sprintf->snprintf paranoia. The one thing that looks like a hole in

the diff is in an ifdef that isn't enabled for FreeBSD.
Obtained from:	OpenBSD(?)
This commit is contained in:
imp 1997-12-24 19:21:09 +00:00
parent b14c1dcaab
commit 04325fa0d2

View File

@ -36,7 +36,7 @@
static char sccsid[] = "@(#)sys_term.c 8.2 (Berkeley) 12/15/93";
#endif
static const char rcsid[] =
"$Id$";
"$Id: sys_term.c,v 1.18 1997/12/03 07:16:03 charnier Exp $";
#endif /* not lint */
#include "telnetd.h"
@ -517,11 +517,11 @@ int *ptynum;
#endif
#ifndef __hpux
(void) sprintf(line, "/dev/ptyXX");
(void) strcpy(line, "/dev/ptyXX");
p1 = &line[8];
p2 = &line[9];
#else
(void) sprintf(line, "/dev/ptym/ptyXX");
(void) strcpy(line, "/dev/ptym/ptyXX");
p1 = &line[13];
p2 = &line[14];
#endif
@ -1450,7 +1450,7 @@ startslave(host, autologin, autoname)
*/
if ((i = open(INIT_FIFO, O_WRONLY)) < 0) {
char tbuf[128];
(void) sprintf(tbuf, "Can't open %s\n", INIT_FIFO);
(void) snprintf(tbuf, sizeof(tbuf), "Can't open %s\n", INIT_FIFO);
fatalperror(net, tbuf);
}
memset((char *)&request, 0, sizeof(request));
@ -1473,7 +1473,7 @@ startslave(host, autologin, autoname)
#endif /* BFTPDAEMON */
if (write(i, (char *)&request, sizeof(request)) < 0) {
char tbuf[128];
(void) sprintf(tbuf, "Can't write to %s\n", INIT_FIFO);
(void) snprintf(tbuf, sizeof(tbuf), "Can't write to %s\n", INIT_FIFO);
fatalperror(net, tbuf);
}
(void) close(i);
@ -1485,7 +1485,7 @@ startslave(host, autologin, autoname)
if (i == 3 || n >= 0 || !gotalarm)
break;
gotalarm = 0;
sprintf(tbuf, "telnetd: waiting for /etc/init to start login process on %s\r\n", line);
snprintf(tbuf, sizeof(tbuf), "telnetd: waiting for /etc/init to start login process on %s\r\n", line);
(void) write(net, tbuf, strlen(tbuf));
}
if (n < 0 && gotalarm)
@ -1680,7 +1680,8 @@ start_login(host, autologin, name)
len = strlen(name)+1;
write(xpty, name, len);
write(xpty, name, len);
sprintf(speed, "%s/%d", (cp = getenv("TERM")) ? cp : "",
snprintf(speed, sizeof(speed),
"%s/%d", (cp = getenv("TERM")) ? cp : "",
(def_rspeed > 0) ? def_rspeed : 9600);
len = strlen(speed)+1;
write(xpty, speed, len);