summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTheo de Raadt <deraadt@cvs.openbsd.org>1996-06-19 10:03:44 +0000
committerTheo de Raadt <deraadt@cvs.openbsd.org>1996-06-19 10:03:44 +0000
commita6b7a98425f17460635347cb76351f42ae626ed5 (patch)
tree0bedefe2daa8a430dbb13aec6aac7bc8500b54d7
parent6105ef566bcff4c293f661bec213a299207359ac (diff)
do not overflow term buffer, noted initially by darren reed. my own fix
-rw-r--r--usr.bin/rlogin/rlogin.c16
1 files changed, 13 insertions, 3 deletions
diff --git a/usr.bin/rlogin/rlogin.c b/usr.bin/rlogin/rlogin.c
index c1bb31ee08e..5f05baff7af 100644
--- a/usr.bin/rlogin/rlogin.c
+++ b/usr.bin/rlogin/rlogin.c
@@ -256,10 +256,20 @@ main(argc, argv)
exit(1);
}
- (void)strcpy(term, (p = getenv("TERM")) ? p : "network");
+ (void)strncpy(term, (p = getenv("TERM")) ? p : "network",
+ sizeof(term) - 1);
+ term[sizeof(term) - 1] = '\0';
+
+ /*
+ * Add "/baud" only if there is room left; ie. do not send "/19"
+ * for 19200 baud with a particularily long $TERM
+ */
if (tcgetattr(0, &tty) == 0) {
- (void)strcat(term, "/");
- (void)sprintf(term + strlen(term), "%d", cfgetospeed(&tty));
+ char baud[20]; /* more than enough.. */
+
+ (void)sprintf(baud, "/%d", cfgetospeed(&tty));
+ if (strlen(term) + strlen(baud) < sizeof(term) - 1)
+ (void)strcat(term, baud);
}
(void)get_window_size(0, &winsize);