From 354a4db3b5ff4e1a474ecd6a53a6b494699bb7e5 Mon Sep 17 00:00:00 2001
From: imp <imp@FreeBSD.org>
Date: Sun, 27 Oct 1996 03:06:52 +0000
Subject: lpc/cmds.c: 	From NetBSD via OpenBSD to fix NetBSD PR #506 	More
 descriptive message for printer status 	(OpenBSD: 1.2)

	Various warnings cleaned up (OpenBSD: 1.4)

lpc/lpc.c:
	Various warnings cleaned up (OpenBSD: 1.3)

lpd/lpd.c:
	Remove trailing blank lines (OpenBSD: 1.2)

	Potential umask problem with creating /dev/printer
	(OpenBSD: 1.4 and 1.5)

	Ftp bounce attack (untested on FreeBSD)
	(OpenBSD: 1.6, 1.8, 1.9)
	Fencepost in strncpy
	(OpenBSD: 1.6)

lpd/printjob.c:
	Fix from freebsd for waiting for an exiting filter, that
	appears not in the FreeBSD CVS tree.
	(OpenBSD: 1.6)

lpd/recvjob.c:
	Buffer overflow protection: use strncpy rather than strcpy.
	(OpenBSD: 1.3)

lpr/lpr.c:
	NetBSD change of return type for main()
	(OpenBSD: 1.2)

	Restrict time running as root
	(OpenBSD: 1.7)

	Use getcwd rather than getwd (from NetBSD)

	Use snprintf rather than sprintf
	(OpenBSD: 1.8)

	Minor tweak to end of loop and buffer overflow sanity.  card()
	overflow already in FreeBSD
	(OpenBSD: 1.9)

lptest/lptest.c:
	void -> int return type of main, from NetBSD via OpenBSD
	(OpenBSD: 1.2)

pac/pac.c:
	void -> int return type of main, from NetBSD via OpenBSD
	(OpenBSD: 1.3)

Obtained from: OpenBSD
---
 usr.sbin/lpr/lpd/recvjob.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'usr.sbin/lpr/lpd/recvjob.c')

diff --git a/usr.sbin/lpr/lpd/recvjob.c b/usr.sbin/lpr/lpd/recvjob.c
index fb307c5..040db82 100644
--- a/usr.sbin/lpr/lpd/recvjob.c
+++ b/usr.sbin/lpr/lpd/recvjob.c
@@ -170,7 +170,8 @@ readjob()
 			 * returns
 			 */
 			strcpy(cp + 6, from);
-			strcpy(tfname, cp);
+			strncpy(tfname, cp, sizeof tfname-1);
+			tfname[sizeof tfname-1] = '\0';
 			tfname[0] = 't';
 			if (!chksize(size)) {
 				(void) write(1, "\2", 1);
@@ -197,7 +198,8 @@ readjob()
 				(void) write(1, "\2", 1);
 				continue;
 			}
-			(void) strcpy(dfname, cp);
+			(void) strncpy(dfname, cp, sizeof dfname-1);
+			dfname[sizeof dfname-1] = '\0';
 			if (index(dfname, '/'))
 				frecverr("readjob: %s: illegal path name",
 					dfname);
-- 
cgit v1.1