diff options
| author | imp <imp@FreeBSD.org> | 1997-01-10 07:53:28 +0000 |
|---|---|---|
| committer | imp <imp@FreeBSD.org> | 1997-01-10 07:53:28 +0000 |
| commit | bf83493bdc4599da7c7f60af23bd74c0e657a98f (patch) | |
| tree | 3c5f5f3ad5ea638680e4a543a64066fb208ae92f /usr.sbin/ppp/ipcp.c | |
| parent | 97aa7b5184f1f12bd25cdc14bc7074351a3fe9aa (diff) | |
| download | FreeBSD-src-bf83493bdc4599da7c7f60af23bd74c0e657a98f.zip FreeBSD-src-bf83493bdc4599da7c7f60af23bd74c0e657a98f.tar.gz | |
Fix many buffer overruns in the code. Specifically, disallow ExpandString
to be used to expand things beyond the size of the buffer passed in. Also
do a general cleanup of sprintf -> snprintf as well as strcpy and strncat
safety. Also expand some buffers to allow for the largest possible data
that might be used.
This is a 2.2 candidate. However, it needs to be vetted on -current
since little testing has been done on this due to my lack of PPP on
this machine.
Reviewed by: Jordan Hubbard, Peter Wemm, Guido van Rooij
Diffstat (limited to 'usr.sbin/ppp/ipcp.c')
| -rw-r--r-- | usr.sbin/ppp/ipcp.c | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/usr.sbin/ppp/ipcp.c b/usr.sbin/ppp/ipcp.c index 3be3686..2b72002 100644 --- a/usr.sbin/ppp/ipcp.c +++ b/usr.sbin/ppp/ipcp.c @@ -17,7 +17,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: ipcp.c,v 1.9 1996/10/06 13:32:28 jkh Exp $ + * $Id: ipcp.c,v 1.10 1996/12/12 14:39:44 jkh Exp $ * * TODO: * o More RFC1772 backwoard compatibility @@ -269,7 +269,8 @@ struct fsm *fp; #endif Prompt(1); LogPrintf(LOG_LCP_BIT, "%s: LayerUp.\n", fp->name); - sprintf(tbuff, "myaddr = %s ", inet_ntoa(IpcpInfo.want_ipaddr)); + snprintf(tbuff, sizeof(tbuff), "myaddr = %s ", + inet_ntoa(IpcpInfo.want_ipaddr)); LogPrintf(LOG_LCP_BIT|LOG_LINK_BIT, " %s hisaddr = %s\n", tbuff, inet_ntoa(IpcpInfo.his_ipaddr)); OsSetIpaddress(IpcpInfo.want_ipaddr, IpcpInfo.his_ipaddr, ifnetmask); OsLinkup(); @@ -319,6 +320,7 @@ int mode; struct compreq *pcomp; struct in_addr ipaddr, dstipaddr, dnsstuff, ms_info_req; char tbuff[100]; + char tbuff2[100]; ackp = AckBuff; nakp = NakBuff; @@ -330,9 +332,9 @@ int mode; type = *cp; length = cp[1]; if (type <= TY_IPADDR) - sprintf(tbuff, " %s[%d] ", cftypes[type], length); + snprintf(tbuff, sizeof(tbuff), " %s[%d] ", cftypes[type], length); else - sprintf(tbuff, " "); + snprintf(tbuff, sizeof(tbuff), " "); switch (type) { case TY_IPADDR: /* RFC1332 */ @@ -362,8 +364,8 @@ int mode; /* * Use address suggested by peer. */ - sprintf(tbuff+50, "%s changing address: %s ", tbuff, inet_ntoa(IpcpInfo.want_ipaddr)); - LogPrintf(LOG_LCP_BIT, "%s --> %s\n", tbuff+50, inet_ntoa(ipaddr)); + snprintf(tbuff2, sizeof(tbuff2), "%s changing address: %s ", tbuff, inet_ntoa(IpcpInfo.want_ipaddr)); + LogPrintf(LOG_LCP_BIT, "%s --> %s\n", tbuff2, inet_ntoa(ipaddr)); IpcpInfo.want_ipaddr = ipaddr; } break; |
