diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2001-11-07 18:48:01 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2001-11-07 18:48:01 +0000 |
| commit | 62feb498dfb5f762dd9a7b26eddd2acbf9996682 (patch) | |
| tree | d01481fab4812f4fab7fecdbdfa30a45dafd4b23 | |
| parent | 8fa63265f6b93fdc4673195fd7bb08393223bc65 (diff) | |
avoid buffer overflows. when will people learn to use snprintf correctly
| -rw-r--r-- | usr.sbin/tcpdump/tcpdump.c | 39 |
1 files changed, 17 insertions, 22 deletions
diff --git a/usr.sbin/tcpdump/tcpdump.c b/usr.sbin/tcpdump/tcpdump.c index 7c081bacde8..e0592de2d25 100644 --- a/usr.sbin/tcpdump/tcpdump.c +++ b/usr.sbin/tcpdump/tcpdump.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tcpdump.c,v 1.24 2001/11/07 07:41:21 deraadt Exp $ */ +/* $OpenBSD: tcpdump.c,v 1.25 2001/11/07 18:48:00 deraadt Exp $ */ /* * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 @@ -26,7 +26,7 @@ static const char copyright[] = "@(#) Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997\n\ The Regents of the University of California. All rights reserved.\n"; static const char rcsid[] = - "@(#) $Header: /cvs/OpenBSD/src/usr.sbin/tcpdump/tcpdump.c,v 1.24 2001/11/07 07:41:21 deraadt Exp $ (LBL)"; + "@(#) $Header: /cvs/OpenBSD/src/usr.sbin/tcpdump/tcpdump.c,v 1.25 2001/11/07 18:48:00 deraadt Exp $ (LBL)"; #endif /* @@ -415,44 +415,39 @@ default_print_hexl(const u_char *cp, unsigned int length, unsigned int offset) { unsigned int i, j, jm; int c; - char ln[128]; + char ln[128], buf[128]; printf("\n"); for (i = 0; i < length; i += 0x10) { - snprintf(ln, - sizeof(ln), - " %04x: ", (unsigned int)(i + offset)); + snprintf(ln, sizeof(ln), " %04x: ", + (unsigned int)(i + offset)); jm = length - i; jm = jm > 16 ? 16 : jm; for (j = 0; j < jm; j++) { if ((j % 2) == 1) - snprintf(ln + strlen(ln), - sizeof(ln) - strlen(ln), - "%02x ", (unsigned int)cp[i+j]); + snprintf(buf, sizeof(buf), "%02x ", + (unsigned int)cp[i+j]); else - snprintf(ln + strlen(ln), - sizeof(ln) - strlen(ln), - "%02x", (unsigned int)cp[i+j]); + snprintf(buf, sizeof(buf), "%02x", + (unsigned int)cp[i+j]); + strlcat(ln, buf, sizeof ln); } for (; j < 16; j++) { if ((j % 2) == 1) - snprintf(ln + strlen(ln), - sizeof(ln) - strlen(ln), - " "); + snprintf(buf, sizeof buf, " "); else - snprintf(ln + strlen(ln), - sizeof(ln) - strlen(ln), - " "); + snprintf(buf, sizeof buf, " "); + strlcat(ln, buf, sizeof ln); } - snprintf(ln + strlen(ln), sizeof(ln) - strlen(ln), " "); + strlcat(ln, " ", sizeof ln); for (j = 0; j < jm; j++) { c = cp[i+j]; c = isprint(c) ? c : '.'; - snprintf(ln + strlen(ln), - sizeof(ln) - strlen(ln), - "%c", c); + buf[0] = c; + buf[1] = '\0'; + strlcat(ln, buf, sizeof ln); } printf("%s\n", ln); } |