d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Buffer overflow in wall(1).

Browse Source 
Revert r286102 and apply a cleaner fix.
Tested for overflows by FORTIFY_SOURCE GSoC (with clang).

Suggested by:	bde
Reviewed by:	Oliver Pinter
Tested by:	Oliver Pinter
MFC after:	3 days
This commit is contained in:
Pedro F. Giffuni 2015-08-01 01:29:55 +00:00
parent afd010c196
commit fc9ce3812d
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=286144
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
usr.bin/wall/ttymsg.c
View File

@ -62,7 +62,7 @@ ttymsg(struct iovec *iov, int iovcnt, const char *line, int tmout)
struct iovec localiov[7];
ssize_t left, wret;
int cnt, fd;
char device[MAXNAMLEN] = _PATH_DEV;
char device[MAXNAMLEN];
static char errbuf[1024];
char *p;
int forked;
@ -71,8 +71,9 @@ ttymsg(struct iovec *iov, int iovcnt, const char *line, int tmout)
if (iovcnt > (int)(sizeof(localiov) / sizeof(localiov[0])))
return ("too many iov's (change code in wall/ttymsg.c)");
strlcat(device, line, sizeof(device));
strlcpy(device, _PATH_DEV, sizeof(device));
p = device + sizeof(_PATH_DEV) - 1;
strlcpy(p, line, sizeof(device) - sizeof(_PATH_DEV));
if (strncmp(p, "pts/", 4) == 0)
p += 4;
if (strchr(p, '/') != NULL) {