silently truncate the
output rather than overflow the buffer.
Obtained from: OpenBSD
Diffstat (limited to 'usr.sbin/lpr')
| -rw-r--r-- | usr.sbin/lpr/lpr/lpr.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/usr.sbin/lpr/lpr/lpr.c b/usr.sbin/lpr/lpr/lpr.c index 01b3b18..09ddc2e 100644 --- a/usr.sbin/lpr/lpr/lpr.c +++ b/usr.sbin/lpr/lpr/lpr.c @@ -45,7 +45,7 @@ static char copyright[] = #ifndef lint static char sccsid[] = "From: @(#)lpr.c 8.4 (Berkeley) 4/28/95" - "\n$Id$\n"; + "\n$Id: lpr.c,v 1.7 1996/05/11 19:00:55 joerg Exp $\n"; #endif /* not lint */ /* @@ -471,7 +471,7 @@ card(c, p2) register int len = 2; *p1++ = c; - while ((c = *p2++) != '\0') { + while ((c = *p2++) != '\0' && len <= sizeof(buf)) { *p1++ = (c == '\n') ? ' ' : c; len++; } |
