diff options
| author | imp <imp@FreeBSD.org> | 1997-01-10 07:53:28 +0000 |
|---|---|---|
| committer | imp <imp@FreeBSD.org> | 1997-01-10 07:53:28 +0000 |
| commit | bf83493bdc4599da7c7f60af23bd74c0e657a98f (patch) | |
| tree | 3c5f5f3ad5ea638680e4a543a64066fb208ae92f /usr.sbin/ppp/log.c | |
| parent | 97aa7b5184f1f12bd25cdc14bc7074351a3fe9aa (diff) | |
| download | FreeBSD-src-bf83493bdc4599da7c7f60af23bd74c0e657a98f.zip FreeBSD-src-bf83493bdc4599da7c7f60af23bd74c0e657a98f.tar.gz | |
Fix many buffer overruns in the code. Specifically, disallow ExpandString
to be used to expand things beyond the size of the buffer passed in. Also
do a general cleanup of sprintf -> snprintf as well as strcpy and strncat
safety. Also expand some buffers to allow for the largest possible data
that might be used.
This is a 2.2 candidate. However, it needs to be vetted on -current
since little testing has been done on this due to my lack of PPP on
this machine.
Reviewed by: Jordan Hubbard, Peter Wemm, Guido van Rooij
Diffstat (limited to 'usr.sbin/ppp/log.c')
| -rw-r--r-- | usr.sbin/ppp/log.c | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/usr.sbin/ppp/log.c b/usr.sbin/ppp/log.c index 3b0593a..23d0f05 100644 --- a/usr.sbin/ppp/log.c +++ b/usr.sbin/ppp/log.c @@ -17,7 +17,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: log.c,v 1.3 1995/05/30 03:50:43 rgrimes Exp $ + * $Id: log.c,v 1.4 1996/05/11 20:48:30 phk Exp $ * */ #include "defs.h" @@ -146,7 +146,7 @@ vlogprintf(format, ap) char *format; va_list ap; { - vsprintf(logptr, format, ap); + vsnprintf(logptr, sizeof(logbuff)-(logptr-logbuff), format, ap); logptr += strlen(logptr); LogFlush(); } @@ -184,7 +184,7 @@ struct mbuf *bp; if (!(loglevel & (1 << level))) return; LogTimeStamp(); - sprintf(logptr, "%s\n", header); + snprintf(logptr, sizeof(logbuff)-(logptr-logbuff), "%s\n", header); logptr += strlen(logptr); loc = 0; LogTimeStamp(); @@ -192,7 +192,7 @@ struct mbuf *bp; cp = MBUF_CTOP(bp); cnt = bp->cnt; while (cnt-- > 0) { - sprintf(logptr, " %02x", *cp++); + snprintf(logptr, sizeof(logbuff)-(logptr-logbuff), " %02x", *cp++); logptr += strlen(logptr); if (++loc == 16) { loc = 0; @@ -221,12 +221,12 @@ int cnt; if (!(loglevel & (1 << level))) return; LogTimeStamp(); - sprintf(logptr, "%s\n", header); + snprintf(logptr, sizeof(logbuff)-(logptr-logbuff), "%s\n", header); logptr += strlen(logptr); LogTimeStamp(); loc = 0; while (cnt-- > 0) { - sprintf(logptr, " %02x", *ptr++); + snprintf(logptr, sizeof(logbuff)-(logptr-logbuff), " %02x", *ptr++); logptr += strlen(logptr); if (++loc == 16) { loc = 0; @@ -248,7 +248,8 @@ LogTimeStamp() mypid = getpid(); ltime = time(0); ptm = localtime(<ime); - sprintf(logptr, "%02d-%02d %02d:%02d:%02d [%d] ", + snprintf(logptr, sizeof(logbuff)-(logptr-logbuff), + "%02d-%02d %02d:%02d:%02d [%d] ", ptm->tm_mon + 1, ptm->tm_mday, ptm->tm_hour, ptm->tm_min, ptm->tm_sec, mypid); logptr += strlen(logptr); |
