summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTobias Weingartner <weingart@cvs.openbsd.org>1998-02-10 02:13:11 +0000
committerTobias Weingartner <weingart@cvs.openbsd.org>1998-02-10 02:13:11 +0000
commit5a128d9185ebdbfaba6477a99ad2db8d96f11b15 (patch)
tree146b1662efd8fe616f1d455f5c7ee6ef0a5e3533
parent020e22c60af19d8d3c26eb178ce4a826398a45c3 (diff)
Fix buffer overflows in quote1(), clear line buffer
before use. Hopefully, this is the last of the PR# 406 stuff that this will need.
-rw-r--r--usr.bin/ftp/cmds.c37
-rw-r--r--usr.bin/ftp/ftp.c5
2 files changed, 30 insertions, 12 deletions
diff --git a/usr.bin/ftp/cmds.c b/usr.bin/ftp/cmds.c
index 73753b8c847..aedb310027b 100644
--- a/usr.bin/ftp/cmds.c
+++ b/usr.bin/ftp/cmds.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cmds.c,v 1.25 1998/02/08 21:04:16 weingart Exp $ */
+/* $OpenBSD: cmds.c,v 1.26 1998/02/10 02:13:10 weingart Exp $ */
/* $NetBSD: cmds.c,v 1.27 1997/08/18 10:20:15 lukem Exp $ */
/*
@@ -38,7 +38,7 @@
#if 0
static char sccsid[] = "@(#)cmds.c 8.6 (Berkeley) 10/9/94";
#else
-static char rcsid[] = "$OpenBSD: cmds.c,v 1.25 1998/02/08 21:04:16 weingart Exp $";
+static char rcsid[] = "$OpenBSD: cmds.c,v 1.26 1998/02/10 02:13:10 weingart Exp $";
#endif
#endif /* not lint */
@@ -1431,7 +1431,7 @@ site(argc, argv)
code = -1;
return;
}
- quote1("SITE ", argc, argv);
+ quote1("SITE", argc, argv);
}
/*
@@ -1450,15 +1450,32 @@ quote1(initial, argc, argv)
(void)strncpy(buf, initial, sizeof(buf) - 1);
buf[sizeof(buf) - 1] = '\0';
if (argc > 1) {
- len = strlen(buf);
- len += strlen(strncpy(&buf[len], argv[1],
- sizeof(buf) - len - 1));
- for (i = 2; i < argc && len < sizeof(buf); i++) {
- buf[len++] = ' ';
- len += strlen(strncpy(&buf[len], argv[i],
- sizeof(buf) - len - 1));
+ for (i = 1, len = strlen(buf); i < argc && len < sizeof(buf)-1; i++) {
+
+ /* Sanity check */
+ if (len >= sizeof(buf) - 1)
+ break;
+
+ /* Space for next arg */
+ if (len > 1)
+ buf[len++] = ' ';
+
+ /* Sanity check */
+ if (len >= sizeof(buf) - 1)
+ break;
+
+ /* Copy next argument, NULL terminate always */
+ strncpy(&buf[len], argv[i], sizeof(buf) - len - 1);
+ buf[sizeof(buf) - 1] = '\0';
+
+ /* Update string length */
+ len = strlen(buf);
}
}
+
+ /* Make double (tripple?) sure the sucker is NULL terminated */
+ buf[sizeof(buf) - 1] = '\0';
+
if (command(buf) == PRELIM) {
while (getreply(0) == PRELIM)
continue;
diff --git a/usr.bin/ftp/ftp.c b/usr.bin/ftp/ftp.c
index 29be2baeecf..342efadf7d0 100644
--- a/usr.bin/ftp/ftp.c
+++ b/usr.bin/ftp/ftp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ftp.c,v 1.24 1997/12/17 16:03:03 millert Exp $ */
+/* $OpenBSD: ftp.c,v 1.25 1998/02/10 02:13:10 weingart Exp $ */
/* $NetBSD: ftp.c,v 1.27 1997/08/18 10:20:23 lukem Exp $ */
/*
@@ -38,7 +38,7 @@
#if 0
static char sccsid[] = "@(#)ftp.c 8.6 (Berkeley) 10/27/94";
#else
-static char rcsid[] = "$OpenBSD: ftp.c,v 1.24 1997/12/17 16:03:03 millert Exp $";
+static char rcsid[] = "$OpenBSD: ftp.c,v 1.25 1998/02/10 02:13:10 weingart Exp $";
#endif
#endif /* not lint */
@@ -279,6 +279,7 @@ getreply(expecteof)
int pflag = 0;
char *cp, *pt = pasv;
+ memset(current_line, 0, sizeof(current_line));
oldintr = signal(SIGINT, cmdabort);
for (line = 0 ;; line++) {
dig = n = code = 0;