summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorbitblt <bitblt@cvs.openbsd.org>2000-02-20 17:45:35 +0000
committerbitblt <bitblt@cvs.openbsd.org>2000-02-20 17:45:35 +0000
commit3620db032ec70a5f23528072a5c773d5ec84eaf3 (patch)
tree4b64649e3e08f3fba01f91ebfa36c72f9c8ab7b8
parent7a8036fc7adbbe3afa09cb04240cec4714465922 (diff)
string manipluation paranoia changes. Most probably not exploitable.
-rw-r--r--usr.sbin/mopd/common/device.c16
-rw-r--r--usr.sbin/mopd/common/pf.c10
-rw-r--r--usr.sbin/mopd/mopd/process.c15
-rw-r--r--usr.sbin/mopd/otherOS/pf-linux2.c13
-rw-r--r--usr.sbin/mopd/otherOS/pf-snit.c10
5 files changed, 37 insertions, 27 deletions
diff --git a/usr.sbin/mopd/common/device.c b/usr.sbin/mopd/common/device.c
index 7d653ec63fb..88bac90f00e 100644
--- a/usr.sbin/mopd/common/device.c
+++ b/usr.sbin/mopd/common/device.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: device.c,v 1.3 1999/03/27 14:31:21 maja Exp $ */
+/* $OpenBSD: device.c,v 1.4 2000/02/20 17:45:33 bitblt Exp $ */
/*
* Copyright (c) 1993-95 Mats O Jansson. All rights reserved.
@@ -30,7 +30,7 @@
*/
#ifndef LINT
-static char rcsid[] = "$OpenBSD: device.c,v 1.3 1999/03/27 14:31:21 maja Exp $";
+static char rcsid[] = "$OpenBSD: device.c,v 1.4 2000/02/20 17:45:33 bitblt Exp $";
#endif
#include "os.h"
@@ -113,7 +113,8 @@ deviceOpen(ifname, proto, trans)
{
struct if_info *p, tmp;
- strcpy(tmp.if_name,ifname);
+ strncpy(tmp.if_name,ifname,sizeof(tmp.if_name) - 1);
+ tmp.if_name[sizeof(tmp.if_name)] = 0;
tmp.iopen = pfInit;
switch (proto) {
@@ -140,7 +141,8 @@ deviceOpen(ifname, proto, trans)
p->next = iflist;
iflist = p;
- strcpy(p->if_name,tmp.if_name);
+ strncpy(p->if_name,tmp.if_name, IFNAME_SIZE -1);
+ p->if_name[IFNAME_SIZE -1] = 0;
p->iopen = tmp.iopen;
p->write = pfWrite;
p->read = tmp.read;
@@ -197,12 +199,12 @@ deviceInitOne(ifname)
if ((strlen(dev) == 2) &&
(dev[0] == 'e') &&
((dev[1] == 'n') || (dev[1] == 't'))) {
- sprintf(interface,"ent%d\0",unit);
+ snprintf(interface,sizeof(interface),"ent%d\0",unit);
} else {
- sprintf(interface,"%s%d\0",dev,unit);
+ snprintf(interface,sizeof(interface),"%s%d\0",dev,unit);
}
#else
- sprintf(interface,"%s",ifname);
+ snprintf(interface,sizeof(interface),"%s",ifname);
#endif /* _AIX */
/* Ok, init it just once */
diff --git a/usr.sbin/mopd/common/pf.c b/usr.sbin/mopd/common/pf.c
index ae3ab6d86d4..377f07b4037 100644
--- a/usr.sbin/mopd/common/pf.c
+++ b/usr.sbin/mopd/common/pf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf.c,v 1.3 1997/08/18 03:11:31 millert Exp $ */
+/* $OpenBSD: pf.c,v 1.4 2000/02/20 17:45:33 bitblt Exp $ */
/*
* Copyright (c) 1993-95 Mats O Jansson. All rights reserved.
