diff options
| author | imp <imp@FreeBSD.org> | 1997-01-10 07:53:28 +0000 |
|---|---|---|
| committer | imp <imp@FreeBSD.org> | 1997-01-10 07:53:28 +0000 |
| commit | bf83493bdc4599da7c7f60af23bd74c0e657a98f (patch) | |
| tree | 3c5f5f3ad5ea638680e4a543a64066fb208ae92f /usr.sbin/ppp/command.c | |
| parent | 97aa7b5184f1f12bd25cdc14bc7074351a3fe9aa (diff) | |
| download | FreeBSD-src-bf83493bdc4599da7c7f60af23bd74c0e657a98f.zip FreeBSD-src-bf83493bdc4599da7c7f60af23bd74c0e657a98f.tar.gz | |
Fix many buffer overruns in the code. Specifically, disallow ExpandString
to be used to expand things beyond the size of the buffer passed in. Also
do a general cleanup of sprintf -> snprintf as well as strcpy and strncat
safety. Also expand some buffers to allow for the largest possible data
that might be used.
This is a 2.2 candidate. However, it needs to be vetted on -current
since little testing has been done on this due to my lack of PPP on
this machine.
Reviewed by: Jordan Hubbard, Peter Wemm, Guido van Rooij
Diffstat (limited to 'usr.sbin/ppp/command.c')
| -rw-r--r-- | usr.sbin/ppp/command.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/usr.sbin/ppp/command.c b/usr.sbin/ppp/command.c index ad875c8..ccf496a 100644 --- a/usr.sbin/ppp/command.c +++ b/usr.sbin/ppp/command.c @@ -17,7 +17,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: command.c,v 1.26 1996/12/22 17:09:12 jkh Exp $ + * $Id: command.c,v 1.27 1996/12/22 17:29:30 jkh Exp $ * */ #include <sys/types.h> @@ -922,18 +922,23 @@ int param; switch (param) { case VAR_AUTHKEY: strncpy(VarAuthKey, *argv, sizeof(VarAuthKey)-1); + VarAuthKey[sizeof(VarAuthKey)-1] = '\0'; break; case VAR_AUTHNAME: strncpy(VarAuthName, *argv, sizeof(VarAuthName)-1); + VarAuthName[sizeof(VarAuthName)-1] = '\0'; break; case VAR_DIAL: strncpy(VarDialScript, *argv, sizeof(VarDialScript)-1); + VarDialScript[sizeof(VarDialScript)-1] = '\0'; break; case VAR_LOGIN: strncpy(VarLoginScript, *argv, sizeof(VarDialScript)-1); + VarLoginScript[sizeof(VarLoginScript)-1] = '\0'; break; case VAR_DEVICE: strncpy(VarDevice, *argv, sizeof(VarDevice)-1); + VarDevice[sizeof(VarDevice)-1] = '\0'; break; case VAR_ACCMAP: sscanf(*argv, "%lx", &map); @@ -941,6 +946,7 @@ int param; break; case VAR_PHONE: strncpy(VarPhoneList, *argv, sizeof(VarPhoneList)-1); + VarPhoneList[sizeof(VarPhoneList)-1] = '\0'; strcpy(VarPhoneCopy, VarPhoneList); VarNextPhone = VarPhoneCopy; break; |
