o Use snprintf rather than sprintf.

o Revert gid to caller before a shell so we can run setgid. o minor style nits to make bruce happy :-) o use strncpy correctly.
svn path=/head/; revision=36791
1998-06-09 04:28:05 +00:00 · 1998-06-09 04:28:05 +00:00 · f34c49eb54 · 2020-12-20 02:59:44 +00:00
commit f34c49eb54
parent fae4b464e3
3 changed files with 12 additions and 11 deletions
--- a/usr.bin/tip/tip/cmds.c
+++ b/usr.bin/tip/tip/cmds.c
@ -36,7 +36,7 @@
 static char sccsid[] = "@(#)cmds.c	8.1 (Berkeley) 6/6/93";
 #endif
 static const char rcsid[] =
-	"$Id: cmds.c,v 1.5 1997/08/25 05:02:09 imp Exp $";
+	"$Id: cmds.c,v 1.6 1997/08/26 10:25:16 eivind Exp $";
 #endif /* not lint */

 #include "tipconf.h"
@ -181,7 +181,7 @@ cu_take(cc)
 		printf("\r\n%s: cannot create\r\n", argv[1]);
 		return;
 	}
-	(void)sprintf(line, "cat %s ; echo \"\" ; echo ___tip_end_of_file_marker___", argv[0]);
+	(void)snprintf(line, sizeof(line), "cat %s ; echo \"\" ; echo ___tip_end_of_file_marker___", argv[0]);
 	xfer(line, fd, "\n___tip_end_of_file_marker___\n");
 }

@ -554,9 +554,9 @@ cu_put(cc)
 		return;
 	}
 	if (boolean(value(ECHOCHECK)))
-		sprintf(line, "cat>%s\r", argv[1]);
+		snprintf(line, sizeof(line), "cat>%s\r", argv[1]);
 	else
-		sprintf(line, "stty -echo;cat>%s;stty echo\r", argv[1]);
+		snprintf(line, sizeof(line), "stty -echo;cat>%s;stty echo\r", argv[1]);
 	transmit(fd, "\04", line);
 }

@ -1027,7 +1027,7 @@ expand(name)
 		/* signal(SIGINT, sigint) */
 		return(name);
 	}
-	sprintf(cmdbuf, "echo %s", name);
+	snprintf(cmdbuf, sizeof(cmdbuf), "echo %s", name);
 	if ((pid = vfork()) == 0) {
 		Shell = value(SHELL);
 		if (Shell == NOSTR)
--- a/usr.bin/tip/tip/cu.c
+++ b/usr.bin/tip/tip/cu.c
@ -36,7 +36,7 @@
 static char sccsid[] = "@(#)cu.c	8.1 (Berkeley) 6/6/93";
 #endif
 static const char rcsid[] =
-	"$Id$";
+	"$Id: cu.c,v 1.2 1997/08/18 07:16:02 charnier Exp $";
 #endif /* not lint */

 #include "tipconf.h"
@ -110,7 +110,7 @@ cumain(argc, argv)
 	 * The "cu" host name is used to define the
 	 * attributes of the generic dialer.
 	 */
-	(void)sprintf(sbuf, "cu%d", BR);
+	(void)snprintf(sbuf, sizeof(sbuf), "cu%d", BR);
 	if ((i = hunt(sbuf)) == 0) {
 		printf("all ports busy\n");
 		exit(3);
--- a/usr.bin/tip/tip/tip.c
+++ b/usr.bin/tip/tip/tip.c
@ -42,7 +42,7 @@ static const char copyright[] =
 static char sccsid[] = "@(#)tip.c	8.1 (Berkeley) 6/6/93";
 #endif
 static const char rcsid[] =
-	"$Id: tip.c,v 1.6 1997/08/26 10:25:19 eivind Exp $";
+	"$Id: tip.c,v 1.7 1997/09/18 14:07:17 phk Exp $";
 #endif /* not lint */

 /*
@ -153,13 +153,13 @@ main(argc, argv)
 	 * Copy the number then stomp on the original (in case the number
 	 *	is private, we don't want 'ps' or 'w' to find it).
 	 */
-	if (strlen(system) > sizeof PNbuf - 1)
+	if (strlen(system) > sizeof(PNbuf - 1))
 		errx(1, "phone number too long (max = %d bytes)", sizeof PNbuf - 1);
-	strncpy( PNbuf, system, sizeof PNbuf - 1 );
+	strncpy(PNbuf, system, sizeof(PNbuf - 1));
 	for (p = system; *p; p++)
 		*p = '\0';
 	PN = PNbuf;
-	(void)sprintf(sbuf, "tip%ld", BR);
+	(void)snprintf(sbuf, sizeof(sbuf), "tip%ld", BR);
 	system = sbuf;

 notnumber:
@ -333,6 +333,7 @@ daemon_uid()
 void
 shell_uid()
 {
+	setegid(gid);
 	seteuid(uid);
 }