diff options
| author | imp <imp@FreeBSD.org> | 1997-01-10 07:53:28 +0000 |
|---|---|---|
| committer | imp <imp@FreeBSD.org> | 1997-01-10 07:53:28 +0000 |
| commit | bf83493bdc4599da7c7f60af23bd74c0e657a98f (patch) | |
| tree | 3c5f5f3ad5ea638680e4a543a64066fb208ae92f /usr.sbin/ppp/modem.c | |
| parent | 97aa7b5184f1f12bd25cdc14bc7074351a3fe9aa (diff) | |
| download | FreeBSD-src-bf83493bdc4599da7c7f60af23bd74c0e657a98f.zip FreeBSD-src-bf83493bdc4599da7c7f60af23bd74c0e657a98f.tar.gz | |
Fix many buffer overruns in the code. Specifically, disallow ExpandString
to be used to expand things beyond the size of the buffer passed in. Also
do a general cleanup of sprintf -> snprintf as well as strcpy and strncat
safety. Also expand some buffers to allow for the largest possible data
that might be used.
This is a 2.2 candidate. However, it needs to be vetted on -current
since little testing has been done on this due to my lack of PPP on
this machine.
Reviewed by: Jordan Hubbard, Peter Wemm, Guido van Rooij
Diffstat (limited to 'usr.sbin/ppp/modem.c')
| -rw-r--r-- | usr.sbin/ppp/modem.c | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/usr.sbin/ppp/modem.c b/usr.sbin/ppp/modem.c index a4fdcae..67aa08e 100644 --- a/usr.sbin/ppp/modem.c +++ b/usr.sbin/ppp/modem.c @@ -17,7 +17,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: modem.c,v 1.25 1996/12/22 17:09:14 jkh Exp $ + * $Id: modem.c,v 1.26 1996/12/22 17:29:32 jkh Exp $ * * TODO: */ @@ -384,7 +384,8 @@ int mode; modem = open(ctermid(NULL), O_RDWR|O_NONBLOCK); } else if (modem == 0) { if (strncmp(VarDevice, "/dev", 4) == 0) { - strcpy(uucplock, rindex(VarDevice, '/')+1); + strncpy(uucplock, rindex(VarDevice, '/')+1,sizeof(uucplock)-1); + uucplock[sizeof(uucplock)-1] = '\0'; if (uu_lock(uucplock) < 0) { LogPrintf(LOG_PHASE_BIT, "Modem %s is in use\n", VarDevice); return(-1); @@ -726,11 +727,12 @@ DialModem() char ScriptBuffer[200]; int excode = 0; - strcpy(ScriptBuffer, VarDialScript); + strncpy(ScriptBuffer, VarDialScript,sizeof(ScriptBuffer)-1); + ScriptBuffer[sizeof(ScriptBuffer)-1] = '\0'; if (DoChat(ScriptBuffer) > 0) { if ((mode & (MODE_INTER|MODE_AUTO)) == MODE_INTER) fprintf(stderr, "dial OK!\n"); - strcpy(ScriptBuffer, VarLoginScript); + strncpy(ScriptBuffer, VarLoginScript,sizeof(ScriptBuffer)-1); if (DoChat(ScriptBuffer) > 0) { if ((mode & (MODE_INTER|MODE_AUTO)) == MODE_INTER) fprintf(stderr, "login OK!\n"); |
