Be a little bit more pestimistic in argument handling - check if we've

overflown our internal buffer (though after the fact), and s/strncpy/strlcpy/ Reviewed by: rodrigc Obtained from: Juniper Networks
2008-12-18 18:44:46 +00:00 · 2008-12-18 18:44:46 +00:00 · fce5f960ba
commit fce5f960ba
parent 5773d864f9
2 changed files with 8 additions and 2 deletions
--- a/sbin/mount/mount.c
+++ b/sbin/mount/mount.c
@ -68,6 +68,8 @@ static const char rcsid[] =
 #define MOUNT_META_OPTION_FSTAB		"fstab"
 #define MOUNT_META_OPTION_CURRENT	"current"

+#define	MAX_ARGS			100
+
 int debug, fstab_style, verbose;

 char   *catopt(char *, const char *);
@ -501,7 +503,7 @@ int
 mountfs(const char *vfstype, const char *spec, const char *name, int flags,
 	const char *options, const char *mntopts)
 {
-	char *argv[100];
+	char *argv[MAX_ARGS];
 	struct statfs sf;
 	int argc, i, ret;
 	char *optbuf, execname[PATH_MAX], mntpath[PATH_MAX];
@ -546,6 +548,10 @@ mountfs(const char *vfstype, const char *spec, const char *name, int flags,
 	argv[argc++] = strdup(name);
 	argv[argc] = NULL;

+	if (MAX_ARGS <= argc )
+		errx(1, "Cannot process more than %d mount arguments",
+		    MAX_ARGS);
+
 	if (debug) {
 		if (use_mountprog(vfstype))
 			printf("exec: mount_%s", vfstype);
--- a/sbin/mount/mount_fs.c
+++ b/sbin/mount/mount_fs.c
@ -88,7 +88,7 @@ mount_fs(const char *vfstype, int argc, char *argv[])
 	char *p, *val;
 	int ret;

-	strncpy(fstype, vfstype, sizeof(fstype));
+	strlcpy(fstype, vfstype, sizeof(fstype));
 	memset(errmsg, 0, sizeof(errmsg));

 	getmnt_silent = 1;