@@ -34,7 +34,7 @@
*/
#ifndef LINT
-static char rcsid[] = "$OpenBSD: pf.c,v 1.3 1997/08/18 03:11:31 millert Exp $";
+static char rcsid[] = "$OpenBSD: pf.c,v 1.4 2000/02/20 17:45:33 bitblt Exp $";
#endif
#include <stdio.h>
@@ -176,7 +176,8 @@ pfAddMulti(s, interface, addr)
struct ifreq ifr;
int fd;
- strcpy(ifr.ifr_name, interface);
+ strncpy(ifr.ifr_name, interface,sizeof(ifr.ifr_name) - 1);
+ ifr.ifr_name[sizeof(ifr.ifr_name)] = 0;
ifr.ifr_addr.sa_family = AF_UNSPEC;
bcopy(addr, ifr.ifr_addr.sa_data, 6);
@@ -211,7 +212,8 @@ pfDelMulti(s, interface, addr)
struct ifreq ifr;
int fd;
- strcpy(ifr.ifr_name, interface);
+ strncpy(ifr.ifr_name, interface, sizeof (ifr.ifr_name) - 1);
+ ifr.ifr_name[sizeof(ifr.ifr_name)] = 0;
ifr.ifr_addr.sa_family = AF_UNSPEC;
bcopy(addr, ifr.ifr_addr.sa_data, 6);
diff --git a/usr.sbin/mopd/mopd/process.c b/usr.sbin/mopd/mopd/process.c
index af1d253f235..d3f19ae6893 100644
--- a/usr.sbin/mopd/mopd/process.c
+++ b/usr.sbin/mopd/mopd/process.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: process.c,v 1.2 1996/09/21 19:12:26 maja Exp $ */
+/* $OpenBSD: process.c,v 1.3 2000/02/20 17:45:34 bitblt Exp $ */
/*
* Copyright (c) 1993-95 Mats O Jansson. All rights reserved.
@@ -30,7 +30,7 @@
*/
#ifndef LINT
-static char rcsid[] = "$OpenBSD: process.c,v 1.2 1996/09/21 19:12:26 maja Exp $";
+static char rcsid[] = "$OpenBSD: process.c,v 1.3 2000/02/20 17:45:34 bitblt Exp $";
#endif
#include "os.h"
@@ -350,7 +350,7 @@ mopNextLoad(dst, src, new_count, trans)
close(dllist[slot].ldfd);
dllist[slot].ldfd = 0;
dllist[slot].status = DL_STATUS_FREE;
- sprintf(line,
+ snprintf(line,sizeof(line),
"%x:%x:%x:%x:%x:%x Load completed",
dst[0],dst[1],dst[2],dst[3],dst[4],dst[5]);
syslog(LOG_INFO, line);
@@ -513,17 +513,18 @@ mopProcessDL(fd, ii, pkt, index, dst, src, trans, len)
bcopy((char *)src, (char *)(dl_rpr->eaddr), 6);
mopProcessInfo(pkt,index,moplen,dl_rpr,trans);
- sprintf(filename,"%s/%s.SYS", MOP_FILE_PATH, pfile);
+ snprintf(filename,sizeof(filename),
+ "%s/%s.SYS", MOP_FILE_PATH, pfile);
if ((mopCmpEAddr(dst,dl_mcst) == 0)) {
if ((nfd = open(filename, O_RDONLY, 0)) != -1) {
close(nfd);
mopSendASV(src, ii->eaddr, ii, trans);
- sprintf(line,
+ snprintf(line,sizeof(line),
"%x:%x:%x:%x:%x:%x (%d) Do you have %s? (Yes)",
src[0],src[1],src[2],
src[3],src[4],src[5],trans,pfile);
} else {
- sprintf(line,
+ snprintf(line,sizeof(line),
"%x:%x:%x:%x:%x:%x (%d) Do you have %s? (No)",
src[0],src[1],src[2],
src[3],src[4],src[5],trans,pfile);
@@ -533,7 +534,7 @@ mopProcessDL(fd, ii, pkt, index, dst, src, trans, len)
if ((mopCmpEAddr(dst,ii->eaddr) == 0)) {
dl_rpr->ldfd = open(filename, O_RDONLY, 0);
