Re-order terms to avoid potential pointer overflow, and remove one

more potential buffer overflow. Submitted by: bde
1997-03-18 16:09:27 +00:00 · 1997-03-18 16:09:27 +00:00 · 43ec585267
commit 43ec585267
parent 753da60320
1 changed files with 7 additions and 2 deletions
--- a/lib/libtermcap/tgoto.c
+++ b/lib/libtermcap/tgoto.c
@ -174,7 +174,12 @@ casedot:
 					 * to be the successor of tab.
 					 */
 					do {
-						strcat(added, oncol ? (BC ? BC : "\b") : UP);
+						const char *extra;
+
+						extra = oncol ? (BC ? BC : "\b") : UP;
+						if (strlen(added) + strlen(extra) >= 10)
+							return ("OVERFLOW");
+						strcat(added, extra);
 						which++;
 					} while (which == '\n');
 			}
@ -215,7 +220,7 @@ casedot:
 			goto toohard;
 		}
 	}
-	if (dp+strlen(added)+1 > &result[MAXRETURNSIZE])
+	if (strlen(added) >= &result[MAXRETURNSIZE] - dp)
 		return ("OVERFLOW");
 	strcpy(dp, added);
 	return (result);