From d07721cd78a2f86312bc422b1f5bedde80d5aedb Mon Sep 17 00:00:00 2001 From: imp Date: Tue, 9 Jun 1998 04:58:36 +0000 Subject: o be careful about buffer overflows o Use snprintf rather than sprintf This is only lightly tested. --- usr.sbin/bootparamd/bootparamd/bootparamd.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) (limited to 'usr.sbin/bootparamd') diff --git a/usr.sbin/bootparamd/bootparamd/bootparamd.c b/usr.sbin/bootparamd/bootparamd/bootparamd.c index c19fb53..2c5da81 100644 --- a/usr.sbin/bootparamd/bootparamd/bootparamd.c +++ b/usr.sbin/bootparamd/bootparamd/bootparamd.c @@ -9,7 +9,7 @@ use and modify. Please send modifications and/or suggestions + bug fixes to #ifndef lint static const char rcsid[] = - "$Id: bootparamd.c,v 1.7 1997/09/04 11:49:24 charnier Exp $"; + "$Id: bootparamd.c,v 1.8 1997/10/19 10:42:39 joerg Exp $"; #endif /* not lint */ #include @@ -38,7 +38,7 @@ static char askname[MAX_MACHINE_NAME]; static char path[MAX_PATH_LEN]; static char domain_name[MAX_MACHINE_NAME]; -int getthefile __P((char *, char *, char *)); +int getthefile __P((char *, char *, char *, int)); int checkhost __P((char *, char *, int)); bp_whoami_res * @@ -128,7 +128,7 @@ bp_getfile_arg *getfile; strncpy(askname, he->h_name, sizeof(askname)); askname[sizeof(askname)-1] = 0; - if (getthefile(askname, getfile->file_id,buffer)) { + if (getthefile(askname, getfile->file_id,buffer,sizeof(buffer))) { if ( (where = index(buffer,':')) ) { /* buffer is re-written to contain the name of the info of file */ strncpy(hostname, buffer, where - buffer); @@ -180,9 +180,10 @@ bp_getfile_arg *getfile; empty answer for the file "dump") */ int -getthefile(askname,fileid,buffer) +getthefile(askname,fileid,buffer,blen) char *askname; char *fileid, *buffer; +int blen; { FILE *bpf; char *where; @@ -219,7 +220,8 @@ char *fileid, *buffer; if (strstr(result, fileid) == NULL) { buffer[0] = '\0'; } else { - sprintf(buffer,"%s",strchr(strstr(result,fileid), '=') + 1); + snprintf(buffer, blen, + "%s",strchr(strstr(result,fileid), '=') + 1); if (strchr(buffer, ' ') != NULL) *(char *)(strchr(buffer, ' ')) = '\0'; } -- cgit v1.1