Use safer string handling.

Reviewed by: security-team
This commit is contained in:
Warner Losh 2008-04-03 20:37:38 +00:00
parent 22e5baf782
commit 52b370fe8e
2 changed files with 8 additions and 11 deletions

View File

@ -216,7 +216,7 @@ treescan(char *pname, ino_t ino, long (*todo)(char *, ino_t, int))
struct direct *dp;
int namelen;
long bpt;
char locname[MAXPATHLEN + 1];
char locname[MAXPATHLEN];
itp = inotablookup(ino);
if (itp == NULL) {
@ -235,9 +235,8 @@ treescan(char *pname, ino_t ino, long (*todo)(char *, ino_t, int))
* begin search through the directory
* skipping over "." and ".."
*/
(void) strncpy(locname, pname, sizeof(locname) - 1);
locname[sizeof(locname) - 1] = '\0';
(void) strncat(locname, "/", sizeof(locname) - strlen(locname));
(void) strlcpy(locname, pname, sizeof(locname));
(void) strlcat(locname, "/", sizeof(locname));
namelen = strlen(locname);
rst_seekdir(dirp, itp->t_seekpt, itp->t_seekpt);
dp = rst_readdir(dirp); /* "." */
@ -261,7 +260,7 @@ treescan(char *pname, ino_t ino, long (*todo)(char *, ino_t, int))
fprintf(stderr, "%s%s: name exceeds %d char\n",
locname, dp->d_name, sizeof(locname) - 1);
} else {
(void) strncat(locname, dp->d_name, (int)dp->d_namlen);
(void)strlcat(locname, dp->d_name, sizeof(locname));
treescan(locname, dp->d_ino, todo);
rst_seekdir(dirp, bpt, itp->t_seekpt);
}

View File

@ -502,7 +502,7 @@ printlist(char *name, char *basename)
struct afile single;
RST_DIR *dirp;
int entries, len, namelen;
char locname[MAXPATHLEN + 1];
char locname[MAXPATHLEN];
dp = pathsearch(name);
if (dp == NULL || (!dflag && TSTINO(dp->d_ino, dumpmap) == 0) ||
@ -533,8 +533,8 @@ printlist(char *name, char *basename)
fprintf(stderr, "%s:\n", name);
entries = 0;
listp = list;
(void) strncpy(locname, name, MAXPATHLEN);
(void) strncat(locname, "/", MAXPATHLEN);
(void)strlcpy(locname, name, MAXPATHLEN);
(void)strlcat(locname, "/", MAXPATHLEN);
namelen = strlen(locname);
while ((dp = rst_readdir(dirp))) {
if (dp == NULL)
@ -545,13 +545,11 @@ printlist(char *name, char *basename)
strcmp(dp->d_name, ".") == 0 ||
strcmp(dp->d_name, "..") == 0))
continue;
locname[namelen] = '\0';
if (namelen + dp->d_namlen >= MAXPATHLEN) {
fprintf(stderr, "%s%s: name exceeds %d char\n",
locname, dp->d_name, MAXPATHLEN);
} else {
(void) strncat(locname, dp->d_name,
(int)dp->d_namlen);
(void)strlcat(locname, dp->d_name, MAXPATHLEN);
mkentry(locname, dp, listp++);
entries++;
}