diff options
| author | Todd C. Miller <millert@cvs.openbsd.org> | 2005-07-11 14:08:24 +0000 |
|---|---|---|
| committer | Todd C. Miller <millert@cvs.openbsd.org> | 2005-07-11 14:08:24 +0000 |
| commit | 2dcbb773053bd3117476de70b5a9dd09ad4cb213 (patch) | |
| tree | 105d7e2dade6d7968b93b87d7b48b54787c326bd | |
| parent | 0028972652d166a71475cf36abc314465eee5b37 (diff) | |
Fix off-by-one bug in readtty() and don't assume BUFSIZ == 1024.
Based on a patch from Ulf Harnhammar.
| -rw-r--r-- | usr.bin/mail/list.c | 7 | ||||
| -rw-r--r-- | usr.bin/mail/tty.c | 13 |
2 files changed, 9 insertions, 11 deletions
diff --git a/usr.bin/mail/list.c b/usr.bin/mail/list.c index 4bfaff919b0..3c53d7fcf6d 100644 --- a/usr.bin/mail/list.c +++ b/usr.bin/mail/list.c @@ -1,4 +1,4 @@ -/* $OpenBSD: list.c,v 1.15 2004/09/15 22:21:40 deraadt Exp $ */ +/* $OpenBSD: list.c,v 1.16 2005/07/11 14:08:23 millert Exp $ */ /* $NetBSD: list.c,v 1.7 1997/07/09 05:23:36 mikel Exp $ */ /* @@ -34,7 +34,7 @@ #if 0 static const char sccsid[] = "@(#)list.c 8.4 (Berkeley) 5/1/95"; #else -static const char rcsid[] = "$OpenBSD: list.c,v 1.15 2004/09/15 22:21:40 deraadt Exp $"; +static const char rcsid[] = "$OpenBSD: list.c,v 1.16 2005/07/11 14:08:23 millert Exp $"; #endif #endif /* not lint */ @@ -543,7 +543,8 @@ scan(char **sp) lexnumber = 0; while (isdigit(c)) { lexnumber = lexnumber*10 + c - '0'; - *cp2++ = c; + if (cp2 - lexstring < STRINGLEN - 1) + *cp2++ = c; c = *cp++; } *cp2 = '\0'; diff --git a/usr.bin/mail/tty.c b/usr.bin/mail/tty.c index e647002e5e6..a4eb1c1c9b8 100644 --- a/usr.bin/mail/tty.c +++ b/usr.bin/mail/tty.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tty.c,v 1.17 2003/06/03 02:56:11 millert Exp $ */ +/* $OpenBSD: tty.c,v 1.18 2005/07/11 14:08:23 millert Exp $ */ /* $NetBSD: tty.c,v 1.7 1997/07/09 05:25:46 mikel Exp $ */ /* @@ -34,7 +34,7 @@ #if 0 static const char sccsid[] = "@(#)tty.c 8.2 (Berkeley) 4/20/95"; #else -static const char rcsid[] = "$OpenBSD: tty.c,v 1.17 2003/06/03 02:56:11 millert Exp $"; +static const char rcsid[] = "$OpenBSD: tty.c,v 1.18 2005/07/11 14:08:23 millert Exp $"; #endif #endif /* not lint */ @@ -191,7 +191,7 @@ readtty(char *pr, char *src) fputs(pr, stdout); fflush(stdout); - if (src != NULL && strlen(src) > BUFSIZ - 2) { + if (src != NULL && strlen(src) > sizeof(canonb) - 2) { puts("too long to edit"); return(src); } @@ -216,10 +216,6 @@ readtty(char *pr, char *src) cp = canonb; *cp = 0; #endif - cp2 = cp; - while (cp2 < canonb + BUFSIZ) - *cp2++ = 0; - cp2 = cp; sigemptyset(&act.sa_mask); act.sa_flags = 0; /* Note: will not restart syscalls */ act.sa_handler = ttyint; @@ -230,7 +226,8 @@ readtty(char *pr, char *src) (void)sigaction(SIGTTIN, &act, NULL); (void)sigprocmask(SIG_UNBLOCK, &intset, &oset); clearerr(stdin); - while (cp2 < canonb + BUFSIZ) { + memset(cp, 0, canonb + sizeof(canonb) - cp); + for (cp2 = cp; cp2 < canonb + sizeof(canonb) - 1; ) { c = getc(stdin); switch (ttysignal) { case SIGINT: |