Protect from stack overrun via /etc/ttys, which could possibly allow a

root user to change the securelevel. Pointed out by Thomas H. Ptacek <tqbf@enteract.com>.
svn path=/head/; revision=22922
1997-02-19 08:04:58 +00:00 · 1997-02-19 08:04:58 +00:00 · 33a20f8291 · 2020-12-20 02:59:44 +00:00
commit 33a20f8291
parent c8da9b756d
1 changed files with 2 additions and 2 deletions
--- a/sbin/init/init.c
+++ b/sbin/init/init.c
@ -1089,7 +1089,7 @@ start_window_system(sp)
 	if (sp->se_type) {
 		/* Don't use malloc after fork */
 		strcpy(term, "TERM=");
-		strcat(term, sp->se_type);
+		strncat(term, sp->se_type, sizeof(term) - 6);
 		env[0] = term;
 		env[1] = 0;
 	}
@ -1154,7 +1154,7 @@ start_getty(sp)
 	if (sp->se_type) {
 		/* Don't use malloc after fork */
 		strcpy(term, "TERM=");
-		strcat(term, sp->se_type);
+		strncat(term, sp->se_type, sizeof(term) - 6);
 		env[0] = term;
 		env[1] = 0;
 	}