From 56d5f6db85394110359f54ecdb52f49b572fb956 Mon Sep 17 00:00:00 2001 From: Joerg Wunsch Date: Fri, 28 Oct 1994 17:26:27 +0000 Subject: [PATCH] Fixed an evil bug where rawname() could write across the boundaries of an array. The bug became obvious in the old system where the array was only 32 characters long (now MAXPATHLEN). Dump honored its name then (:-) and dumped its core when calling dump -w for a fstab that contained rather long NFS file system names. Even though this is rather unlikely to happen now, a bug is a bug:) --- sbin/dump/main.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sbin/dump/main.c b/sbin/dump/main.c index 40d668e13e82..db7c41c98178 100644 --- a/sbin/dump/main.c +++ b/sbin/dump/main.c @@ -537,10 +537,10 @@ rawname(cp) if (dp == NULL) return (NULL); *dp = '\0'; - (void)strcpy(rawbuf, cp); + (void)strncpy(rawbuf, cp, MAXPATHLEN - 1); *dp = '/'; - (void)strcat(rawbuf, "/r"); - (void)strcat(rawbuf, dp + 1); + (void)strncat(rawbuf, "/r", strlen(rawbuf) - (MAXPATHLEN - 1)); + (void)strncat(rawbuf, dp + 1, strlen(rawbuf) - (MAXPATHLEN - 1)); return (rawbuf); }