From 16479d02b1b1b0215b63d4089dcd02250a79ba66 Mon Sep 17 00:00:00 2001 From: imp Date: Thu, 3 Apr 2008 20:37:38 +0000 Subject: Use safer string handling. Reviewed by: security-team --- sbin/restore/dirs.c | 9 ++++----- sbin/restore/interactive.c | 10 ++++------ 2 files changed, 8 insertions(+), 11 deletions(-) (limited to 'sbin/restore') diff --git a/sbin/restore/dirs.c b/sbin/restore/dirs.c index 406a0f0..a4cdb3d 100644 --- a/sbin/restore/dirs.c +++ b/sbin/restore/dirs.c @@ -216,7 +216,7 @@ treescan(char *pname, ino_t ino, long (*todo)(char *, ino_t, int)) struct direct *dp; int namelen; long bpt; - char locname[MAXPATHLEN + 1]; + char locname[MAXPATHLEN]; itp = inotablookup(ino); if (itp == NULL) { @@ -235,9 +235,8 @@ treescan(char *pname, ino_t ino, long (*todo)(char *, ino_t, int)) * begin search through the directory * skipping over "." and ".." */ - (void) strncpy(locname, pname, sizeof(locname) - 1); - locname[sizeof(locname) - 1] = '\0'; - (void) strncat(locname, "/", sizeof(locname) - strlen(locname)); + (void) strlcpy(locname, pname, sizeof(locname)); + (void) strlcat(locname, "/", sizeof(locname)); namelen = strlen(locname); rst_seekdir(dirp, itp->t_seekpt, itp->t_seekpt); dp = rst_readdir(dirp); /* "." */ @@ -261,7 +260,7 @@ treescan(char *pname, ino_t ino, long (*todo)(char *, ino_t, int)) fprintf(stderr, "%s%s: name exceeds %d char\n", locname, dp->d_name, sizeof(locname) - 1); } else { - (void) strncat(locname, dp->d_name, (int)dp->d_namlen); + (void)strlcat(locname, dp->d_name, sizeof(locname)); treescan(locname, dp->d_ino, todo); rst_seekdir(dirp, bpt, itp->t_seekpt); } diff --git a/sbin/restore/interactive.c b/sbin/restore/interactive.c index e3391d0..1fffd28 100644 --- a/sbin/restore/interactive.c +++ b/sbin/restore/interactive.c @@ -502,7 +502,7 @@ printlist(char *name, char *basename) struct afile single; RST_DIR *dirp; int entries, len, namelen; - char locname[MAXPATHLEN + 1]; + char locname[MAXPATHLEN]; dp = pathsearch(name); if (dp == NULL || (!dflag && TSTINO(dp->d_ino, dumpmap) == 0) || @@ -533,8 +533,8 @@ printlist(char *name, char *basename) fprintf(stderr, "%s:\n", name); entries = 0; listp = list; - (void) strncpy(locname, name, MAXPATHLEN); - (void) strncat(locname, "/", MAXPATHLEN); + (void)strlcpy(locname, name, MAXPATHLEN); + (void)strlcat(locname, "/", MAXPATHLEN); namelen = strlen(locname); while ((dp = rst_readdir(dirp))) { if (dp == NULL) @@ -545,13 +545,11 @@ printlist(char *name, char *basename) strcmp(dp->d_name, ".") == 0 || strcmp(dp->d_name, "..") == 0)) continue; - locname[namelen] = '\0'; if (namelen + dp->d_namlen >= MAXPATHLEN) { fprintf(stderr, "%s%s: name exceeds %d char\n", locname, dp->d_name, MAXPATHLEN); } else { - (void) strncat(locname, dp->d_name, - (int)dp->d_namlen); + (void)strlcat(locname, dp->d_name, MAXPATHLEN); mkentry(locname, dp, listp++); entries++; } -- cgit v1.1