diff options
author | Jun-ichiro itojun Hagino <itojun@cvs.openbsd.org> | 2003-01-22 05:35:40 +0000 |
---|---|---|
committer | Jun-ichiro itojun Hagino <itojun@cvs.openbsd.org> | 2003-01-22 05:35:40 +0000 |
commit | a339c7a017413a2f1f5a7f715e08ea7ac918cf08 (patch) | |
tree | f462c0149f161c497cfb6698ad8969b2857df18c | |
parent | b087a93d0df98c48e68dd663b4ddd05b5dd26ac4 (diff) |
line2 may overrun if line is too long (> 200). be more careful on strcpy.
XXX strlen(argv[x]) should be checked before copies.
netbsd 1.18 -> 1.19, requested by David Krause
-rw-r--r-- | usr.bin/ftp/domacro.c | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/usr.bin/ftp/domacro.c b/usr.bin/ftp/domacro.c index e48146e8634..a55934b6cb1 100644 --- a/usr.bin/ftp/domacro.c +++ b/usr.bin/ftp/domacro.c @@ -1,4 +1,4 @@ -/* $OpenBSD: domacro.c,v 1.7 1997/07/25 21:56:19 millert Exp $ */ +/* $OpenBSD: domacro.c,v 1.8 2003/01/22 05:35:39 itojun Exp $ */ /* $NetBSD: domacro.c,v 1.10 1997/07/20 09:45:45 lukem Exp $ */ /* @@ -38,7 +38,7 @@ #if 0 static char sccsid[] = "@(#)domacro.c 8.3 (Berkeley) 4/2/94"; #else -static char rcsid[] = "$OpenBSD: domacro.c,v 1.7 1997/07/25 21:56:19 millert Exp $"; +static char rcsid[] = "$OpenBSD: domacro.c,v 1.8 2003/01/22 05:35:39 itojun Exp $"; #endif #endif /* not lint */ @@ -55,7 +55,7 @@ domacro(argc, argv) char *argv[]; { int i, j, count = 2, loopflg = 0; - char *cp1, *cp2, line2[200]; + char *cp1, *cp2, line2[FTPBUFLEN]; struct cmd *c; if (argc < 2 && !another(&argc, &argv, "macro name")) { @@ -73,7 +73,7 @@ domacro(argc, argv) code = -1; return; } - (void)strcpy(line2, line); + (void)strlcpy(line2, line, sizeof(line2)); TOP: cp1 = macros[i].mac_start; while (cp1 != macros[i].mac_end) { @@ -94,7 +94,8 @@ TOP: } cp1--; if (argc - 2 >= j) { - (void)strcpy(cp2, argv[j+1]); + (void)strlcpy(cp2, argv[j+1], + sizeof(line) - (cp2 - line)); cp2 += strlen(argv[j+1]); } break; @@ -103,7 +104,8 @@ TOP: loopflg = 1; cp1++; if (count < argc) { - (void)strcpy(cp2, argv[count]); + (void)strlcpy(cp2, argv[count], + sizeof(line) - (cp2 - line)); cp2 += strlen(argv[count]); } break; @@ -141,7 +143,7 @@ TOP: if (bell && c->c_bell) { (void)putc('\007', ttyout); } - (void)strcpy(line, line2); + (void)strlcpy(line, line2, sizeof(line)); makeargv(); argc = margc; argv = margv; |