mopStartLoad(src, ii->eaddr, dl_rpr, trans);
- sprintf(line,
+ snprintf(line,sizeof(line),
"%x:%x:%x:%x:%x:%x Send me %s",
src[0],src[1],src[2],
src[3],src[4],src[5],pfile);
diff --git a/usr.sbin/mopd/otherOS/pf-linux2.c b/usr.sbin/mopd/otherOS/pf-linux2.c
index de05c43e410..572d0075cc9 100644
--- a/usr.sbin/mopd/otherOS/pf-linux2.c
+++ b/usr.sbin/mopd/otherOS/pf-linux2.c
@@ -14,8 +14,8 @@
* Supports:
* Linux SOCK_PACKET
*
- * $Author: maja $
- * $Revision: 1.1 $
+ * $Author: bitblt $
+ * $Revision: 1.2 $
*
*
* Modified for use with the linux-mopd port by Karl Maftoum
@@ -153,7 +153,8 @@ int s;
char *interface;
u_char *addr;
{
- strcpy(ifr.ifr_name, interface);
+ strncpy(ifr.ifr_name, interface, sizeof (ifr.ifr_name) -1);
+ ifr.ifr_name[sizeof(ifr.ifr_name)] = 0;
ifr.ifr_addr.sa_family = AF_INET;
if (ioctl(s, SIOCGIFHWADDR, &ifr) < 0) {
perror("SIOCGIFHWADDR");
@@ -176,7 +177,8 @@ u_char *addr;
{
int sock;
- strcpy(ifr.ifr_name, interface);
+ strncpy(ifr.ifr_name, interface, sizeof (ifr.ifr_name) - 1);
+ ifr.ifr_name[sizeof(ifr.ifr_name)] = 0;
ifr.ifr_addr.sa_family = AF_UNSPEC;
bcopy((char *)addr, ifr.ifr_addr.sa_data, 6);
@@ -212,7 +214,8 @@ u_char *addr;
{
int sock;
- strcpy(ifr.ifr_name, interface);
+ strncpy(ifr.ifr_name, interface, sizeof (ifr.ifr_name) - 1);
+ ifr.ifr_name[sizeof(ifr.ifr_name)] = 0;
ifr.ifr_addr.sa_family = AF_UNSPEC;
bcopy((char *)addr, ifr.ifr_addr.sa_data, 6);
diff --git a/usr.sbin/mopd/otherOS/pf-snit.c b/usr.sbin/mopd/otherOS/pf-snit.c
index 35f48c07ca5..329e0edeafd 100644
--- a/usr.sbin/mopd/otherOS/pf-snit.c
+++ b/usr.sbin/mopd/otherOS/pf-snit.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf-snit.c,v 1.2 1996/09/21 19:12:50 maja Exp $ */
+/* $OpenBSD: pf-snit.c,v 1.3 2000/02/20 17:45:34 bitblt Exp $ */
/*
* Copyright (c) 1993-96 Mats O Jansson. All rights reserved.
@@ -30,7 +30,7 @@
*/
#ifndef LINT
-static char rcsid[] = "$OpenBSD: pf-snit.c,v 1.2 1996/09/21 19:12:50 maja Exp $";
+static char rcsid[] = "$OpenBSD: pf-snit.c,v 1.3 2000/02/20 17:45:34 bitblt Exp $";
#endif
#include <stdio.h>
@@ -239,7 +239,8 @@ pfAddMulti(s, interface, addr)
struct ifreq ifr;
int fd;
- strcpy(ifr.ifr_name, interface);
+ strncpy(ifr.ifr_name, interface, sizeof (ifr.ifr_name) -1);
+ ifr.ifr_name[sizeof(ifr.ifr_name)] = 0;
ifr.ifr_addr.sa_family = AF_UNSPEC;
bcopy(addr, ifr.ifr_addr.sa_data, 6);
@@ -274,7 +275,8 @@ char *interface, *addr;
struct ifreq ifr;
int fd;
- strcpy(ifr.ifr_name, interface);
+ strncpy(ifr.ifr_name, interface, sizeof (ifr.ifr_name) -1);
+ ifr.ifr_name[sizeof(ifr.ifr_name)] = 0;
ifr.ifr_addr.sa_family = AF_UNSPEC;
bcopy(addr, ifr.ifr_addr.sa_data, 6);