Fix many buffer overflows, correct usage of strcat and implement
$TAPE. Inspired by OpenBSD's work in this area. Reviewed by: Peter Wemm, Guido van Rooij and Jordan Hubbard. Obtained from: OpenBSD
This commit is contained in:
parent
aa01094fb0
commit
f5dcc2f1e6
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=21409
@ -219,7 +219,7 @@ rmtopen(tape, mode)
|
||||
{
|
||||
char buf[256];
|
||||
|
||||
(void)sprintf(buf, "O%s\n%d\n", tape, mode);
|
||||
(void)snprintf(buf, sizeof (buf), "O%.226s\n%d\n", tape, mode);
|
||||
rmtstate = TS_OPEN;
|
||||
return (rmtcall(tape, buf));
|
||||
}
|
||||
@ -243,7 +243,7 @@ rmtread(buf, count)
|
||||
int n, i, cc;
|
||||
extern errno;
|
||||
|
||||
(void)sprintf(line, "R%d\n", count);
|
||||
(void)snprintf(line, sizeof (line), "R%d\n", count);
|
||||
n = rmtcall("read", line);
|
||||
if (n < 0) {
|
||||
errno = n;
|
||||
@ -265,7 +265,7 @@ rmtwrite(buf, count)
|
||||
{
|
||||
char line[30];
|
||||
|
||||
(void)sprintf(line, "W%d\n", count);
|
||||
(void)snprintf(line, sizeof (line), "W%d\n", count);
|
||||
write(rmtape, line, strlen(line));
|
||||
write(rmtape, buf, count);
|
||||
return (rmtreply("write"));
|
||||
@ -277,7 +277,7 @@ rmtwrite0(count)
|
||||
{
|
||||
char line[30];
|
||||
|
||||
(void)sprintf(line, "W%d\n", count);
|
||||
(void)snprintf(line, sizeof (line), "W%d\n", count);
|
||||
write(rmtape, line, strlen(line));
|
||||
}
|
||||
|
||||
@ -303,7 +303,7 @@ rmtseek(offset, pos)
|
||||
{
|
||||
char line[80];
|
||||
|
||||
(void)sprintf(line, "L%d\n%d\n", offset, pos);
|
||||
(void)snprintf(line, sizeof (line), "L%d\n%d\n", offset, pos);
|
||||
return (rmtcall("seek", line));
|
||||
}
|
||||
|
||||
@ -331,7 +331,7 @@ rmtioctl(cmd, count)
|
||||
|
||||
if (count < 0)
|
||||
return (-1);
|
||||
(void)sprintf(buf, "I%d\n%d\n", cmd, count);
|
||||
(void)snprintf(buf, sizeof (buf), "I%d\n%d\n", cmd, count);
|
||||
return (rmtcall("ioctl", buf));
|
||||
}
|
||||
|
||||
|
@ -105,7 +105,8 @@ main(argc, argv)
|
||||
(void)time((time_t *)&spcl.c_date);
|
||||
|
||||
tsize = 0; /* Default later, based on 'c' option for cart tapes */
|
||||
tape = _PATH_DEFTAPE;
|
||||
if ((tape = getenv("TAPE")) == NULL)
|
||||
tape = _PATH_DEFTAPE;
|
||||
dumpdates = _PATH_DUMPDATES;
|
||||
temp = _PATH_DTMP;
|
||||
if (TP_BSIZE / DEV_BSIZE == 0 || TP_BSIZE % DEV_BSIZE != 0)
|
||||
@ -256,6 +257,10 @@ main(argc, argv)
|
||||
tape = index(host, ':');
|
||||
*tape++ = '\0';
|
||||
#ifdef RDUMP
|
||||
if (index(tape, "\n") {
|
||||
(void)fprintf(stderr, "invalid characters in tape\n");
|
||||
exit(X_ABORT);
|
||||
}
|
||||
if (rmthost(host) == 0)
|
||||
exit(X_ABORT);
|
||||
#else
|
||||
@ -298,6 +303,8 @@ main(argc, argv)
|
||||
(void)strncpy(spcl.c_filesys, "an unlisted file system",
|
||||
NAMELEN);
|
||||
}
|
||||
spcl.c_dev[NAMELEN-1]='\0';
|
||||
spcl.c_filesys[NAMELEN-1]='\0';
|
||||
(void)strcpy(spcl.c_label, "none");
|
||||
(void)gethostname(spcl.c_host, NAMELEN);
|
||||
spcl.c_level = level - '0';
|
||||
@ -556,9 +563,10 @@ rawname(cp)
|
||||
return (NULL);
|
||||
*dp = '\0';
|
||||
(void)strncpy(rawbuf, cp, MAXPATHLEN - 1);
|
||||
rawbuf[MAXPATHLEN-1] = '\0';
|
||||
*dp = '/';
|
||||
(void)strncat(rawbuf, "/r", MAXPATHLEN-1 - strlen(rawbuf));
|
||||
(void)strncat(rawbuf, dp + 1, MAXPATHLEN-1 - strlen(rawbuf));
|
||||
(void)strncat(rawbuf, "/r", MAXPATHLEN - 1 - strlen(rawbuf));
|
||||
(void)strncat(rawbuf, dp + 1, MAXPATHLEN - 1 - strlen(rawbuf));
|
||||
return (rawbuf);
|
||||
}
|
||||
|
||||
|
@ -244,13 +244,13 @@ static void
|
||||
sendmes(tty, message)
|
||||
char *tty, *message;
|
||||
{
|
||||
char t[50], buf[BUFSIZ];
|
||||
char t[MAXPATHLEN], buf[BUFSIZ];
|
||||
register char *cp;
|
||||
int lmsg = 1;
|
||||
FILE *f_tty;
|
||||
|
||||
(void) strcpy(t, _PATH_DEV);
|
||||
(void) strcat(t, tty);
|
||||
(void) strncat(t, tty, sizeof t - strlen(_PATH_DEV) - 1);
|
||||
|
||||
if ((f_tty = fopen(t, "w")) != NULL) {
|
||||
setbuf(f_tty, buf);
|
||||
|
Loading…
Reference in New Issue
Block a user