Protect from stack overrun via /etc/ttys, which could possibly allow a

root user to change the securelevel. Pointed out by Thomas H. Ptacek <tqbf@enteract.com>.
1997-02-19 08:04:58 +00:00 · 1997-02-19 08:04:58 +00:00 · d71873490f
commit d71873490f
parent ebf34cb494
1 changed files with 2 additions and 2 deletions
--- a/sbin/init/init.c
+++ b/sbin/init/init.c
@ -1089,7 +1089,7 @@ start_window_system(sp)
 	if (sp->se_type) {
 		/* Don't use malloc after fork */
 		strcpy(term, "TERM=");
-		strcat(term, sp->se_type);
+		strncat(term, sp->se_type, sizeof(term) - 6);
 		env[0] = term;
 		env[1] = 0;
 	}
@ -1154,7 +1154,7 @@ start_getty(sp)
 	if (sp->se_type) {
 		/* Don't use malloc after fork */
 		strcpy(term, "TERM=");
-		strcat(term, sp->se_type);
+		strncat(term, sp->se_type, sizeof(term) - 6);
 		env[0] = term;
 		env[1] = 0;
 	}