From bf83493bdc4599da7c7f60af23bd74c0e657a98f Mon Sep 17 00:00:00 2001 From: imp Date: Fri, 10 Jan 1997 07:53:28 +0000 Subject: Fix many buffer overruns in the code. Specifically, disallow ExpandString to be used to expand things beyond the size of the buffer passed in. Also do a general cleanup of sprintf -> snprintf as well as strcpy and strncat safety. Also expand some buffers to allow for the largest possible data that might be used. This is a 2.2 candidate. However, it needs to be vetted on -current since little testing has been done on this due to my lack of PPP on this machine. Reviewed by: Jordan Hubbard, Peter Wemm, Guido van Rooij --- usr.sbin/ppp/arp.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'usr.sbin/ppp/arp.c') diff --git a/usr.sbin/ppp/arp.c b/usr.sbin/ppp/arp.c index 74a0f21..490afd4 100644 --- a/usr.sbin/ppp/arp.c +++ b/usr.sbin/ppp/arp.c @@ -17,7 +17,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: arp.c,v 1.5 1996/05/11 20:48:09 phk Exp $ + * $Id: arp.c,v 1.6 1997/01/03 20:19:42 wollman Exp $ * */ @@ -259,6 +259,7 @@ get_ether_addr(s, ipaddr, hwaddr) if (ifr->ifr_addr.sa_family == AF_INET) { ina = ((struct sockaddr_in *) &ifr->ifr_addr)->sin_addr.s_addr; strncpy(ifreq.ifr_name, ifr->ifr_name, sizeof(ifreq.ifr_name)); + ifreq.ifr_name[sizeof(ifreq.ifr_name)-1]='\0'; /* * Check that the interface is up, and not point-to-point * or loopback. @@ -351,7 +352,7 @@ struct sockaddr_dl *dlo; struct ifnet ifnet; int n; u_long addr, ifaddraddr, ifnetfound, ifaddrfound; - char name[32]; + char name[16+32]; struct sockaddr *sa; char *cp; struct sockaddr_dl *sdl; -- cgit v1.1