From 18065b763bf77571a33d562af62e14b026dfe363 Mon Sep 17 00:00:00 2001
From: harti <harti@FreeBSD.org>
Date: Sat, 21 Feb 2004 16:29:10 +0000
Subject: Fix a couple of potential buffer overflows.

Submitted by:	christer.oberg@texonet.com
---
 lib/libatm/ioctl_subr.c |  8 ++++----
 lib/libatm/ip_addr.c    | 14 ++++++--------
 2 files changed, 10 insertions(+), 12 deletions(-)

(limited to 'lib/libatm')

diff --git a/lib/libatm/ioctl_subr.c b/lib/libatm/ioctl_subr.c
index dd5dafb..f7b15f1 100644
--- a/lib/libatm/ioctl_subr.c
+++ b/lib/libatm/ioctl_subr.c
@@ -161,7 +161,7 @@ get_vcc_info(const char *intf, struct air_vcc_rsp **vccp)
 	air.air_opcode = AIOCS_INF_VCC;
 	bzero(air.air_vcc_intf, sizeof(air.air_vcc_intf));
 	if (intf != NULL && strlen(intf) != 0)
-		strcpy(air.air_vcc_intf, intf);
+		strncpy(air.air_vcc_intf, intf, IFNAMSIZ - 1);
 
 	buf_len = do_info_ioctl(&air, buf_len);
 
@@ -375,7 +375,7 @@ get_cfg_info(const char *intf, struct air_cfg_rsp **cfgp)
         air.air_opcode = AIOCS_INF_CFG;
         bzero ( air.air_cfg_intf, sizeof(air.air_cfg_intf));
         if ( intf != NULL && strlen(intf) != 0 )
-                strcpy ( air.air_cfg_intf, intf );
+                strncpy(air.air_cfg_intf, intf, IFNAMSIZ - 1);
 
         buf_len = do_info_ioctl ( &air, buf_len );
 
@@ -411,7 +411,7 @@ get_intf_info(const char *intf, struct air_int_rsp **intp)
         air.air_opcode = AIOCS_INF_INT;
         bzero ( air.air_int_intf, sizeof(air.air_int_intf));
         if ( intf != NULL && strlen(intf) != 0 )
-                strcpy ( air.air_int_intf, intf );
+                strncpy(air.air_int_intf, intf, IFNAMSIZ - 1);
 
         buf_len = do_info_ioctl ( &air, buf_len );
  
@@ -448,7 +448,7 @@ get_netif_info(const char *intf, struct air_netif_rsp **netp)
         air.air_opcode = AIOCS_INF_NIF;
         bzero ( air.air_int_intf, sizeof(air.air_int_intf) );
         if ( intf != NULL && strlen(intf) != 0 )
-                strcpy ( air.air_int_intf, intf );
+                strncpy(air.air_int_intf, intf, IFNAMSIZ - 1);
 
         buf_len = do_info_ioctl ( &air, buf_len );
 
diff --git a/lib/libatm/ip_addr.c b/lib/libatm/ip_addr.c
index a653207..d3a5276 100644
--- a/lib/libatm/ip_addr.c
+++ b/lib/libatm/ip_addr.c
@@ -38,6 +38,7 @@ __FBSDID("$FreeBSD$");
 #include <sys/types.h>
 #include <sys/param.h>
 #include <sys/socket.h>
+#include <stdio.h>
 #include <net/if.h>
 #include <netinet/in.h>
 #include <arpa/inet.h>
@@ -118,7 +119,7 @@ get_ip_addr(const char *p)
 const char *
 format_ip_addr(const struct in_addr *addr)
 {
-	static char	host_name[128];
+	static char	host_name[MAXHOSTNAMELEN + 18];
 	char		*ip_num;
 	struct hostent	*ip_host;
 
@@ -143,16 +144,13 @@ format_ip_addr(const struct in_addr *addr)
 	 * Look up name in DNS
 	 */
 	ip_host = gethostbyaddr((const char *)addr, sizeof(addr), AF_INET);
-	if (ip_host && ip_host->h_name &&
-			strlen(ip_host->h_name)) {
+	if (ip_host && ip_host->h_name && strlen(ip_host->h_name)) {
 		/*
 		 * Return host name followed by dotted decimal address
 		 */
-		strcpy(host_name, ip_host->h_name);
-		strcat(host_name, " (");
-		strcat(host_name, ip_num);
-		strcat(host_name, ")");
-		return(host_name);
+		snprintf(host_name, sizeof(host_name), "%s (%s)", 
+		    ip_host->h_name, ip_num);
+		return (host_name);
 	} else {
 		/*
 		 * No host name -- just return dotted decimal address
-- 
cgit v1.1