Fix two possible non-exploitable buffer overflows.

Thanks to: A friend at Sun auditing dump/restore for Solaris.
This commit is contained in:
Warner Losh 1998-12-16 04:48:00 +00:00
parent a207266e91
commit e254596824

View File

@ -36,7 +36,7 @@
static char sccsid[] = "@(#)interactive.c 8.5 (Berkeley) 5/1/95";
#endif
static const char rcsid[] =
"$Id: interactive.c,v 1.5 1998/07/28 06:20:08 charnier Exp $";
"$Id: interactive.c,v 1.6 1998/09/17 20:18:11 imp Exp $";
#endif /* not lint */
#include <sys/param.h>
@ -343,7 +343,8 @@ getcmd(curdir, cmd, name, size, ap)
* If no argument, use curdir as the default.
*/
if (*cp == '\0') {
(void) strcpy(name, curdir);
(void) strncpy(name, curdir, size);
name[size - 1] = '\0';
return;
}
nextarg = cp;
@ -377,7 +378,8 @@ getcmd(curdir, cmd, name, size, ap)
ap->argcnt = ap->glob.gl_pathc;
retnext:
strcpy(name, ap->glob.gl_pathv[ap->glob.gl_pathc - ap->argcnt]);
strncpy(name, ap->glob.gl_pathv[ap->glob.gl_pathc - ap->argcnt], size);
name[size - 1] = '\0';
if (--ap->argcnt == 0) {
ap->freeglob = 0;
globfree(&ap->glob);