summaryrefslogtreecommitdiffstats
path: root/usr.sbin/lpr/common_source/recvjob.c
diff options
context:
space:
mode:
Diffstat (limited to 'usr.sbin/lpr/common_source/recvjob.c')
-rw-r--r--usr.sbin/lpr/common_source/recvjob.c27
1 files changed, 17 insertions, 10 deletions
diff --git a/usr.sbin/lpr/common_source/recvjob.c b/usr.sbin/lpr/common_source/recvjob.c
index 3bfbb99..5c1d027 100644
--- a/usr.sbin/lpr/common_source/recvjob.c
+++ b/usr.sbin/lpr/common_source/recvjob.c
@@ -65,10 +65,10 @@ static char sccsid[] = "@(#)recvjob.c 8.2 (Berkeley) 4/27/95";
#define ack() (void) write(1, sp, 1);
-static char dfname[256]; /* data files */
+static char dfname[NAME_MAX]; /* data files */
static int minfree; /* keep at least minfree blocks available */
static char *sp = "";
-static char tfname[256]; /* tmp copy of cf before linking */
+static char tfname[NAME_MAX]; /* tmp copy of cf before linking */
static int chksize __P((int));
static void frecverr __P((const char *, ...));
@@ -94,7 +94,7 @@ recvjob()
frecverr("unknown printer %s", printer);
else if (status == -3)
fatal("potential reference loop detected in printcap file");
-
+
if (cgetstr(bp, "lf", &LF) == -1)
LF = _PATH_CONSOLE;
if (cgetstr(bp, "sd", &SD) == -1)
@@ -146,10 +146,13 @@ readjob()
do {
if ((size = read(1, cp, 1)) != 1) {
if (size < 0)
- frecverr("%s: Lost connection",printer);
+ frecverr("%s: Lost connection",
+ printer);
return(nfiles);
}
- } while (*cp++ != '\n');
+ } while (*cp++ != '\n' && (cp - line + 1) < sizeof(line));
+ if (cp - line + 1 >= sizeof(line))
+ frecverr("readjob overflow");
*--cp = '\0';
cp = line;
switch (*cp++) {
@@ -169,10 +172,14 @@ readjob()
* something different than what gethostbyaddr()
* returns
*/
- strcpy(cp + 6, from);
- strncpy(tfname, cp, sizeof tfname-1);
- tfname[sizeof tfname-1] = '\0';
+ strncpy(cp + 6, from, sizeof(line) + line - cp - 7);
+ line[sizeof(line) - 1 ] = '\0';
+ strncpy(tfname, cp, sizeof(tfname) - 1);
+ tfname[sizeof (tfname) - 1] = '\0';
tfname[0] = 't';
+ if (strchr(tfname, '/'))
+ frecverr("readjob: %s: illegal path name",
+ tfname);
if (!chksize(size)) {
(void) write(1, "\2", 1);
continue;
@@ -198,8 +205,8 @@ readjob()
(void) write(1, "\2", 1);
continue;
}
- (void) strncpy(dfname, cp, sizeof dfname-1);
- dfname[sizeof dfname-1] = '\0';
+ (void) strncpy(dfname, cp, sizeof(dfname) - 1);
+ dfname[sizeof(dfname) - 1] = '\0';
if (strchr(dfname, '/'))
frecverr("readjob: %s: illegal path name",
dfname);
OpenPOWER on IntegriCloud