From 982e80577dd08945aa2345ebe35e3f50eef9eb48 Mon Sep 17 00:00:00 2001 From: archie Date: Fri, 4 Dec 1998 22:54:57 +0000 Subject: Examine all occurrences of sprintf(), strcat(), and str[n]cpy() for possible buffer overflow problems. Replaced most sprintf()'s with snprintf(); for others cases, added terminating NUL bytes where appropriate, replaced constants like "16" with sizeof(), etc. These changes include several bug fixes, but most changes are for maintainability's sake. Any instance where it wasn't "immediately obvious" that a buffer overflow could not occur was made safer. Reviewed by: Bruce Evans Reviewed by: Matthew Dillon Reviewed by: Mike Spengler --- sys/netnatm/natm.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'sys/netnatm/natm.c') diff --git a/sys/netnatm/natm.c b/sys/netnatm/natm.c index c3ebc08a..e7fca3d 100644 --- a/sys/netnatm/natm.c +++ b/sys/netnatm/natm.c @@ -333,8 +333,8 @@ natm_usr_peeraddr(struct socket *so, struct sockaddr **nam) bzero(snatm, sizeof(*snatm)); snatm->snatm_len = sizeof(*snatm); snatm->snatm_family = AF_NATM; - sprintf(snatm->snatm_if, "%s%d", npcb->npcb_ifp->if_name, - npcb->npcb_ifp->if_unit); + snprintf(snatm->snatm_if, sizeof(snatm->snatm_if), + "%s%d", npcb->npcb_ifp->if_name, npcb->npcb_ifp->if_unit); snatm->snatm_vci = npcb->npcb_vci; snatm->snatm_vpi = npcb->npcb_vpi; *nam = dup_sockaddr((struct sockaddr *)snatm, 0); @@ -623,8 +623,8 @@ struct proc *p; #if defined(__NetBSD__) || defined(__OpenBSD__) bcopy(npcb->npcb_ifp->if_xname, snatm->snatm_if, sizeof(snatm->snatm_if)); #elif defined(__FreeBSD__) - sprintf(snatm->snatm_if, "%s%d", npcb->npcb_ifp->if_name, - npcb->npcb_ifp->if_unit); + snprintf(snatm->snatm_if, sizeof(snatm->snatm_if), + "%s%d", npcb->npcb_ifp->if_name, npcb->npcb_ifp->if_unit); #endif snatm->snatm_vci = npcb->npcb_vci; snatm->snatm_vpi = npcb->npcb_vpi; -- cgit v1.1