d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix two possible non-exploitable buffer overflows.

Browse Source 
Thanks to: A friend at Sun auditing dump/restore for Solaris.
This commit is contained in:
imp 1998-12-16 04:48:00 +00:00
parent abd08d02db
commit a03cde037a
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
sbin/restore/interactive.c
View File

@ -36,7 +36,7 @@
static char sccsid[] = "@(#)interactive.c 8.5 (Berkeley) 5/1/95"; static char sccsid[] = "@(#)interactive.c 8.5 (Berkeley) 5/1/95";
#endif #endif
static const char rcsid[] = static const char rcsid[] =
"$Id: interactive.c,v 1.5 1998/07/28 06:20:08 charnier Exp $"; "$Id: interactive.c,v 1.6 1998/09/17 20:18:11 imp Exp $";
#endif /* not lint */ #endif /* not lint */
#include <sys/param.h> #include <sys/param.h>
@ -343,7 +343,8 @@ getcmd(curdir, cmd, name, size, ap)
* If no argument, use curdir as the default. * If no argument, use curdir as the default.
*/ */
if (*cp == '\0') { if (*cp == '\0') {
(void) strcpy(name, curdir); (void) strncpy(name, curdir, size);
name[size - 1] = '\0';
return; return;
} }
nextarg = cp; nextarg = cp;
@ -377,7 +378,8 @@ getcmd(curdir, cmd, name, size, ap)
ap->argcnt = ap->glob.gl_pathc; ap->argcnt = ap->glob.gl_pathc;
retnext: retnext:
strcpy(name, ap->glob.gl_pathv[ap->glob.gl_pathc - ap->argcnt]); strncpy(name, ap->glob.gl_pathv[ap->glob.gl_pathc - ap->argcnt], size);
name[size - 1] = '\0';
if (--ap->argcnt == 0) { if (--ap->argcnt == 0) {
ap->freeglob = 0; ap->freeglob = 0;
globfree(&ap->glob); globfree(&ap->glob);